Automated and secure software management process across multiple computer terminals with real-time monitoring and notifications

The method addresses the challenges of heterogeneous SaaS usage by automating real-time data collection and analysis to enforce company policies, reducing redundancy and security risks, and optimizing SaaS application management.

FR3170032A1Pending Publication Date: 2026-06-19BEAMY

Patent Information

Authority / Receiving Office
FR · FR
Patent Type
Applications
Current Assignee / Owner
BEAMY
Filing Date
2024-12-16
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

The heterogeneous use of SaaS applications by different users within an organization leads to inefficiencies, increased security risks, data fragmentation, and operational inefficiencies, including application redundancy, uncontrolled license usage, difficulty in management, and non-compliance with security policies, which complicates IT management and exposes the company to legal and operational risks.

Method used

A method for managing SaaS applications on multiple computer terminals involving real-time data collection, analysis, and notification systems to identify redundant or underutilized applications, detect anomalies, and enforce company policies through automated notifications and interface modifications, ensuring compliance and optimizing usage.

Benefits of technology

The solution provides centralized, automated management of SaaS applications, reducing security risks, improving operational efficiency, and enhancing compliance by identifying and redirecting usage to standard applications, thereby optimizing resource use and user experience.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 00000000_0000_ABST
    Figure 00000000_0000_ABST
Patent Text Reader

Abstract

The present invention relates to a method for managing software on computer terminals (computers, mobile phones, tablets) used by a community within an entity with security policies. Each terminal incorporates a data collection module that monitors user interactions with various applications in real time. The process includes recording usage references, identifying the applications used, and collecting associated data. This data is analyzed to identify applications in real time and detect anomalies compared to normal usage. In the event of abnormal behavior or to optimize software usage, personalized notifications are generated in real time. These notifications can be sent directly to the terminals via email or integrated into the user interface.This process aims for centralized, proactive, and automated governance to strengthen the compliance, security, and efficiency of applications used within an organization. See Figure 1 for an abstract.
Need to check novelty before this filing date? Find Prior Art

Description

Title of the invention: Automated and secure software management method on a plurality of computer terminals with real-time monitoring and notifications. Field of the invention

[0001] The present invention relates to the field of automation of the management of the use of software as a service (in English "software as a service" commonly used by its acronym "SaaS") in a computer park with many users having disparate and heterogeneous uses.

[0002] Software as a Service (SaaS) is a software distribution model where applications are accessible online, hosted in the cloud, and offered via a subscription. This model has become popular due to its flexibility, low costs, and universal accessibility. However, it also presents challenges in terms of security, internet dependency, and limited customization, which must be carefully managed by companies adopting this approach.

[0003] In 2023, the global SaaS market was valued at $273.55 billion. By 2032, the SaaS market could reach a valuation of $1,228.87 billion. The growth of the SaaS market is driven by the digital transformation of companies seeking operational efficiency, an enhanced customer experience, innovation, and a competitive advantage without having to make massive investments in cumbersome and expensive infrastructure. The rise of remote work also contributes to the accelerated adoption of SaaS solutions.

[0004] The main current applications of this model are customer relationship management (CRM), e-commerce website creation solutions, video conferencing, human resources management, unified communications and messaging and collaborative software, purchasing management, electronic document management (EDM)... SaaS allows companies to fully outsource an aspect of their information system (messaging, security, etc.) and treat it as an operating cost rather than an investment.

[0005] However, there is a fairly wide range of SaaS solutions offering identical or very similar functionalities, and each user will be tempted to use the SaaS they are used to or familiar with, creating a strong disparity in structures with a large number of users.

[0006] The heterogeneous use of SaaS by different users within the same company can lead to several major disadvantages that affect both the management, security, and overall efficiency of the organization.

[0007] If each department or user adopts SaaS solutions without centralized coordination, there is a risk of using multiple applications that offer similar functionalities (e.g., multiple project management, communication, or CRM tools). This leads to application redundancy, increasing costs and complicating management. The heterogeneity of SaaS also makes it difficult to track license usage, which can result in payments for unused or underused subscriptions. This can also pose problems when negotiating group rates with suppliers.

[0008] When each user or department adopts its own SaaS solutions, it becomes difficult for IT teams to centralize application management. This leads to poor visibility into which applications are being used, how many licenses are required, and who has access. This is especially true since each SaaS solution has its own contractual terms, payment methods, and billing cycle. Heterogeneous usage can lead to a proliferation of contracts to manage, making negotiation and renewal management much more complex.

[0009] Uncontrolled use also leads to the use of applications not validated by IT: If users adopt SaaS without going through the IT department or corporate compliance, some of these applications may not comply with internal security policies. This includes weaknesses in authentication systems, lack of encryption, or questionable data protection practices. IT cannot monitor, secure, or manage applications that are not officially recognized. This exposes the company to risks of malware infiltration, data leaks, or compliance violations. And it is well known that even a minor vulnerability can jeopardize the entire IT security system.

[0010] Furthermore, the use of SaaS that does not comply with regulations (e.g., GDPR, HIPAA) can expose the company to legal penalties or fines, particularly if sensitive data is processed or stored on non-compliant platforms. These risks increase with the development of artificial intelligence.

[0011] Other operational problems arise from the heterogeneous use of SaaS. SaaS applications may not integrate easily with each other, complicating collaboration between departments. For example, if one team uses a SaaS project management tool while another uses different software, it may be difficult to synchronize information or facilitate data exchange. Uncoordinated adoption SaaS leads to data being dispersed across multiple systems. This fragmentation makes it difficult to create a unified view of information, which limits the ability to analyze data holistically or to make decisions based on clear insights.

[0012] Finally, since each SaaS has its own interfaces, workflows, and functionalities, users must adapt to multiple environments. This can lead to a loss of productivity, as employees spend time learning and switching between different tools. Using different applications for similar tasks can lead to inconsistencies in internal processes. For example, two departments using different tools to manage customer relationships might have different approaches, complicating the standardization of procedures and outputs. If multiple SaaS solutions are used within the company, the IT team must provide technical support for each tool, further complicating their work and diluting their efforts. Each SaaS provider may have its own support requirements, increasing problem resolution times.

[0013] Conclusion

[0014] In conclusion, the heterogeneous use of SaaS by different users within an organization can generate several major drawbacks, including inefficient resource management, increased security risks, data fragmentation, and a loss of operational efficiency. To overcome these challenges, it is crucial that organizations implement SaaS governance strategies, centralize application management, and establish strict IT policies to guide the adoption and use of SaaS services. This ensures greater consistency, enhanced security, and optimized costs.

[0015] To effectively manage SaaS used by a large number of users within an organization and avoid excessive heterogeneity, it is common practice to implement centralized governance and clear management processes. This includes the selection, adoption, license management, and security of SaaS applications.

[0016] However, this requires significant human resources to support all users "in real time," before they begin using non-compliant applications, and can create excessive rigidity in the structure's operation, as the processes of requesting authorization, verification, justification, etc., can become prohibitive compared to the responsiveness expected by operational staff. Technocratic centralization generally proves unsuitable, costly, and leads users to circumvent internal policy to avoid being hindered in their progress.

[0017] It therefore became necessary to partially automate the management of SaaS usage. State of the art

[0018] Prior art is known patent application WO2024118245 which describes a method implemented in a Software as a Service (SaaS) management platform (SMP), the SMP implemented in a cloud resource comprising at least one processor and at least one storage device, the method comprising the following steps;

[0019] - the reception, on a network, of human resources (HR) data from a HR application, the said HR data describing an organizational chart of the employees of an SMP client;

[0020] - the identification of a plurality of SaaS applications used by the SMP client;

[0021] - the reception, on the network, of a request from a client device associated with an employee given by the client and the response to the request, then the identification of a management group within the organizational chart of which the given employee is a member,

[0022] - the identification of one of the SaaS applications used by the management group identified, and display those identified SaaS applications in a user interface rendered by the client device as recommended applications for the given client employee. Disadvantages of prior art

[0023] The solution proposed by prior art application WO2024118245 makes it possible to partially automate the management of SaaS in an organization with a large number of users, but has the disadvantage of being very rigid and restrictive for users, who are limited to the SaaS intended for the group of people to which they belong hierarchically, and prevents a priori any transgression. Solution provided by the invention

[0024] In order to remedy these drawbacks, the present invention relates to a method for managing software used on a plurality of computer terminals (computer workstations, mobile phones, tablets) used by a community of users belonging to an entity applying security policies, each of the computer terminals having a means of user authentication, characterized in that it comprises the following steps: • Installation on each of said computer terminals of a data collection module configured to monitor, in real time, user interactions with a plurality of SaaS applications • Recording of usage references for said applications in a knowledge base • Data collection including the capture of application usage data, including the identification of applications used • Analysis of said data collected via a data analysis engine for: • To perform real-time identification of the applications used by each user, • detect anomalies compared to application usage benchmarks, • Generation of real-time notifications based on application usage, configured to send personalized email messages to users' computers (via internet browser or desktop) or mobile phones and tablets, with said notification triggered in case of abnormal behavior or to optimize application usage, • said notification commanding the masking of a part of the display area of ​​the graphical interface corresponding to the application which caused said notification generation. Depending on the variants:

[0025] said data include at least some of the events consisting of click metrics, session durations, data inputs and interactions with specific functionalities of SaaS applications.

[0026] The method includes a preliminary step of configuring a data lake to store said data collected on said computer terminals.

[0027] The data stored in said data lake is encrypted at rest and in transit to ensure the security and confidentiality of the information collected.

[0028] Said data collection module, a means of data analysis, is an API.

[0029] Said data analysis step is performed by an analysis engine executing the processing for: • Conduct behavioral analyses on user behavior regarding SaaS application usage, • identify redundant or underutilized applications, • detect anomalies in the use of SaaS applications, and • compare the performance of SaaS applications to external benchmarks;

[0030] Said data analysis engine is configured to run machine learning algorithms to identify usage patterns, unusual user behavior, or vulnerabilities in SaaS applications.

[0031] Said data analysis engine is configured to perform comparative analyses between the performance of similar SaaS applications used in the company and in other organizations, in order to provide industry benchmarks.

[0032] Said data collected on said computer terminals are recorded in a data lake.

[0033] Said data lake is configured to organize the data into several zones, including:

[0034] - an area for the raw storage of collected data,

[0035] - an area for storing data after cleaning and transformation,

[0036] - an area for storing data ready to be analyzed.

[0037] Said notification system is configured to send notifications contextual based on predefined rules, such as prolonged use of a SaaS application, a security policy violation, or insufficient adoption of a new application.

[0038] Said data analysis engine is configured to perform comparative analyses between the performance of similar SaaS applications used in the company and in other organizations, in order to provide industry benchmarks.

[0039] Detailed description of a non-limiting example of embodiment

[0040] The present invention will be better understood upon reading the following description, concerning a non-limiting example of an embodiment illustrated by the accompanying drawings where:

[0041] [Fig-1] Figure [Fig. 1] represents the holistic diagram of an example embodiment of the invention

[0042] [Fig.2] Figure [Fig.2] represents the functional diagram of the collection modules user data installed on each user's terminal

[0043] [Fig.3] Figure [Fig.3] represents the schematic view of a digital message of Real-time notifications: General principle of the invention

[0044] The objective of the invention is:

[0045] - the automatic and exhaustive identification of uses on software (SaaS, homemade, on-premise software)

[0046] - the automatic categorization of applications by functional domains (e.g., Sales, Marketing, AI) at different levels (1000+ features covered)

[0047] - automation of defining company policies on applications within the same grouping: standard, tolerated, prohibited

[0048] - the automation of sending real-time notifications to employees for Communicating company policies and redirecting usage towards standard applications relies on automating centralized, secure, and optimized application management, including software installed on the device and internal software. run from the cloud, and / or SaaS (Software-as-a-Service) applications within a company, by automatically identifying redundant or under-used applications, and comparing the actual use of the solutions with expectations, to redirect usage to a restricted subset of applications, according to company policies.

[0049] For the purposes of this patent, “application management” means the conditional modification of the display of the page on which the application is used so as to cause partial masking, forcing the user to become aware of information related to the nature of the application; this allows, in a flexible and gentle way, compliance with IT security governance without abruptly blocking the use of the application.

[0050] For the purposes of this patent, “computer terminal” means computer equipment capable of running a software application, in particular a browser, in particular a computer, a tablet, a smartphone.

[0051] Management according to the invention is carried out in particular by:

[0052] - Comprehensively identifying uses on software (SaaS, homemade) (on-premises software)

[0053] - Differentiating simple "showcase" visits from proven uses of applications, thanks to algorithms that take into account different data points, making it possible in particular to understand the type of page visited and user behavior

[0054] - Automatically categorizing applications by functional domains (e.g., Sales, Marketing, AI) across different levels (1000+ features covered)

[0055] - Automatically defining company policies on applications of a same grouping: standard, tolerated, prohibited

[0056] - Sending real-time notifications to the active tab of the application usage, to employees to communicate company policies, and redirect their usage to standard company applications

[0057] In the following description, we consider more particularly SaaS applications, without however limiting the invention to the management of SaaS applications.

[0058] Of course the invention also applies to applications installed on the user's terminal, to applications run from the cloud.

[0059] The invention provides a technical solution that allows for better control of the company's SaaS ecosystem, with a focus on operational efficiency, risk reduction, and continuous improvement of user experience and governance, without a priori blocking users from using SaaS, and by automating the exchange of messages to encourage users to harmonize SaaS. within the company, with discernment, and to automatically collect relevant information that may deviate from absolute harmonization.

[0060] According to a non-limiting implementation, the method for managing software as a service used on a plurality of computer terminals, each comprising a browser with a means of user authentication, according to the invention, comprises the following steps: • Installation on each of said computer terminals of a data collection module configured to monitor, in real time, user interactions with a plurality of SaaS applications • said data collection including the capture of application usage data, and the identification of the SaaS used • execute a data analysis tool, configured to record usage references for the identified SaaS applications and to process the collected data for the purpose of: • perform analyses of the identifier of the SaaS application(s) by users, • detect anomalies compared to benchmarks in the use of SaaS applications, • generate real-time notifications at the point of use, configured to send personalized electronic messages to said computer terminals of users based on the results of the analyses, said notification being triggered in case of abnormal behavior or to optimize the use of applications. • Ensure that the notification message partially obscures the user's screen, without preventing or blocking this use while the overlay is active. The goal is to encourage the user to read the message, interact with the notification, or potentially dismiss it following a series of user actions. To achieve this, the browser extension determines the active tab of the application in question and generates a message that appears in a defined area within that same active tab, graphically overlaid on the application's display window. This overlay remains persistent, and the user cannot remove it except through specific actions. Description of an example of hardware architecture

[0061] The hardware architecture of the invention is based on the management and analysis of large-scale SaaS applications. It involves a distributed and scalable cloud infrastructure. This architecture must meet performance requirements, security, availability, and scalability. The main hardware components and their organization are a cloud infrastructure. The computing resources specific to the invention are hosted on a cloud infrastructure.

[0062] It comprises several computing servers: • One or more application servers (10): These are the servers that host the business logic of the invention. They execute data analysis algorithms, user management, business logic, etc. These servers can be organized as microservices to improve the modularity, flexibility, and resilience of the system. • One or more API servers (20): APIs provide interfaces between managed SaaS applications and the backend software layer that accesses data, enabling interaction with databases, collection of data on the applications used, and coordination of real-time notifications. The same IT equipment can perform the functions of both application server and API server. • One or more high-performance computing servers (30) to execute complex supervised learning or deep learning algorithms (machine learning or deep learning), or Large Language Models (LLMs) to analyze user data; servers equipped with GPUs (graphics processing units) can be used to accelerate processing.

[0063] Data storage is provided by one or more data lakes to store the massive volumes of data collected on the use of SaaS applications (user behavior, security, compliance, etc.). Data lakes are distributed storage systems that can handle large quantities of structured and unstructured data.

[0064] Data storage also makes use of NoSQL™ and SQL™ databases. Data that needs to be stored in a structured format, such as information about users, roles, permissions, and configurations, can be managed via relational databases like PostgreSQL™ or MySQL™. For larger volumes of unstructured data (logs, events), NoSQL™ databases like MongoDB™ or Cassandra™ can be used.

[0065] The hardware architecture also includes one or more backup services: To guarantee data resilience and availability, distributed and geo-replicated backup services are implemented. They ensure that data remains available even in the event of hardware failure or disaster.

[0066] The network includes load balancers (50) implemented to distribute user requests across multiple servers and ensure high availability and rapid service response. This prevents overloading of any single server by intelligently distributing traffic. It also typically includes one or more Virtual Private Networks (VPNs) and firewalls to ensure the security of client company data. This includes solutions such as VPNs to isolate sensitive network segments, as well as firewalls and intrusion detection systems to filter malicious traffic.

[0067] Local data collection and analysis is performed by browser extensions installed on each user's computer terminal. These extensions enable real-time data collection. They send user behavior data (click metrics, time spent, data entry, etc.) to the backend software layer, which requires low latency and data encryption for security reasons.

[0068] Click metrics refer to quantitative data measuring the number and behavior of clicks made by users on a digital interface. These metrics may include indicators such as: • Total number of clicks: the total number of clicks recorded over a given period. • Click-through rate (CTR): the ratio between the number of clicks and the number of prints or displays of an interactive element. • Unique clicks: the number of distinct visitors who clicked on an item. • Clicks by source: the distribution of clicks according to the different sources of traffic (e.g., organic search, social media, emails).

[0069] These metrics allow us to analyze user engagement and the effectiveness of user interfaces.

[0070] This data is collected via real-time tracking services which require low-latency servers to analyze and respond to user events.

[0071] One or more notification servers (60) send notifications to users via their browsers at specific times, for example after 15 minutes of use or in the event of abnormal behavior. This requires push notification servers capable of interacting with users in real time.

[0072] The architecture also includes interactive dashboards (70) that aggregate data and generate real-time reports. These dashboards are hosted on dedicated web servers and use technologies to provide a smooth user interface. Functional Architecture

[0073] The functional architecture of the invention can be described as a set of interconnected components and services, each playing a specific role in providing optimized management of SaaS applications within an enterprise. This architecture is based on modules dedicated to data collection, analysis, security, governance, and user interaction. This functional architecture includes:

[0074] 1. a user data collection module (200) (Tracking and Monitoring)

[0075] This module (200) is responsible for capturing user interactions with the SaaS applications used within the company. It is installed on the computer terminal and configured to monitor user interactions with a variety of SaaS applications in real time. This data collection module (200) consists of several sub-components, depending on the nature of the applications: • Browser extensions (210): These extensions, installed in users' browsers, record interactions such as clicks, session times, data entries, and other behaviors. Browser extensions monitor and control online activities, particularly access to SaaS applications, directly within the browser. • An agent (220) consisting of an event collection API. This agent software is installed on each user's device, monitoring real-time activities, including the use of SaaS applications. The data captured by the extensions is transmitted to a central API in real time, which aggregates it for further processing. • A proxy (230) acts as an intermediary between the user and the internet, intercepting and controlling web traffic to filter, analyze and block access to certain resources. • A secure enterprise browser (240) combining the classic features of a web browser (such as Chrome, Edge, or Firefox) with advanced security, management, and governance tools tailored to business needs. Unlike traditional browsers, enterprise browsers natively integrate data control and protection mechanisms for work environments. 2. SaaS Knowledge Base

[0076] This component (200) is responsible for maintaining a common taxonomy of SaaS applications, in order to facilitate the management and analysis of solutions deployed within the company. This database (300) contains detailed information on more than 40,000 SaaS applications: • Application catalog, of the type "ID (application identifier) ​​| URL | application name | functional domain | status (allowed or prohibited) | message to send (for prohibited applications) | ID of the alternative target application (for prohibited applications)". This comprehensive application catalog with metadata (publisher, category, security level, compliance, etc.) allows for comparison and filtering of solutions according to business needs. • Identification of redundancies and usage patterns: This sub-component analyzes the collected data and identifies redundant or underutilized applications within the company's software portfolio. This allows managers to streamline the tools used. 3. A data lake and a data analytics engine.

[0077] The data lake stores all user-generated data and observed SaaS applications. It forms the central basis for usage analysis: • User and SaaS data storage: All data collected by the tracking module (sessions, clicks, etc.) and application information are stored in a high-capacity and scalable Data Lake. • Data analysis engine: This engine allows for the processing of large volumes of data by performing behavioral analyses. It uses machine learning and advanced analytics techniques to detect usage patterns, trends, and potential risks (e.g., SaaS applications that do not comply with security standards). • Inter-company comparison: comparing the use of SaaS between millions of users and thousands of applications across different sectors provides benchmarks for companies to evaluate their effectiveness. 4. Security and Compliance Module

[0078] This module ensures that the SaaS applications used comply with internal company security and compliance standards and external regulations (e.g., GDPR): • SaaS compliance verification: • The module analyzes each application to verify if it complies with internal policies and regulatory standards (e.g., data security, encryption, access management). • Detection of risky behavior: Users can be monitored in real time to detect unusual behavior, such as the use of unauthorized applications or the sharing of sensitive data. This component triggers alerts when risks are detected. 5. User notification and interaction system (Real-Time Engagement):

[0079] This system is responsible for sending notifications or contextual messages to users in order to improve tool adoption and ensure compliance with usage: • Sending personalized messages: The system identifies the ideal time to send notifications (in real time, after a certain period of inactivity, etc.) and to the right users (e.g., experienced or novice users) • Real-time guidance: Recommendations can be sent to users to improve their productivity, help them use the tools effectively, or warn them when suspicious behavior is detected.

[0080] The digital messages (500) have a structure illustrated by the figure [Fig.3].

[0081] They include a notification window (510), the name of the prohibited application (501) associated with a text message (502) for example “The application you are using is not the one used in our company”, the name of the substitute application (503), associated with a text message (504) for example “You can use the following application instead”.

[0082] These messages (500) include real-time observation fields for an anomaly (510), a button (540) for redirection to the authorized application, and explanatory text (550) to raise employee awareness of company policies.

[0083] 6. Governance and reporting module:

[0084] This module provides the tools for the strategic management of SaaS applications to across the various departments of the company (IT, purchasing, finance, operations). It centralizes governance and facilitates decision-making: • Integration of additional data • Organizational data (Active Directory) • “Business Capability Map” of companies that come from architecture tools like LeanIX • Security data (e.g., upload and download volume for an application) that comes from security tools like Zscaler • License and cost management: The module tracks SaaS license expenses and identifies cost reduction opportunities by eliminating redundant or unused applications. • Alignment with business objectives: It ensures that the SaaS applications used meet the company's strategic objectives in terms of digital transformation, innovation, and cost optimization. • Dashboards: Decision-makers have access to dynamic dashboards that aggregate key data on SaaS application usage, compliance, security, and user performance. These tools facilitate decision-making and collaboration between departments (IT, business, procurement, finance).

[0085] The functional architecture is divided into several modules that interact to collect, analyze, secure, and manage an enterprise's SaaS applications. It relies on seamless integration between the various departments of the company and offers centralized data management and governance while ensuring security and compliance. Detailed description of the data collection module

[0086] The user data collection module plays a crucial role in the solution architecture, as it captures, processes, and transmits user interactions with SaaS applications in real time. This module is designed to provide granular visibility into the use of SaaS tools within an organization and is designed to be lightweight, secure, and scalable.

[0087] The data collection module consists of several interconnected functional sub-components that provide real-time monitoring of user activities in SaaS applications via browsers or other interfaces:

[0088] a) Browser Extension: The browser extension is installed on users' computers and functions as a local agent that collects information on the use of SaaS applications accessible via the browser. Developed, for example, in JavaScript, this extension operates independently of the operating system, thus ensuring compatibility with the main browsers (Chrome, Firefox, Edge, etc.). Its main functionalities are as follows: • User event capture: The extension monitors interactions such as clicks, text input, session duration, page visited (e.g., footer size, number of links in the footer, presence of login / logout buttons, connection-related vocabulary, login action via login URL) • Session tracking: It identifies user sessions by associating a unique identifier with users and tracking their activity throughout the duration of application use. • Data sending mechanism: Collected events are transmitted to a backend API in real time via secure HTTP requests. b) An event collection API is responsible for receiving data sent by extensions and preprocessing it before storing or sending it for analysis. It is, for example, built using robust web technologies. such as Node.js or Python (Flask / Django) to efficiently handle high-frequency requests. Its main features are as follows: • Data reception: Data is sent in JSON packets or via WebSockets, and the API ensures that it is received correctly. • Data validation: The API performs an initial data validation to verify format conformity, user session validity, and the integrity of transmitted data. • Event normalization: Before processing, events are normalized to facilitate their analysis. For example, clicks or keystrokes are translated into pre-formatted actions usable by downstream analysis engines. • Secure transmission: All communications between extensions and the API are encrypted via secure protocols such as TLS / SSL to ensure data confidentiality. c) A user session management system allows for the identification and tracking of user actions over time by linking collected events to specific user sessions. Its main functionalities are as follows: • User ID management: When a user logs into a SaaS application, a unique ID is assigned to them, which allows their interactions to be tracked over time without revealing their personal identity. • Session analysis: Sessions are analyzed to identify usage times, breaks, resumptions of activity, etc. • Multi-device recognition: If a user accesses SaaS applications from different devices, the system can merge associated events for a complete view. d) An event queuing and processing system ensures smooth and efficient collection of user events and prevents server overload by distributing the load. Message queue systems such as Apache Kafka or RabbitMQ can be used to manage incoming event streams. Their features include: • Event queuing: Events collected via the API are placed in a queue before being sent to the analytics engine. This allows for handling traffic spikes without impacting performance. • Asynchronous processing: Events are processed asynchronously, meaning they can be recorded and analyzed in delayed time without disrupting the user experience. The data lake and real-time analytics engine are designed to store and analyze collected events to gain insights into usage. SaaS applications. The data lake often relies on storage systems like Amazon S3, Azure Blob Storage, or Google Cloud Storage, while real-time analysis can be performed via tools like Apache Spark or Flink.

[0089] Each user event is logged in the data lake, enabling historical and comparative analysis. The behavioral analysis engine performs real-time analysis to identify specific patterns (e.g., long sessions, inactive users, experienced users). The data is scrutinized to detect unusual or risky behavior, such as unauthorized access to certain SaaS applications.

[0090] The preceding description concerns the management of applications running in the cloud (SaaS, or on-premises software) on users' computers. For other thick client-type applications installed on the workstation, this data collection would be carried out by an agent installed on the employees' workstations. For use on users' mobile phones or tablets, this data collection would be carried out by the native OS functionalities (This functionality makes it possible to measure the time spent on each application installed on the mobile device and on websites visited via the main browser). Data Flow and Operation

[0091] The operation of the data collection module can be broken down into several stages, from user interaction to data analysis:

[0092] Step 1: Monitoring and Event Capture. The user interacts with a SaaS application via their browser. The extension captures events such as clicks, mouse movements, data entries, page changes, errors, etc.

[0093] Step 2: Data Transmission. The collected events are immediately transmitted via HTTP POST or WebSocket calls to the collection API, which receives, validates, and structures them for later use.

[0094] Step 3: Session Management and Preprocessing. The API associates each event with a unique user session, validating that the user is authorized to access this SaaS application and applying security rules to ensure that events are correct and not manipulated.

[0095] Step 4: Queuing Events. Validated events are placed in a queue managed by a message queue system (Kafka or RabbitMQ). This allows events to be distributed among several processing workflows and avoids overload.

[0096] Step 5: Storage and Analysis. Once preprocessed, the events are sent to the data lake for long-term storage. Simultaneously, the real-time events real data is analyzed by algorithms to detect patterns of user behavior or security anomalies.

[0097] Step 6: Feedback and Notification. If abnormal behavior or inefficiency is detected (for example, a user is unable to use an application optimally), the system can trigger a real-time notification to the user or administrator to correct the problem. SaaS Knowledge Base

[0098] The SaaS Knowledge Base is a key component that centralizes, structures, and organizes information on thousands of SaaS applications used within an enterprise. This database is essential for effective application management, facilitating the identification of redundancies, compliance with standards, and optimization of application usage. The purpose of this database is to provide a comprehensive and structured taxonomy of SaaS applications, including metadata on each application (publisher, type, security, compliance, usage, etc.), to enable companies to better manage their software ecosystem.

[0099] The architecture is built around several layers and logical components, each having a specific role in the organization, collection, storage, and exploitation of data on SaaS applications.

[0100] The knowledge base is based on a hierarchical taxonomy that classifies SaaS applications according to several criteria. This taxonomy makes it possible to group applications by category, understand redundancies, and evaluate their relevance. - Basic categories: Application type (collaboration, finance, marketing, etc.). - Security levels: Classification of applications according to their security level (encryption, authentication, compliance with standards). - Compatibility with standards: Evaluation of the conformity of applications to regulatory standards (GDPR, SOC 2, ISO 27001, etc.).

[0101] Each application is described by a series of attributes, which go beyond simple classification and allow for a more refined evaluation. • Application name and publisher. • License type (free, freemium, paid). • Security (type of authentication, encryption, compliance with security standards). • Legal compliance (e.g., GDPR, HIPAA). • Compatibility with other systems (API integrations, connectors). • Popularity or usage within the company (number of users, frequency of use). • Redundancy: Identification of similar functionalities with other SaaS applications.

[0102] Information on SaaS applications comes from several sources: • Direct integrations: The API connects directly to SaaS services to collect metadata. • User contributions: Administrators and IT teams can enrich the database with data specific to their company or their own experiences on the use of applications. • Third-party providers: integration of external services that provide information on security standards or legal compliance of applications (e.g., sources such as TrustArc™ or SecurityScorecard™). • Automatic enrichment process to augment the information collected with external data, such as user reviews, security updates, or privacy policy changes.

[0103] Once the information is collected, it is indexed in the knowledge base to enable fast and efficient searching. Each application is associated with one or more indexes based on its characteristics (type, publisher, compliance, etc.). The knowledge base search engine allows users to filter and search for applications based on specific criteria (application type, compliance, etc.). It relies on full-text and semantic search algorithms.

[0104] Each application is rated according to specific criteria such as security, compliance, use in the company, or user feedback via a rating algorithm (in English "scoring") to classify applications and help companies choose the most appropriate ones. • Rating based on security practices (encryption, identity management, etc.). • Rating based on compliance with regulatory standards. • Evaluation of the ease of adoption by internal users within the company.

[0105] The invention allows administrators to compare similar applications to identify duplicates, the most efficient solutions or those that best meet security and compliance requirements.

[0106] The SaaS knowledge base relies on a relational database to store well-structured information, such as application metadata, category relationships, and security standards. Technologies such as PostgreSQL or MySQL can be used. • Tables and relationships: The relational database is organized into tables (applications, publishers, categories, etc.) linked together by foreign keys to guarantee the consistency of information. • NoSQL database (MongoDB, Cassandra): A NoSQL database can be used in addition to store less structured data such as usage event logs, user feedback, or evaluations based on real behaviors. • Usage log storage: Allows you to keep track of state changes, usage over time, or updates to SaaS applications.

[0107] The knowledge base is regularly updated to include new SaaS applications, security updates, or changes in compliance policies. These updates can come from the vendors themselves via APIs or information feeds. Enterprise customers can synchronize the knowledge base with their own internal SaaS databases to align the information with standards and actual business usage.

[0108] The knowledge base is accessible via a web portal where administrators can view, search, and analyze information about SaaS applications. This portal is built with modern frameworks (web frameworks) such as React™ or Angular™.

[0109] Data analysis engine: Architecture and Operation

[0110] The Data Analysis Engine is responsible for processing the data stored in the data lake. Its role is to perform large-scale analyses, identify patterns of user behavior, detect anomalies, and generate actionable reports for decision-makers.

[0111] The analytics engine relies on distributed data processing technologies to handle large volumes of data quickly and efficiently. The analytics engine may include machine learning algorithms (via Spark MLlib™) to detect patterns, such as security anomalies or usage trends of SaaS applications. For more advanced analytics, such as user segmentation or event prediction, deep learning frameworks (deep learning frameworks) may be integrated.

[0112] The analysis engine performs several types of analysis on the data collected in the data lake: • Behavioral analysis: Analysis of user interactions with SaaS applications to understand usage patterns, such as session duration, most frequently used applications, or deviant behaviors. • Comparative analysis: comparison of the use of a company's SaaS applications with industry benchmarks or with other similar companies to evaluate the performance and adoption of the tools. • Anomaly detection: Using machine learning techniques, the analysis engine can identify abnormal or risky behaviors, such as the use of unauthorized applications, unusual traffic spikes, or security violations. • Compliance and security analysis: The engine analyzes SaaS applications based on predefined security and compliance criteria. This allows for the identification of applications that do not comply with company security standards or that are potentially vulnerable.

[0113] Data processing follows several key steps: • Data ingestion: Data from the data lake is ingested by processing pipelines, which can be executed in batch or real-time as needed. • Data cleaning and transformation: Before being analyzed, the data is cleaned to eliminate errors or inconsistencies, and it is enriched with additional information from external sources (e.g., compliance or security updates). • Analysis and calculation: Analytical algorithms are run on the cleaned data to generate actionable insights. This can include descriptive analyses (past trends), predictive analyses (future forecasts), or prescriptive analyses (recommendations for action).

[0114] Results and visualization: The results of the analyses are stored in intermediate databases (Data Warehouse or NoSQL databases) and presented to users via interactive dashboards or automated reports.

[0115] To orchestrate analysis tasks and ensure a smooth processing flow, workflow management tools can be used. These tools allow for the automation of processes, the scheduling of recurring analyses, and the monitoring of analysis pipelines in real time. Description of an example implementation

[0116] When a user accesses an application on a workstation (browser or non-browser), the extension, and / or the local agent, and / or the proxy capture usage data. This data is then sent to the knowledge base, which determines whether the application complies with company policies. If it does not comply, the system triggers a contextual notification offering an authorized alternative.

[0117] Simultaneously, the analysis engine processes the collected data to identify redundant applications, calculate usage metrics, and detect abnormal behavior. If a SaaS application is underutilized or does not comply with security standards, an alert is sent to administrators, who can then adjust licenses and configurations to optimize resources. The following description, referring to the accompanying drawings, concerns the key elements of the invention for centralized, secure, and adaptable management of SaaS applications, reducing security risks, usage inefficiencies, and costs associated with underutilized licenses.

[0118] Figure [Fig.1] describes the key components and their interaction to ensure optimized and secure management of SaaS applications, as well as compliance with company policies.

[0119] The first key component is the data collection module (200) installed on each user's computer terminal (100). This data collection module (200) includes a browser extension software component (210). Extensions (210) are installed on users' browsers (100) to monitor online activities, particularly access to SaaS applications. These extensions (210) record user events such as click metrics (pointer position, timestamp, duration, etc.), session duration, and specific interactions with each application.

[0120] Alternatively, the data collection module (200) can be implemented by a software agent (220) installed locally on each workstation (100) to capture user interactions in real time and compile data on the use of SaaS applications.

[0121] Another alternative implementation of the data collection module (200) is to use an intermediate proxy (230) to filter and analyze web traffic to identify accessed applications. It blocks access to non-compliant applications or applies access restrictions according to defined policies.

[0122] A second key component of the invention is the Applications knowledge base (300). This knowledge base (300) groups all known SaaS applications of the company, segmented by functional domains (such as videoconferencing, project management, file sharing). It makes it possible to identify and classify standard, prohibited, and tolerated applications by functional domain.

[0123] Each application is associated with metadata, including URL, usage policy and notification preferences, enabling the system to compare real-time usage with company standards.

[0124] The third key component of the invention is a digital record of corporate policies for applications (400), associating each application with Numerical indicators are used to determine which applications are standard, tolerated, or prohibited. For example, if a video conferencing application is standard, it will be preferred, while others will be tolerated or blocked depending on the company's needs.

[0125] The fourth key component of the invention is the notification settings system (500). This notification settings system (500) is integrated to send contextual messages based on the use of the SaaS applications. If a user accesses an unauthorized application, a notification is triggered, redirecting the user to a standard application.

[0126] The notification can be configured to appear after a certain period of use or when abnormal behavior is detected. It includes redirection options, a message explaining the reasons for the restriction, and a link to the compliant application.

[0127] The fifth key component of the invention is the data analysis engine (600) which centralizes the collected data to track application usage behavior. Using detection algorithms, the engine identifies redundant applications, underutilization, and security anomalies. It also compares usage data with internal and external benchmarks to optimize the company's SaaS configuration.

[0128] The sixth key component of the invention is the Real-Time Notification Module (700). Based on the results of the analysis, the system sends real-time notifications to users or administrators. For example, if a user uses a prohibited application, a pop-up window reminds them of the company policy and offers a redirection to a standard application.

[0129] Notifications are customizable and include clear messages to guide users in complying with company policies. These notifications appear in the browser or on the workstation as needed. Technical contribution of the invention

[0130] The invention aims to automate the governance and adoption of SaaS applications in real time and continuously by capturing real-time application usage data, identifying redundancies, and detecting anomalies. The invention optimizes the use of computing resources and improves system security. This processing enables more efficient workload distribution and proactive protection against deviant behavior, thus producing an additional technical effect in terms of security and performance.

[0131] The technical modules provided for in the implementation of the process, such as browser extensions, the data collection API, the analysis engine, and the real-time notification servers, play a crucial technical role. These elements, integrated In the management architecture, these elements are directly responsible for the real-time collection and analysis of user interactions, enabling the detection of usage patterns that would be impossible to identify without an automated system. They provide a centralized and automated management system for SaaS applications, with proactive responses to security incidents. The method of the invention addresses several specific technical problems, including the overload of IT resources due to redundant applications, the lack of visibility into actual SaaS usage, and the security risks associated with using unvalidated applications. By providing an integrated solution that monitors, analyzes, and optimizes SaaS usage in real time, the invention offers an effective technical response to execution, security, and compliance issues, exceeding the standard capabilities of SaaS software.

[0132] Furthermore, the combined architecture—including data collection modules, an advanced analytics engine, and a notification system—contributes to the overall effect by enabling automated monitoring and optimized management of SaaS applications. These technical features are not limited to simple software execution but form an interconnected whole that produces a concrete technical effect: safer and more optimized operation of SaaS resources within the enterprise.

[0133] Furthermore, the steps of the invention (capturing usage data in real time, analyzing the data to identify deviant or inefficient behavior, and notifying users accordingly) provide a specific technical solution to the challenges of managing SaaS in enterprise environments. These features go beyond traditional SaaS management methods, adding a capacity for adaptation and resource optimization that is not evident from the current state of the art.

Claims

Demands

1. - A method for managing software used on a plurality of computer terminals (100) used by a community of users belonging to an entity applying security policies, each of the computer terminals having a means of user authentication (210, 220), characterized in that it comprises the following steps: • Installation on each of said computer terminals of a data collection module (200) configured to monitor in real time the interactions of users with a plurality of SaaS applications; • Recording of usage references of said applications in a knowledge base (300); • Data collection including the capture of application usage data, including the identification of the applications used;• Analysis of said data collected via a data analysis engine (600) to: • Real-time identification of the applications used by each user, • Detect anomalies compared to application usage references, • Generation of real-time notifications (700) according to application usage, configured to send personalized electronic messages to said users' computer terminals, said notification being triggered in case of abnormal behavior or to optimize application use • said notification commanding the masking of a part of the graphical interface display area corresponding to the application that caused said notification generation.

2. - A method for managing applications according to claim 1, characterized in that said data comprises at least some of the events consisting of click metrics, session durations, data inputs, and interactions with specific features of SaaS applications captured by browser extensions (210) and the software agent (220).

3. - A method for managing software as a service according to claim 1 characterized in that it comprises a preliminary step of configuring a data lake to store said data collected on said computer terminals.

4. - A method for managing software as a service according to the preceding claim, characterized in that the data stored in said data lake is encrypted at rest and in transit to ensure the security and confidentiality of the information collected.

5. - A software-as-a-service management method according to claim 1 characterized in that said data collection module is an API.

6. - A method for managing software as a service according to claim 1 characterized in that said data analysis step is carried out by an analysis engine performing the processing to: • perform behavioral analyses on the use of SaaS applications by users, • identify redundant or under-used applications, • detect anomalies in the use of SaaS applications, and • compare the performance of SaaS applications to external benchmarks;

7. - A method for managing software as a service according to the preceding claim, characterized in that said data analysis engine is configured to execute machine learning algorithms to identify usage patterns, unusual user behavior, or vulnerabilities in SaaS applications.

8. - A method for managing software as a service according to claim 6, characterized in that said data analysis engine is configured to perform comparative analyses between the performance of similar SaaS applications used in the enterprise and in other organizations, in order to provide industry benchmarks.

9. - A method for managing software as a service according to claim 1 characterized in that said data collected on said computer terminals are recorded in a data lake.

10. - A software-as-a-service management method according to the preceding claim, characterized in that said data lake is configured to organize the data into several zones, comprising: - a zone for the raw storage of the collected data, - a zone for the storage of the data after cleaning and transformation, - a zone for the storage of the data ready to be analyzed.

11. - A method for managing software as a service according to claim 1 characterized in that said notification system is configured to send contextual notifications based on predefined rules, such as prolonged use of a SaaS application, a security policy violation, or insufficient adoption of a new application.