Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

SaaS sprawl and access control: what IAM teams need now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: The underlying issue is not adoption alone but the governance burden that comes with sprawling SaaS access and usage, as Zluri says it raised $10 million in Series A funding led by MassMutual Ventures to expand SaaS discovery, manage integrations, and automate control of increasingly complex application estates, with more than 100 customers added in 2021 and 300-plus direct integrations reported.

NHIMG editorial — based on content published by Zluri: Miscellaneous SaaS Management Platform Zluri raises $10M led by MassMutual Ventures

By the numbers:

Questions worth separating out

Q: How should teams govern SaaS sprawl without losing access visibility?

A: Start with discovery, then tie every application to an owner, an identity source, and a review cadence.

Q: Why does SaaS growth create identity risk for IAM and IGA teams?

A: Because each new application introduces another place where identities, roles, and delegated access can drift out of sync with policy.

Q: How do organisations know whether SaaS automation is actually reducing risk?

A: Measure whether automated workflows are removing stale access faster than it is created, whether exceptions are tracked, and whether review outcomes are reconciled back into the source systems.

Practitioner guidance

  • Inventory the full SaaS estate before expanding automation Use discovery to identify every business app, then classify each one by owner, authentication path, and integration type so hidden access paths do not survive the onboarding process.
  • Map every SaaS application to a lifecycle owner Assign responsibility for joiner-mover-leaver handling, access reviews, and offboarding at the application level so no service can remain outside governance because ownership is unclear.
  • Validate integration depth before using a platform as a control source Check that each connector exposes users, admins, roles, and connection types, not just app presence, so review and remediation decisions are based on actionable identity data.

What's in the full analysis

Zluri's full article covers the operational detail this post intentionally leaves for the source:

  • The specific funding breakdown and investor context behind the Series A round
  • Zluri's own descriptions of product capability areas, including discovery, management, optimisation, security, and automation
  • Customer names and growth claims that show how the vendor positions its SaaS management platform
  • The company narrative on how it plans to expand in Asia and North America

👉 Read Zluri's Series A funding update and SaaS management expansion plans →

SaaS sprawl and access control: what IAM teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

SaaS sprawl is now an identity governance problem, not a procurement problem. The article frames scale in terms of application growth, but the real operational burden lands on access control, ownership, and review. When every new app adds another identity boundary, the programme requirement shifts from buying software to governing a changing access graph. Practitioners should treat SaaS visibility as a governance dependency, not an inventory exercise.

A few things that frame the scale:

  • 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity governance still starts from incomplete inventory.

A question worth separating out:

Q: What is the difference between SaaS management and SaaS governance?

A: SaaS management focuses on inventory, spend, and operational coordination. SaaS governance focuses on who can access each application, how that access is reviewed, and whether lifecycle events remove it on time. Organisations need both, but governance is the layer that determines whether access remains under control.

👉 Read our full editorial: Zluri's $10m funding spotlights SaaS governance pressure



   
ReplyQuote
Share: