With the advent and adoption of cloud, SAM programs seemed unnecessary to organizations. This is because SAM has long been associated with avoiding software piracy and costly software audits. The scalable subscription model used by many cloud applications makes it simple to increase and pay for licenses, lessening the perceived need for SAM.
However, SAM programs are still pivotal in cloud environments, especially as instances of shadow IT grow. Aside from governance, SAM can help manage other risks brought on by shadow IT. Namely, security, compliance, and spend.
Shadow IT presents many security risks to organizations. When IT teams have no way to manage the use of these applications, they cannot ensure they are up-to-date with necessary patches. They also have no visibility into where data is being stored, or if it is encrypted. This can lead to data breach or leakage, as 18.1 percent of documents uploaded to cloud services contain private information. If an unsanctioned application has a vulnerability, this could be an easy entryway for a data breach.
Similarly, organizations in many industries are bound to regulatory compliance standards, such as the impending General Data Protection Regulation (GDPR), which imposes strict regulations on how data in the EU (or those companies that conduct business with clients in the EU) can be shared and stored. As IT teams amplify security in on-premises and cloud environments to ensure compliance, their lack of visibility into shadow IT could place them out of compliance, leading to crippling fines. For example, if an employee was storing restricted data on their own SaaS storage platform, this could lead to noncompliance with data regulations
SAM has always been focused on optimizing spend. Cloud use can offer savings, however it can also present companies with unforeseen costs. A common occurrence of this with shadow IT is when business units purchase a solution for the department without going through procurement channels. This leads to additional consumption that had not been accounted for in the budgets and doesn’t enable the procurement team to maximize volume discounts.