Where does BetterCloud fit into your tech stack?

Editors Note: This is an updated blog from a previous post.

With the rise of SaaS, the term “tech stack”  emerged to describe an organization’s SaaS tools. IT also uses a tech stack with its own set of apps. It includes SaaS spend, operations, security, compliance management, as well as some other critical functions for managing identities, endpoints, services, automations, cloud access, and more. Here we talk about how some important IT tools that perform these functions work together with SaaS management platforms (SMPs), and specifically where BetterCloud fits into your tech stack. 

Most folks probably recognize those tools by the acronyms that define them: IDaaS (identity as a service), IGA (identity governance and administration), CASB (cloud access security broker), ITSM (IT Service Management). You know, just to name a few.

While SaaS sprawl might lead you to believe that a typical IT tech stack resembles a teenager’s unorganized closet, the most efficient, and highest performing IT tech stacks are carefully planned and diagrammed. And as we’ve seen over the years, many of those tech stacks include SMPs as a critical component. 

Let’s explore how SMPs are changing to manage more functions involved in SaaS operations and where BetterCloud fits into IT’s tech stack in further detail.

Can BetterCloud serve as our entire IT “tech stack”?

It very well could, depending on the size of your organization, its unique IT needs, and existing IT infrastructure, including SaaS, cloud and legacy, on-prem applications.

For example, let’s say all of your applications are SaaS. If you use an all-in-one SaaS management platform, its rich functionality enables IT to manage many aspects of SaaS operations. 

Over recent years, the best SMPs have evolved from managing users in a single cloud productivity suite into powerful platforms capable of much more. Now from a unified platform, you can optimize SaaS usage, spending, and budgets. This crucial tool also helps you automate repetitive tasks, enable secure user lifecycle management, maintain SaaS file security and governance, prove compliance, as well as many other tasks.

But as companies grow in size and complexity, their IT tech stacks tend to include an SMP like BetterCloud alongside other tools. While BetterCloud handles some of the finer details like file access policy, permissions, and admin settings, you don’t necessarily say farewell to your CASB or IDaaS.

Gartner recently addressed this question in its July 2024 Magic Quadrant for SaaS Management Platforms report. Here’s a direct quote from it in the context of must-have capabilities: “The ability to discover authorized and unauthorized SaaS usage via browser extension, device agent, financial/expense systems integration, security tool integration (including but not limited to SASE, SSE, CASB, SIEM, SWG, firewall and EDR), SSO and IDP platform integration, endpoint management tool integration, email system integration or direct API integration with SaaS.” 

That’s how most BetterCloud customers have implemented our SMP solution into their IT tech stacks. And based on the countless implementations our team has seen, CASBs aren’t the only solutions that can be used in conjunction with BetterCloud.

So how does BetterCloud play nicely with an IDaaS, IGA, ITSM, or a CASB? We’ll get into some (slightly) more detailed examples in this post, but I think you’ll quickly identify a few trends. Here’s a TL;DR of what we’ll unpack in upcoming sections. Personally, I don’t think you should stop here.

• Customers use an IDaaS to handle the initial user provisioning tasks of an onboarding process.
• Companies use an IGA to manage approval processes for compliance
• IT relies on ITSMs for managing IT services and help desk across all IT infrastructure, not just SaaS  
• After a user gains basic access to SaaS applications, BetterCloud handles the finer details, like managing SaaS licenses and budgets, maintaining SaaS file governance, determining which types of files should be shared in Slack and creating custom admin roles in Google Workspace.

OK, enough context. Let’s explore some specific examples of how BetterCloud fits into your tech stack.

(A quick note before we move on. Our friends in solutions engineering urged me to let you know that these following examples are specific to user lifecycle management for automated onboarding and offboarding. They’re also not a one-size-fits-all solution for all IT organizations.)

Where BetterCloud fits in your tech stack

Architecture with an IDaaS

The basic mechanics of how BetterCloud fits in with an IDaaS are consistent with the TL;DR we discussed earlier in this post. An IDaaS like Okta or OneLogin provisions applications to a user via SSO and then BetterCloud handles the rest. Simple, right? Of course not.

It’s been a little while since we talked about how OneLogin and Okta both integrate with BetterCloud. This is a good opportunity to review.

OneLogin and Okta work with BetterCloud in many of the same ways. After the initial user provisioning is done via OneLogin or Okta, BetterCloud listens to them for changes to user identities.

Let’s say one user in your org has transitioned to another department. When you update that person’s profile in OneLogin or Okta, this will trigger BetterCloud to do…any number of tasks that IT would otherwise have to complete manually, such as reassigning that person to different groups in Google Workspace or changing permissions in Salesforce. When you change a user’s status to “suspended” on either platform, BetterCloud can automatically begin the offboarding process.

But wait, doesn’t Okta handle user deprovisioning? It does, but BetterCloud handles the finer details (and enables you to easily automate them using no-code workflows), such as transferring files to a manager, wiping devices remotely, and waiting a set period of time before deleting the user.

Ultimately, BetterCloud is a complementary tool to an IDaaS, which is a complementary tool to an Identity Governance and Administration (IGA) solution. So many acronyms! What the heck are we talking about? Let’s take a closer look.

Architecture with an IGA

Pamela Armstead at Okta explains that identity governance and administration is a policy-based approach to identity management and access control. That makes sense, right? But it doesn’t explain how an IGA works with an IDaaS—and more importantly, how BetterCloud fits in the tech stack.

Here’s another visual to help make sense of the confusion:

When we use the acronym IGA to describe a solution, we’re referring to a separate product that determines whether a user can have access to an application based on the policies put in place by your organization. Once the IGA gives a user the green light, the IDaaS creates the licenses that the person needs. Then, BetterCloud handles the granular actions like settings and permissions for sharing files and folders, applying the appropriate settings to an account, and putting a user in the correct groups and channels.

Architecture with an ITSM

Since most end-user requests begin in ticketing systems found in ITSMs from vendors like Zendesk or ServiceNow, BetterCloud’s integration with both of these ITSMs allow IT to build workflows that automate a significant number of IT tasks. Using the ITSM platform’s  robust Webhook functionality, it enables BetterCloud to kick off user lifecycle management workflows based on events that occur within the ITSM.

As you can see in the diagram above, when your tech stack has both BetterCloud and an ITSM, IT automates several time-consuming tasks, including routing for app access approval, app configuration, and closing support tickets. 

Not only does this architecture give end-users faster access to the apps they need, but it frees up IT to focus on more strategic and mission-critical projects.  Using this framework, IT can then automate beyond user lifecycle management.

For example, it can automate other manual and redundant ticket requests like password resets, email delegations, group additions, just to name a few. Now by using the BetterCloud Self-service Agent, a Slack-based IT assistant, IT can extend instant, self-service support to employees. No more ticket queues and no more employees unproductively waiting for resolution. 

Whether you’re automating routine tasks or simplifying request management, the BetterCloud Self-service Agent bot integrates seamlessly with your ITSM to automatically create and close tickets –  while transforming SaaS operations along the way.

OK, but what about my CASB, IPaaS, and SIEM?

We’re definitely not saying that you should ditch your CASB, IPaaS, or SIEM. After all, Gartner recommends that IT organizations use a combination of solutions to completely discover, manage, and secure a SaaS-based environment.

But what we are saying is that connecting these tools with BetterCloud requires you to know your IT environment.

OK, here’s just one example of how an IPaaS might work with an HRIS, IDaaS, and BetterCloud.

In this concept, the organization’s HRIS syncs to Okta, which triggers BetterCloud to perform all the magic we’ve discussed several times in previous sections. Once BetterCloud has completed the advanced actions, it syncs back to Okta, which then syncs with the IPaaS, and finally back to the HRIS. Phew.

This begs one crucial question: Why would an IT organization want to go through all of this trouble? According to our IT folks, this setup tends to be necessary for organizations that use legacy systems. Many of those legacy systems don’t work seamlessly with newer tools like BetterCloud—and in these instances, an IPaaS connects all of your systems together.

One of the major appeals of an IPaaS is that they enable you to sync data from a variety of sources. But this also means that an IPaaS can live anywhere in an IT architecture. If you’d like to connect your IPaaS directly to BetterCloud, be our guest. If you’d like to connect your IPaaS to something else, we can help you figure that out.

The same can be said for how BetterCloud fits in with a CASB or a SIEM. It depends on how you want to use those tools together. We probably don’t need to tell you that your IT environment is unique—and so too are the potential ways that you might use BetterCloud with your existing tech stack.

Customers often use a CASB with BetterCloud for on-device or on-endpoint proxy protection. While the majority of CASBs have some Cloud DLP functionality, they’re typically not as granular or robust when it comes to SaaS file sharing policies or automated remediation as BetterCloud’s data loss prevention. 

The on-endpoint proxy protection in a CASB enables IT to automate a variety of tasks, including:

• Track if a user shares a file via email or USB drive
• Scan files on a device
• Scan the entire network to see if files are moving where they shouldn’t
• Block unwanted traffic

On the other hand, a SIEM is useful for security analytics, dashboarding and security data storage. For example, IT might use a SIEM to load all of its SaaS applications’ syslogs into a single dashboard. An administrator can then weight that dashboard with data from BetterCloud to limit alert fatigue.

BetterCloud brings significant operational benefits to the IT tech stack

Enforcement of least privilege access, policies across SaaS apps, as well as data loss protection, data-driven SaaS spend management and license optimization, and elimination of Shadow IT with comprehensive visibility across your SaaS environment, are just a few of the benefits. ITSMs, IGAs or IDaaS tools offer these benefits now.

In closing, as we move into the mid-2020s, there is one more important reminder: all of the examples we discussed in this post are not one-size-fits-all solutions. Your IT tech stack, along with your policies, processes, apps, budgets, and people are individual to your organization. How BetterCloud best fits in your IT tech stack will also be unique.  

Want to learn more about how award-winning BetterCloud works with your existing tooling and fits into your tech stack? Schedule a demo.