Google Workspace licenses and SaaS sprawl: what IAM teams miss

TL;DR: Google Workspace license waste, duplicate SaaS apps, abandoned subscriptions, and auto-renewal drift increase cost and create compliance risk when ownership and offboarding are weak, according to Zluri. The governance issue is broader than spend control: unowned software and stale access patterns blur identity accountability across human and non-human programmes.

NHIMG editorial — based on content published by Zluri: SaaS Management How to Optimize your Google Workspace Licenses

By the numbers:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

Questions worth separating out

Q: How should security teams govern SaaS licenses as part of identity management?

A: Security teams should treat SaaS licensing as a lifecycle issue, not a pure finance task.

Q: Why do abandoned SaaS apps create security risk?

A: Abandoned apps create risk because access, data, and renewal obligations can outlive the original business purpose.

Q: What breaks when renewal decisions are made without usage data?

A: Renewals made without usage data usually preserve waste and hide entitlement drift.

Practitioner guidance

• Link SaaS discovery to access ownership Build a single inventory that ties each application to a named owner, an alternate owner, and the identities that can still access it.
• Use usage telemetry to drive rightsizing Compare active usage against purchased tier by department, not just at the company level, then downgrade when the higher tier is no longer justified.
• Make offboarding close the loop Require termination checks for users, integrations, and linked accounts as part of every offboarding workflow.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

• Step-by-step ways to eliminate duplicate SaaS applications with overlapping use cases.
• Detailed examples of license rightsizing across Google Workspace tiers and broader SaaS estates.
• Operational renewal calendar settings for contract and payment reminders.
• Offboarding checks for closing accounts, terminating subscriptions, and assigning app ownership.

👉 Read Zluri's guide on optimising Google Workspace licenses and SaaS sprawl →

Google Workspace licenses and SaaS sprawl: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →