SaaS sprawl and renewal leaks are driving avoidable spend waste

At a glance

What this is: This is Zluri's case for using SaaS discovery, usage monitoring, and renewal controls to reduce waste in sprawling application estates.

Why it matters: It matters because SaaS spend control increasingly depends on identity visibility, app ownership, and lifecycle discipline across human access, licences, and machine-connected app usage.

By the numbers:

• According to Gartner's report, end-user spending has reached $482 billion in 2022 and will exceed 45% by 2026.
• 254 SaaS apps

👉 Read Zluri's analysis of SaaS spend management and renewal waste

Context

SaaS sprawl is a governance problem as much as a finance problem. When application growth outpaces visibility, organisations lose track of who owns which subscriptions, which teams are actively using them, and which renewals are draining budget without adding operational value. For identity teams, that creates a parallel control issue because application access, licence allocation, and offboarding are tied together.

The article uses Zluri's spend-management story to argue for better discovery, usage tracking, and renewal oversight. The underlying pattern is familiar to IAM and IGA practitioners: once app ownership becomes fragmented, unused access persists, renewals default to auto-repeat, and budget leakage becomes hard to reverse quickly.

Key questions

Q: How should organisations reduce SaaS spend without losing business capability?

A: Start with application discovery, then validate which tools are actually used, which are duplicated, and which renewals are automatic. Reduce spend by rightsizing licences, consolidating overlapping apps, and requiring named owners to approve retention before a contract rolls over. The goal is to remove waste, not to cut tools that support core workflows.

Q: Why do unused SaaS licences keep creating cost even when teams stop using the app?

A: Because subscription renewals continue unless someone actively intervenes. If ownership is unclear, the contract renews, the licence remains allocated, and the organisation keeps paying for capacity that no longer produces value. This is a lifecycle failure, not just a budgeting issue.

Q: What is the most reliable way to spot SaaS spend waste in a large organisation?

A: Look for gaps between purchased licences, active users, and feature adoption, then compare those figures across departments. High-spend teams with low engagement, duplicate tools with overlapping functions, and apps with no recent usage are the clearest signals that spend is leaking through poor governance.

Q: Who should be accountable for cancelling unused SaaS tools before renewal?

A: A named business owner should be accountable, with IT or IAM providing usage evidence and procurement enforcing the contractual deadline. If accountability sits only in finance or only in the business unit, renewal risk usually persists because no one owns the decision end to end.

Technical breakdown

SaaS discovery and the identity signal behind app sprawl

SaaS discovery is the process of finding the applications actually in use across an organisation, including shadow IT and duplicated tools. The identity angle matters because SSO, finance feeds, APIs, endpoint data, and browser telemetry each reveal different parts of the same access picture. If discovery is incomplete, app inventory, licence ownership, and user entitlement data all become unreliable, which makes spend optimisation guesswork rather than governance. The article points to a multi-source discovery model that tries to collapse those blind spots into one view.

Practical implication: inventory apps from identity, finance, and endpoint signals before you attempt any cost takeout program.

Usage monitoring and licence rightsizing

Usage monitoring measures whether licences are actually being consumed, how often users return to an app, and whether feature adoption justifies the tier being paid for. In SaaS estates, the problem is not only unused accounts but over-provisioned packages and departments buying overlapping tools with similar functions. Rightsizing means aligning licence counts and feature tiers to real demand, then removing dormant subscriptions and duplicate products. Without that discipline, organisations pay for capacity they never convert into business value.

Practical implication: tie renewal decisions to usage data, not purchase history or vendor defaults.

Renewal calendars and contract control

Renewal control is a lifecycle discipline, not a reminder exercise. The risk comes from auto-renewals, missed notice periods, and contract terms that hide cost increases until the organisation is already committed. Renewal calendars create a review point before obligations harden, giving owners time to challenge unused subscriptions, renegotiate terms, or exit contracts cleanly. For identity and access teams, this is the same governance logic used in leaver handling and access recertification: if nothing forces a review, standing commitments continue by default.

Practical implication: create pre-renewal review gates with named owners, usage evidence, and cancellation authority.

NHI Mgmt Group analysis

SaaS spend leakage is an identity governance problem disguised as procurement waste. The article shows that app discovery, licence ownership, and user usage are all part of the same control surface. When those records are split across finance, IT, and line-of-business buyers, organisations lose the ability to connect access to value. The practitioner conclusion is that SaaS cost control belongs in the identity operating model, not only in procurement.

Auto-renewal creates standing entitlement debt. An unused app that keeps renewing behaves like an entitlement that was never deprovisioned. The underlying failure mode is not the contract itself but the absence of a lifecycle checkpoint that forces review before commitment rolls forward. The practitioner conclusion is that renewal governance should be treated as part of access and asset lifecycle management.

App redundancy is identity blast radius at the procurement layer: every duplicate app expands the number of users, permissions, and renewals that must be governed. That sprawl weakens accountability because no single owner can easily prove which tool is authoritative for which team or workflow. The practitioner conclusion is to treat overlapping SaaS as a control consolidation problem, not just a budget line.

Usage data is only useful when it is tied to decision rights. The article implicitly shows that dashboards alone do not reduce spend. A control only changes outcomes when app owners can act on the data by removing licences, consolidating tools, or terminating renewals. The practitioner conclusion is to align usage evidence with formal approval paths for cancellation and downsizing.

MoEngage's savings illustrate a common pattern, not an exception. When a company centralises its SaaS view, it often discovers that fragmentation was masking both excess spend and weak coordination. That is why the governance lesson scales beyond one customer story: visibility unlocks action, but only if responsibility for renewal and ownership is explicit. The practitioner conclusion is to formalise that ownership before cost pressure exposes the gap.

From our research:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• For the lifecycle angle behind this spend story, see NHI Lifecycle Management Guide for the offboarding and review discipline that SaaS renewals often lack.

What this signals

App sprawl now behaves like a lifecycle problem, not a tooling problem. When licences, renewals, and ownership are fragmented, the organisation is already carrying entitlement debt. That debt shows up first as budget waste, then as access drift, and finally as a governance gap that no dashboard can solve on its own.

The next control maturity step is to merge SaaS cost management with identity governance, because app rightsizing and access review are converging in practice. Teams that already manage leavers, recertification, and privileged access have the operating model to extend into subscription lifecycle decisions.

With 96% of organisations storing secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, hidden software estates are only one part of the exposure problem. The broader lesson is to pair SaaS inventory with the same discipline used in NIST Cybersecurity Framework 2.0 govern and identify functions.

For practitioners

• Build a single SaaS inventory from multiple signals Combine SSO, finance, API, endpoint, and browser telemetry so app ownership and usage are verified from more than one source.
• Rightsize licences on observed usage, not procurement history Use 60-day engagement, active-user counts, and feature consumption to reduce overbuying and downgrade unused tiers before renewal.
• Assign named renewal owners for every material subscription Give each high-value contract one accountable owner who can review usage, approve cancellation, and negotiate terms before auto-renewal triggers.
• Consolidate overlapping tools into one authoritative app set Map duplicate applications by department and workflow, then remove the versions that do not have a clearly defined business owner.
• Set pre-renewal review gates for high-spend apps Require usage evidence, contract terms, and business justification to be reviewed before notice windows close on critical subscriptions.

Key takeaways

• SaaS sprawl becomes a governance failure when no one can prove which applications are still delivering value.
• The article's evidence points to a familiar leak pattern, where low usage and auto-renewals quietly convert growth into avoidable spend.
• Identity, procurement, and lifecycle ownership need to work together if organisations want to cut waste without creating operational gaps.

Key terms

• SaaS Sprawl: SaaS sprawl is the uncontrolled growth of software subscriptions across teams, departments, and workflows. It becomes a governance issue when no single function can reliably track ownership, usage, renewals, and duplication, which leads to wasted spend and inconsistent access oversight.
• Licence Rightsizing: Licence rightsizing is the process of matching paid software tiers and seat counts to actual usage. It reduces waste by comparing active users, feature consumption, and business need, then adjusting subscriptions before auto-renewal or contract extension locks in avoidable cost.
• Renewal Governance: Renewal governance is the practice of requiring review and approval before software contracts automatically continue. It connects ownership, usage evidence, and financial oversight so unused applications can be cancelled, downgraded, or renegotiated before they become standing cost commitments.
• Shadow IT: Shadow IT is software or services adopted outside formal procurement, security, or identity governance processes. It usually appears when business users can buy and connect tools quickly, but it creates risk because the organisation loses visibility into access, data exposure, and recurring spend.

Deepen your knowledge

NHI governance, identity lifecycle management, and workload identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or operational governance, it is worth exploring.

This post draws on content published by Zluri: SaaS Management SaaS Spend Management: How Zluri Helps IT Leaders Deal with Budget Cuts? Read the original.