Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Google Workspace licenses and SaaS sprawl: what IAM teams miss


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: Google Workspace license waste, duplicate SaaS apps, abandoned subscriptions, and auto-renewal drift increase cost and create compliance risk when ownership and offboarding are weak, according to Zluri. The governance issue is broader than spend control: unowned software and stale access patterns blur identity accountability across human and non-human programmes.

NHIMG editorial — based on content published by Zluri: SaaS Management How to Optimize your Google Workspace Licenses

By the numbers:

Questions worth separating out

Q: How should security teams govern SaaS licenses as part of identity management?

A: Security teams should treat SaaS licensing as a lifecycle issue, not a pure finance task.

Q: Why do abandoned SaaS apps create security risk?

A: Abandoned apps create risk because access, data, and renewal obligations can outlive the original business purpose.

Q: What breaks when renewal decisions are made without usage data?

A: Renewals made without usage data usually preserve waste and hide entitlement drift.

Practitioner guidance

  • Link SaaS discovery to access ownership Build a single inventory that ties each application to a named owner, an alternate owner, and the identities that can still access it.
  • Use usage telemetry to drive rightsizing Compare active usage against purchased tier by department, not just at the company level, then downgrade when the higher tier is no longer justified.
  • Make offboarding close the loop Require termination checks for users, integrations, and linked accounts as part of every offboarding workflow.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

  • Step-by-step ways to eliminate duplicate SaaS applications with overlapping use cases.
  • Detailed examples of license rightsizing across Google Workspace tiers and broader SaaS estates.
  • Operational renewal calendar settings for contract and payment reminders.
  • Offboarding checks for closing accounts, terminating subscriptions, and assigning app ownership.

👉 Read Zluri's guide on optimising Google Workspace licenses and SaaS sprawl →

Google Workspace licenses and SaaS sprawl: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

License sprawl is an identity problem before it is a cost problem. The article focuses on wasted spend, but the deeper issue is that duplicate apps and unused licenses often indicate broken entitlement ownership. Once a SaaS estate is large enough, the security risk is not just that the organisation overpays, but that no one can reliably answer who still has access, why, or under whose authority. That is an IGA failure mode as much as a procurement one, and it should be treated as such.

A few things that frame the scale:

  • 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to the Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which is why entitlement inventory and ownership mapping remain foundational controls.

A question worth separating out:

Q: Who should own the termination of SaaS access and subscriptions?

A: Ownership should sit with the application owner, but it must be enforced through the offboarding process, not informal handoffs. Finance, IT, and security each see part of the problem, yet no single team can safely close the loop without a recorded owner and a verified termination step.

👉 Read our full editorial: Google Workspace license optimisation exposes the SaaS governance gap



   
ReplyQuote
Share: