Ben Pippenger: Uncovering & Addressing Hidden SaaS Purchases
Cory Wheeler: Hello, hello, and welcome to SaaSMe Unfiltered: The SaaS Management Podcast, the show with give it to you straight, real life advice from pros knee deep and SaaS every single day, SAS management superheroes just like you.
Ashley Hickman: Thank you for joining us for another episode of SaaSMe Unfiltered: The SaaS Management Podcast. I'm Ashley Hickman, Manager of Customer Success at Zylo. Today, I'm bringing you a bonus episode for season one, where we have one of our co- founders Ben Pippenger, who sat down with our friends at SAP Concur to chat about the challenges of SaaS applications today. To give you a little bit of perspective, our research has found that the average organization has 323 SaaS apps and spends more than 65 million dollars a year. You may be thinking," What problems does this create? What can I do about it?" So in this episode, Ben will shed light on how you can gain visibility into your applications, understand what is being bought and used across your organization, alongside how to best manage that spend and optimize your stack. So again, enjoy this bonus episode of SaaSMe Unfiltered with our co- founder Ben and SAP Concur.
Jeanne Dion: Hi, I'm Jeanne Dion. I'm the Vice President of the Value Teams here at SAP Concur. And today, I have the distinct pleasure of having a conversation with Ben Pippenger, who is one of the founders of Zylo. Zylo is one of our partner innovation winners, and they provide unprecedented visibility actually into a customer's ecosystem surrounding IT purchases, specifically software asset management, which I know is a significant problem for some companies. So Ben, wouldn't you please go ahead and introduce yourself?
Ben Pippenger: Yeah. Hey, Jeanne. Thank you so much. I'm so excited to be on your podcast today and talking a little bit more about Zylo. As you mentioned, my name is Ben. I'm one of the co- founders of a company called Zylo. We are a SaaS management platform. To give a little history, we started our company about six years ago, really as the pioneers around SaaS management. And the reason we really started the business was we knew that there was a growing and escalating issue around the number of applications and the amount of money that companies were spending on SaaS applications. And so we went out to solve that problem. And really, what we've built is a platform and a system that organizations can use to, number one, organize and get visibility to all of the different SaaS applications that are being bought and used within an organization, number two, optimize those SaaS applications from both a licensing perspective, from a rationalization perspective, from an overall spend management perspective, and then lastly help with orchestration of those applications to automate and tie those applications and all that data together to get a good picture and create a system of record for SaaS software and how it's being used across your organization.
Jeanne Dion: As somebody who has had to pay for programs like that in a previous life, this is really intriguing to me, especially the way that business runs today. It's not just because of the pandemic, but we have a really big push within our customer bases around that employee initiated spend. People feel that they have the ability to pay for something or to buy something, and they use many different spend channels to do it. So with the way that businesses run today, and we see customers paying for things that really aren't necessarily part of a normal expense report or P- Card, or they're doing it one off, not opening up a PO, what are you seeing? Have things changed since you started the business? Has it gotten bigger, or are things still just ramping up?
Ben Pippenger: I love this question. One of the first integrations that we built at Zylo was into Concur, and we've had a longstanding app center relationship and partnership for that reason, because we knew the term shadow IT. If you've heard that term before, it gets different reactions based on who you're talking to. But some people think shadow IT is good. Some people think it's bad. Some people just call it employee led purchasing. But it's always been out there, right? It's always been a way that SaaS applications are purchased. It's one of the great things about SaaS, is that you can go try these best of breed applications, a lot of times for free, and put a credit card in and turn into a paying customer and use some of these great tools that are out there. But to answer your question directly, we see, on average, across our customer base, we see about 300 or a little over 320 applications in use. And that varies as you go up into larger enterprise. We see over a thousand applications oftentimes in the larger companies. And across those 323 apps, that's about 65 million dollars in SaaS spend per company, per customer on average annually. But there's a lot of apps out there. There's a lot of money going towards those applications. And when you think about how that relates directly back to how people are buying those applications, employee expense is a big part of that. It's even a bigger part when you think about just the number of apps that are being pushed through expense reports. About 30, 37% of applications that are bought are bought by employees or employee led purchases on expense reports or P- Cards. And that accounts for about 7% of the overall spend. So 7% of that 65 million dollars is coming through employee spend. So you can see the percentages are higher for the number of apps versus the spend, just because typically those larger dollar apps are going through the PO process and those sorts of things. But it is definitely a problem. And it's definitely something that people do need to get their visibility around to know what's going on.
Jeanne Dion: I love the term shadow IT, because that really what it is. It's lurking in the shadows. We don't really have a clear picture of it. It's kind of hidden, but hidden in plain sight. So I want to set a baseline, though, for everybody who's talking, and perhaps you can help me with this. We talk about the 320 apps. Are we talking about apps that people download on their phone through an app store? Are we talking about things that they're just purchasing online? Are we talking about some of the larger applications that might be able to be used in a business perspective with a license, but now have moved more to that consumer driven model, or is it all of that?
Ben Pippenger: The 320, those would be software as a service applications, so SaaS applications that are delivered over the internet. That can be everything from a large purchase, like a Salesforce, something along those lines, to something that employees are purchasing on their own, like a Miro, where they're out swiping a credit card and buying those applications on their own. It runs the gamut there. It's across the board.
Jeanne Dion: Perfect. Yeah. I just wanted to set that baseline so that everybody's singing from the same song sheet here. So when we look at that idea that 37% of those purchases are employee led spend, that employee initiated spend, we see a lot of that. And the employee initiated spend does end up on expense reports primarily. But you are not just looking at expense reports, are you? Are you providing a single source of truth across multiple platforms where these might be hiding?
Ben Pippenger: For sure. Yeah. And expense reports are a great area of discovery for us. That's oftentimes where the unknown lives, because usually those purchases haven't gone through a purchasing process or an approval process, other than someone approved the expense report for payment back to the employee. So we also hook into more traditional purchasing flows as well. So you think about the normal PO process or the normal way you're paying your vendors through your ERP system. We're plugging into all of those areas, where we really truly find 100% of the SaaS applications that are being bought across your organization, regardless if they're going through expense or through the normal purchasing channels. So, yeah, we pride ourselves on giving customers a hundred percent visibility to all SaaS applications that are being bought and bringing it together into a system that makes sense of it all, too. So it's important that when we find it, we've got to... We call it our Zibrary. That's the Zylo library of applications. It's about 20, 000 applications that we're running discovery against. And we bring to the table then data about those apps, so what that app does, categorization, functionality, so that not only are we finding it, but we're helping you understand, well, who bought it, what department's responsible for it, how much are we spending on it, and what does that app do or what is the actual capabilities and functionality of that application?
Jeanne Dion: So it's really a one- stop shop for anybody who may... It eliminates that idea of having to search around to figure out what it does, who bought it, why they bought it, why it might be important to them. It brings it all right there, in addition to understanding how much was spent on that particular SaaS product.
Ben Pippenger: Exactly. Yeah. How much, and then what do we do, right? There's a lot of waste. There's a lot of potential security risks that are introduced by people using these applications and uploading sensitive data there, and then helping people not only get the visibility, but then how do we solve these problems, right? How do we remove risk from our environment?
Jeanne Dion: So when I put on my procurement hat, I think a little bit about misclassification and I think about that hidden spend that hides in places where this is listed, like a subscription or dues or fees. When you are looking for this within an organization, across multiple platforms, how are you looking for this? Is it through that categorization and name recognition of what's out there, or are there other ways that you're using?
Ben Pippenger: We invested early in building out an algorithm that essentially goes through the individual line item details of both what an employee is putting into an expense report, so both the charge name as well as the description that they're entering into their expense report, and also goes through the line item details within an ERP system to really uncover what was purchased, what that employee was actually buying. And so the system is very smart. It's seen a lot of data to be able to process through all that and accurately represent those software titles back into our application. Then we, of course, rationalize all that data and normalize it so that it's standard as you're looking inside of the Zylo platform.
Jeanne Dion: When I think about this then, we've got the employee initiated spend. We give employees freedom to purchase without having to go through a larger process. And there are some customers who really like that, right? There are some organizations that really love that visibility plus the freedom of choice, but I'm sure there are going to be some customers who are saying," What's the big deal? We have people who are purchasing like this all the time. I don't understand why it's important to us." If you could talk to me a little bit about the importance around this, is it tied to compliance? Is it tied to security and risk? What's the importance for knowing why these things are in your system and why people are using them?
Ben Pippenger: Totally. And really, it's all the above. There's security risks. There's compliance risks. There's spend risks. There's employee productivity issues that can come from this. Some of our data shows that within the average large organization, 90 SaaS applications are purchased by more than one employee. You just think about the wasted time and wasted spend there just on that one stat alone, where you've got a whole bunch of apps that are just being... individuals are out going and buying on their own. So what results in that? Well, they're probably agreeing to some sort of click wrap agreement that no one's really reviewed. They're just checking the box to go forward. Who knows if those applications are compliant with your own internal controls and regulations and policies and standards that you're trying to live up to in order to deliver your services to your customers? Who knows what sort of data's being brought into those applications and where that data's being hosted around the world? Lots of questions you can start to peel back. Nd then I think one of the biggest things is really just around cost optimization. And you just think about the amount of money that's being spent on all these applications. And as we enter into a different economic climate than we have been in, people are definitely thinking more about," How do I cut back a little bit, tighten the belt in order to control my costs a little bit more?" That's a big part of this as well, especially coming off the pandemic where a lot of software was purchased to enable employees to work from home and have a hybrid experience. How do I then think about level setting now and making sure that the tools are there that my employees need to use and that they want to use and all those important questions that need to be answered? So there's a lot of problems that we can solve by just bringing that level of visibility to then drive change within an organization to make them operate better.
Jeanne Dion: You brought up something that I hadn't really thought about, hadn't really hit my mind, the location of where the data is stored and where the service is coming from, the country or region. There are so many rules around who we can and cannot do business with from a federal government perspective, at least in the US. That becomes a really critical compliance point and could be a real problem for organizations now.
Ben Pippenger: Totally. Yeah. We help customers with that all the time when they think about those related security risks. And, yeah. So that's a big part of the compliance angle that we bring to the table as well, is just... Again, it's just bringing that level of visibility, which is nearly impossible to have and to have in an accurate manner without having a tool like Zylo in place to do it for you.
Jeanne Dion: Right. So we've talked about the whys and the problems that it solves for, that ability to have visibility into everything that's going on, the ability to continue to allow your employees to have a bit of freedom while you still have some control over the process, the ability to remove some of the compliance and risk perspectives by having this as an overlay. But really, when we think about this, how do you know as an organization that you have this problem? Are there specific things that people should be looking for or types of reports they can run, or just are there any tips on how you can find this?
Ben Pippenger: I like to say that any company that's using software likely needs a SaaS management system. So really, that's every company, because you think about the evolution of going from on premise and data centers to the Cloud. When people think about that problem, they oftentimes think about the Cloud providers like," How do I get something I built and hosted myself onto an Azure or onto an AWS or onto a GCP or onto any of those Clouds that are out there? How do I make that migration?," which is a big problem. And those people there that help you solve those problems and optimization around those things. But SaaS is just as big of a problem that oftentimes gets overlooked, because within organizations, there's not really a centralized owner for SaaS or for software. But the spend is higher when you look in totality across what people are spending on SaaS applications versus Cloud is a big problem and I think, back to your question, affects all types of organizations. And I think things, symptoms, I guess, of how this is an issue is you're missing renewals. Are you caught on your heels and are reactive to vendors coming to you saying your renewals coming up, and then you're stuck in situations where you can't negotiate? You don't really know what you're using or how you're using it to be able to effectively go in and get a good renewal done. Things like lack of a software purchasing policy, right? So you think about the employee expense side, do employees know if they can purchase software or not? Even if they don't know, are you tracking that? Are you monitoring that to know if that's accurately happening or not? Another good one would be just when you think about how software's bought within your company. Is it going through centralized purchasing? Who's responsible for that? When you think about a procurement function, we talk a lot to procurement folks, because they are typically one of the only groups within an organization that's got visibility across all the different departments and what they're buying. And so I think those are some good areas to start. In the larger enterprises, we work with a lot of software asset management teams. And those software asset management teams, the reason that they were put into place is to help remove risk from the business. So rewind the clock back 15, 20 years when SAM teams were put in, it was to help against audits of software. So if you had a larger software vendor come in and was going to check to see how you were using the software, that the SAM teams would be able to respond to those and show how that software is being adopted and used. They've had to change their mind a little bit to now start to think about SaaS, and not necessarily from an audit perspective, but how do I get out ahead to know that all these tools are being used effectively by my company and the value's there and we're preparing for renewals and all those things I talked about earlier? So it touches lots of different parts and pieces, but I think, back to how do you know if there's a problem, if you're using software, which I would guess you are, especially if you're listening to this podcast with SAP Concur, you probably need to think about how to get your arms around SaaS.
Jeanne Dion: Yeah. And so when I think about it, too, those are all really great ways to think about it. And I think about it just from the expense perspective. If you're using some sort of expense reporting tool or a P- Card tool like a Concur system, either the company build statement or our expense tool, take a look at your reporting and look for certain categories, things along the lines of dues, subscriptions, fees. Sometimes, they're falling in under office supplies, equipment. You may even, if you have software listed as an expense type, it may be under software, actually under software. It might be hidden in plain sight.
Ben Pippenger: Yeah.
Jeanne Dion: Who knows? So those are the places that I would really take a look at. You might also want to take a look, to Ben's point, sometimes people are really very descriptive in business purpose or comment fields for those particular type of expenses. Take a look and run a report against those business purposes, because it might be software for X project or update to software that I bought during pandemic. There's a lot of ways to look for this in your expense tools that might be hidden in plain sight. It might be rolling up into another cost center that you wouldn't even think of providing reporting with within your ERP because it's hidden. It's hidden in a more consolidated way. So these are ways, if you're a Concur customer, to take a look and see what's out there. The other piece of it would be, if you're looking under your P- Card processes, take a look at the MCC codes that you've got coming through and, to your point, Ben, the vendor names. Run a report against that. See what's going on. See if they're being hit into the right categories. They might be under supplies. They might be under other type of office equipments and supplies that are under the P- Card as well. So take a look at those places as indicators that you might have some work to do in trying to find and solve this problem and get yourself set up. We've talked about what the indicators are, but as you're getting ready to prepare for this kind of effort, how do you get everybody on board? Because you've mentioned a number of teams. We've got our procurement teams. We've got finance teams. We've got vendor management. We've got a lot. We've got risk. How do you get them together?
Ben Pippenger: That's a great question, but I'm going to throw one more stat at you before I answer it.
Jeanne Dion: Sure. I'd love a stat.
Ben Pippenger: Based on how you were just talking about hidden software spend. So 55% of apps we find are not attributed as software purchases. So 55%, over half of the applications, are not categorized correctly inside of expense. So it's a lot. That's what we find so much. That's why we're finding all these applications inside of employee expense, because it's an employee putting it in and they may not know. Or if there's no purchasing policy, like we talked about earlier, they're unclear on how to put it in there, or they might be trying to hide it. To be honest, they might be trying to just sneak the expense in. So it is something definitely to be aware of.
Jeanne Dion: Yeah. Or there isn't a proper expense type. So they're just taking a shot in the dark, right? What meets best? Oh, office supplies.
Ben Pippenger: Yeah. We see it in travel.
Jeanne Dion: Yeah.
Ben Pippenger: And we see it in meals. We'll find it all over the place.
Jeanne Dion: ....
Ben Pippenger: Yeah. You can't hide.
Jeanne Dion: Yes.
Ben Pippenger: With Zylo, you can't hide.
Jeanne Dion: I love a good software meal. I've seen some things like this under airline baggage fees as well. So yeah, I love that. But back to the question about preparing and getting everybody, all the different teams on board, who do you typically see being included to make sure that the rollout of this overlay of looking for the SaaS applications? Who do you see really involved and critical to the success of the project?
Ben Pippenger: When you think about software within organizations, I mentioned earlier that it's decentralized. So what I mean by that is you've got... Typically, you have your CIO buying the large, what we call wall- to- wall applications, so those things that you're deploying across the business. You then have your department heads. So you might have your CMO or your head of HR or your CTO out buying software they need in order to enable their teams to do their jobs and hit their goals that they're trying to accomplish. And then you have the employee led purchasing that we're finding in expense reports and things like that from Concur. So it's across the board. When it comes back to who really cares about solving this problem, and we go back to what we talked about earlier around the things that we're helping people solve, it's risk, it's compliance, it's cost savings, it's employee productivity. All of those items are things the CIO really thinks about and cares about. Those are things that they need to be worried about, things that they need to be measured on. And so end of the day, it really rolls back over to the CIO and the office of the CIO to need and want to solve this problem. But they'll have to do it in a collaborative way, because they're going to have to work with... Lots of times, SAM teams are reporting to the CIO. And lots of times, IT procurement is its own group that reports into the CIO. So they got the right people. But then they're going to have to partner with the business on these tools that are being bought by the different parts of the organization to make sure that they're going through the right approval processes and putting them through the right security reviews and they're doing that on a regular basis and all those sorts of things. So those things are very important. And we help solve those problems. And like I said, it rolls back over to the world of the CIO.
Jeanne Dion: And I think about it, too, from the finance perspective. Especially if you're a publicly held company, you have a specific signature authority, typically based on the types of purchases. So if these are going through systems that aren't set up for the proper authority on signature alone, that, too, becomes a problem for finance.
Ben Pippenger: For sure.
Jeanne Dion: It's not just a problem for IT or procurement. It's a problem for finance. It becomes a significant conversation during audits. Something to keep in mind there as well.
Ben Pippenger: And for finance teams, too, just the practice of going around and forecasting and budgeting what spend's going to look like, that's super hard to do with software and it's a big expense item. So we oftentimes will help with that, too, where finance teams want to understand what are people actually buying and what does usage actually look like and how does that go into planning mode for growth within the company, so we know we're budgeting appropriately for upcoming years. Yeah.
Jeanne Dion: Yeah. All really critical, especially during these economic times, right? There's a lot of uncertainty. I sometimes like to say, if you do business continuity right, things like the current economic situation or things that are happening from a worldview, you already have a plan in place. But it feels like everything's coming all at once. We're usually used to having only one or two at a time. It feels like 15 of them are happening all at once. So it becomes really critical when you're trying to figure out how to keep your business running, how to keep the lights on, and how to keep growth happening. This sounds like a logical way to help at least get visibility into where things are going.
Ben Pippenger: Yes. Yeah. Totally.
Jeanne Dion: You mentioned something that still is mind boggling to me about, on an expense report, about 55, or even in other places, 55% of these purchases are misclassified.
Ben Pippenger: Yep.
Jeanne Dion: I always love a good horror story. So do you have anything that you can share about the craziest misclassification you might ever have seen? We're not going to mention any names. We're just going to... what you might have seen.
Ben Pippenger: Like I said, we see misclassifications in meals and entertainment and things. We see a lot of subscriptions that come through for things like music services and video games and some other services that I probably wouldn't mention on the podcast that pop up. But I think typically people are trying to do their best to get things in. And I don't have, unfortunately, a specific. We have seen some pretty crazy stats where employees, single employees, were expensing thousands and thousands of dollars of software through the expense report process. And those things are obviously things we call out really quickly. And it could be lots of different reasons for that. It could be a department head that's just expensing stuff. But usually, if that's occurring, the procurement teams and the buying teams want to get their arms around that pretty quickly, because obviously they can likely get better rates and better deals and things going through all the right processes.
Jeanne Dion: And I'm guessing these were probably done on a corporate credit card as well.
Ben Pippenger: Yep.
Jeanne Dion: Okay. Yeah. Because I seem to remember there was... What did you have? One company had an employee who expensed more than$ 100,000 worth?
Ben Pippenger: Yeah. Yep.
Jeanne Dion: Holy .....
Ben Pippenger: On a company credit card. Yeah.
Jeanne Dion: Well, they're certainly busy. I'll give them that. I really-
Ben Pippenger: Lots of points, maybe. Hopefully, they're getting points for that. I don't know.
Jeanne Dion: Yeah.
Ben Pippenger: Secret bets.
Jeanne Dion: Anyway, so to wrap up, the things that have stuck out to me really clearly are just the sheer number of apps that are hidden in this shadow IT area anywhere, on average about 320. But for some of our larger customers, it's up to a thousand that are hidden and maybe not easily visible unless we're really seriously looking for them and investing a lot of resource time to go and look for them. Using this AI and machine learning might be another avenue for some of our customers. The other thing that stands out to me is 30% of these purchases are employee led. So I don't see that getting any smaller anytime soon, do you?
Ben Pippenger: I don't. We actually have seen it increase in the last 12 months, too. So maybe things will plateau with hopefully things going back to normal and people settling into their work environments now. But I tell you what is not changing, too, is that just the amount of applications that are entering into new businesses as well. So you mentioned the upwards of a thousand for large enterprise. We see on average about eight new apps entering into those environments on a monthly basis. So even when you think about, I get the visibility, check the box, oh, six months later, I've got a whole new problem, because I haven't been tracking to see what's new and what's entering into the environment. So it's definitely not a one and done thing. It's you get the visibility, and then you got to put process and things in place to help manage it going forward. So...
Jeanne Dion: Wow. Well, this has really been enlightening. I think that as the business climate changes, as we move to more hybrid types of organizations, as we continue to look towards that retention and recruitment style, where we want to allow our employees a certain amount of freedom of choice and a certain amount of freedom to work as they need with tools that make their work easier, this becomes an even more critical part of all of those employee experience and spend governance topics that companies and customers are talking about. So I want to thank you for your time today, Ben. I really appreciate it. And give you a chance for any last words, anything we might have missed, anything that I haven't asked about?
Ben Pippenger: I don't think so. I really appreciate obviously the time and, for those that are listening, for listening. It's been a pleasure and looking forward to continuing the conversations.
Jeanne Dion: Well, congratulations to both you and Zylo, again, on your partner innovation award. We're really thrilled to have you as a partner and really are excited to see our customers solving for some of the bigger business outcomes that they have facing them today.
Ben Pippenger: Yeah, a hundred percent. We definitely couldn't be where we are without a lot of great Concur customers and helping bring visibility. So appreciate the award and appreciate the partnership.
Cory Wheeler: Did you enjoy the episode? Pass that along to your friend. Subscribe to get notifications for the latest episode. Share your favorite takeaways and join the conversation on social media using# SaaSMeUnfiltered.
There’s a growing and escalating issue around the increasing number of SaaS applications and spend at companies today. Much of that is attributed to hidden SaaS purchases – or shadow IT. In this episode, Zylo Co-founder Ben Pippenger sat down with our friends at the SAP Concur Conversations podcast to discuss how to uncover shadow IT and where to start addressing it.