Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

SaaS app management lifecycle: what identity teams need to fix


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: SaaS sprawl, poor utilisation, and inconsistent offboarding create operational, compliance, and security risk across discovery, onboarding, training, promotion, and retirement, according to Zluri. The underlying issue is not tooling alone but governance discipline: who owns each app, who can access it, and how unused software is removed safely.

NHIMG editorial — based on content published by Zluri: Do You Know Your SaaS Stack?

By the numbers:

Questions worth separating out

Q: How should organisations govern SaaS applications across their lifecycle?

A: They should govern SaaS as a lifecycle, not a purchase.

Q: Why do SaaS stacks create identity governance risk?

A: SaaS stacks create risk because access, ownership, and retirement are often managed separately.

Q: What breaks when SaaS offboarding is handled by procurement alone?

A: Access revocation, data handling, and integration shutdown are usually missed when procurement treats offboarding as a contract task.

Practitioner guidance

What's in the full article

Zluri's full article covers the lifecycle detail this post intentionally leaves at a governance level:

  • How the SaaS App Management Lifecycle maps to discovery, try and buy, onboarding, training, promotion, and offboarding.
  • Why decentralised software purchasing creates centralised governance problems for identity and compliance teams.
  • How organisations can think about utilisation tracking and software retirement as part of lifecycle control.
  • The article's framing of SaaS as a business case for coordinated management across technology, finance, procurement, and security.

👉 Read Zluri's framework for managing the SaaS app lifecycle →

SaaS app management lifecycle: what identity teams need to fix?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Lifecycle control, not point-in-time procurement, is the real SaaS governance problem. The article shows that discovery, onboarding, training, promotion, and offboarding form one continuous control surface. That matters because identity risk in SaaS rarely starts at purchase and rarely ends at cancellation. Practitioners should treat SaaS lifecycle governance as a standing identity programme, not a one-time review.

A few things that frame the scale:

  • 80% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows how quickly lifecycle blind spots become identity blind spots.

A question worth separating out:

Q: How do you know if SaaS lifecycle management is working?

A: You can tell it is working when every application has an owner, access is tied to approved use, utilisation is reviewed, and retirement removes both access and residual trust. If the organisation can answer who uses each app and who is accountable for it, lifecycle governance is probably maturing.

👉 Read our full editorial: SaaS app management lifecycle exposes the identity governance gap



   
ReplyQuote
Share: