Maverick buying happens when people inside a company skip formal purchasing procedures. In doing so, they disregard any price comparison, negotiation, or contract agreement, and often annoy entire procurement or software management teams.
Life, as Jeff Goldblum once said, finds a way. People want to get things done. They want to deliver and so they become mavericks. Maverick buyers have a bad name, and certainly they can cause a lot of problems (more on that later), but in many ways they represent the best of companies.
The types of people inside a company that are likely to want to become maverick buyers of a new SaaS product are disproportionately those that are high achievers and most passionate about contributing to the success of the business. The simple fact that they even know what SaaS to buy, means that they’re likely to be an expert in their field. Maverick buying represents the entrepreneurial spirit inside the business. If it can be harnessed, companies can move forward in non-linear ways and get more done, faster.
Maverick buying used to result in inflated costs, contracting inferior products and agreeing to inappropriate terms and so it was justified to have every single potential new bit of software go through a formal procurement process. The world has changed and for the vast majority of SaaS products those risks just don’t apply.
SaaS products tend to be niche, focused on a single problem and therefore tend to be small. They tend to be used by individuals or teams to solve well-defined problems. Contracts tend to be generic and the average cost of a single SaaS subscription for most companies is less than $300 per month. It makes sense to let people on the front line take decisions of this magnitude, rather than centralising them in a procurement or Software Asset Management team.
The trouble with that is risk. If you don’t know what software you’re using in the business, you have know way of knowing where your customer data is going. If you don’t know where your customer data is going, you run the risk of regulatory fines.
So managing maverick buying of SaaS isn’t about optimising costs, but instead having controls to prevent a large regulatory fine for breaching GDPR, CCPA or, if you’re a regulated financial institution, for not following risk management guidance for third party relationships issued by The Office of the Comptroller of the Currency (OCC) and their equivalents around the world.
And those fines can be massive - total GDPR fines in 2019 reached a mind-boggling €417.5 million. So the question is, how can you procure SaaS responsibly, harness the entrepreneurial spirit of a company and manage risk when everyone in the company with a credit card is a risk vector?
The answer is to design processes and controls that can be fast, run affordably (who wants to have a software committee that costs £10k a day approve a £30/month subscription?), that provides a central register of what software is in a business and who has access to it, and puts as much autonomy in the hands of the people needing software as possible. If you can design a process and system that is almost as easy as someone in the team pulling a card out of their own wallet, you have a great chance of getting the risk under control. And if you’d like to talk more about how to implement something like that, let us know and start harnessing your mavericks for good!