Notifications
Clear all
Topic starter
09/06/2026 11:45 pm
TL;DR: SaaS management platforms are moving from app inventory into access governance because Zluri says modern teams need to know not just which apps exist, but who uses them, at what permission level, and whether that access should exist at all. That shift makes SaaS discovery an identity problem, not only a cost problem.
NHIMG editorial — based on content published by Zluri: SaaS Management Top 20 SaaS Management Platforms [2026]
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams govern SaaS app sprawl without losing access visibility?
A: Security teams should connect SaaS discovery to entitlement data, lifecycle state, and usage telemetry.
Q: Why do SaaS platforms need to sit near identity governance instead of finance only?
A: Because SaaS spend and SaaS access are now tightly coupled.
Q: How can organisations reduce Shadow AI risk in SaaS environments?
A: Organisations should treat AI app adoption as a governed access path, not just a software choice.
Practitioner guidance
- Map SaaS discovery to entitlement state Require each discovered app to carry user, role, permission level, and lifecycle status so inventory can support access review decisions rather than just procurement visibility.
- Treat Shadow AI as governed access Route unsanctioned AI app findings through the same approval, monitoring, and exception workflow used for shadow IT, including policy checks for data handling and account provenance.
- Automate reclamation from usage and offboarding signals Tie license downgrade or revocation actions to inactivity thresholds, joiner-mover-leaver events, and recertification outcomes so stale access does not persist after business need changes.
What's in the full article
Zluri's full blog post covers the operational detail this post intentionally leaves for the source:
- Platform-by-platform feature comparisons for SaaS discovery, spend optimisation, and security monitoring
- Vendor-specific notes on how each tool handles license reclamation, renewal workflows, and app categorisation
- The article's scoring style and customer rating snapshots for shortlisting options
- Implementation-oriented descriptions of integrations and admin workflows that matter during tool selection
👉 Read Zluri's roundup of top SaaS management platforms for 2026 →
SaaS app sprawl and governance gaps: what IAM teams miss?
Explore further
10/06/2026 2:13 am
Visibility without entitlement context is not governance. A SaaS inventory can tell you how many applications exist, but it cannot tell you whether access is still justified, whether an account is dormant, or whether permissions exceed the user's current role. That distinction is central to OWASP-NHI and NIST CSF thinking because unmanaged access is the control failure, not app sprawl alone. The practitioner takeaway is simple: SaaS governance must evaluate entitlement state, not just application presence.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: What should teams do when unused SaaS licenses keep accumulating?
A: They should automate reclamation based on actual usage, then align those actions to offboarding and recertification events. If a license is inactive, but the account still exists, the problem is not cost alone. It is persistent access that no longer has a business need.
👉 Read our full editorial: SaaS management platforms expose the IAM gap behind app sprawl
