Jan 15, 2025
Jan 15, 2025
The myth of the “on-prem” organization is just that—a myth. Employees have already moved to the cloud, and the tools they use every day reflect this reality.
The phrase “we’re still mostly on-prem” is a common refrain among IT leaders. But I must say, it’s a dangerous one.
Organizations that claim to be mostly on-prem reflect a reluctance to invest in migrating legacy systems to the cloud and fail to align with the actual state of technology adoption. The reality is that employees, driven by the need for productivity and innovation, are shifting to SaaS solutions with or without IT approval.
Grip’s 2025 SaaS Security Report shows a 40% growth in SaaS portfolios last year. It’s clear that even if IT hasn’t fully transitioned to cloud-based operations, employees already have. In fact, the misconception that staying "on premises" is practical or sufficient is actually holding organizations back.
Since the pandemic, work models have changed irreversibly. Remote and hybrid environments are the new normal, even as some companies push for a return to the office. Regardless of location, employees want to access their tools anytime, anywhere, and from any device. Additionally, the growth in SaaS adoption reflects that employees also want to be empowered to use the tools that make their jobs easier.
The question isn’t whether employees will adopt SaaS—we already know they do and will continue to do so. What every security professional should be considering is how to manage SaaS usage effectively. Efforts to block SaaS adoption outright often backfire. Employees find creative ways to sidestep policies, driven by the timeless principle: “Life finds a way.” Restrictive IT policies might temporarily hinder SaaS adoption, but they don’t stop it. Instead, they push it underground, increasing the organization’s exposure to unmanaged risks. As an example, some industries, like Financial Services, Healthcare, Government and Defense, and Legal firms block ChatGPT. Yet, in Grip’s research, ChatGPT was found in 96% of organizations analyzed. The bottom line: you can’t block SaaS or AI usage; employees will find a workaround.
The persistence of on premise software is rarely about strategic security decisions and more about inaction. Organizations that haven’t migrated legacy systems often assume employees won’t adopt cloud-based solutions if on prem software options remain in place. But this is demonstrably untrue.
Here’s why the on-prem vs. SaaS debate is shifting decisively toward the cloud:
1. Limited Vendor Options.
Finding robust and modern on premises software for niche needs has become a nearly impossible task. While enterprise options like SAP still cater to on-prem requirements, they often fall short compared to SaaS solutions—offering less flexibility, higher costs, and more complicated deployments.
2. Ease of SaaS Adoption.
Employees no longer wait for IT to approve tools through lengthy procurement cycles. Subscriptions to SaaS tools like HubSpot, Trello, or Grammarly can be initiated in minutes. SaaS isn’t just more accessible—it’s often the practical choice when on-prem options don’t meet modern business demands.
3. Shadow SaaS Growth.
Employees use SaaS to meet their needs. If IT insists on clinging to outdated on prem software, employees will bypass them in favor of SaaS tools according to their preferences and to help them meet the demands of their individual roles. Grip’s research reveals that marketing departments lead the way in shadow SaaS (94%), followed closely by financial apps (93%), showing just how widespread employee-led SaaS usage has become. Further, the 2024 MarTech Composability Survey found that 83% of marketers chose an alternative SaaS app even though the primary sanctioned tools had the same functionality. The bottom line is employees want flexibility and the freedom to choose the tools that work best for them.
Rather than clinging to outdated on-prem models, IT and security leaders must embrace the reality of a cloud-first, employee-driven SaaS environment and focus on managing the risks associated with it.
A proactive SaaS governance strategy involves:
Comprehensive Visibility: Understanding what SaaS tools are being used across the organization.
Streamlined Reviews: Simplifying SaaS procurement and approval processes to align with employee expectations and business needs.
Identity Risk Mitigation: Focusing on securing access to SaaS applications rather than controlling the applications themselves.
The myth of the “on-prem” organization is just that—a myth. Employees have already moved to the cloud, and the tools they use every day reflect this reality. IT leaders must adapt to a new era where SaaS is the default, not the exception. By embracing SaaS governance and rethinking outdated assumptions, organizations can harness the power of innovation without sacrificing security.
The choice isn’t on-prem vs. SaaS; it’s how to thrive in a SaaS-first world.
Secure your SaaS more efficiently and effectively. Book time with the Grip team to learn more.
Gain a complete view of your SaaS usage—including shadow SaaS and rogue cloud accounts—from an identity-centric viewpoint. See how Grip can improve the security of your enterprise.
Fill out the form and watch webinar's video.
