SaaS contract sprawl and shadow IT: what IAM teams miss

TL;DR: SaaS contract management helps organisations centralise renewals, ownership, and compliance for sprawling software estates, while Zylo data cited by Zluri shows enterprises average over 600 SaaS applications and 204 renewals a year. The deeper issue is identity sprawl: contracts, access, and offboarding must be governed together, or shadow IT and unused licences keep compounding risk.

NHIMG editorial — based on content published by Zluri: Vendor Management SaaS Contract Management, an in-depth guide

By the numbers:

• On average, enterprise businesses have over 600 SaaS applications, according to Zylo data.
• Organisations encounter an average of one SaaS application renewal each business day, summing up to 204 renewals annually.

Questions worth separating out

Q: How should security teams govern SaaS contracts that also create access risk?

A: Treat SaaS contracts as part of the identity lifecycle, not just procurement.

Q: Why does SaaS sprawl make identity governance harder?

A: Because each additional application adds another set of users, permissions, integrations, and renewal points that can fall out of sync.

Q: What breaks when SaaS renewals are managed without access review?

A: Renewals become spend decisions with no governance checkpoint.

Practitioner guidance

• Link contract ownership to application ownership Assign a named business owner and technical owner for every SaaS contract, and require both to approve renewals, terminations, and scope changes so access and spend do not drift apart.
• Use renewal dates as governance checkpoints Treat each renewal as a mandatory review of usage, licence count, integrations, and offboarding status before the contract is extended again.
• Centralise SaaS discovery and access records Maintain one inventory that combines applications, contracts, users, and connected identities so shadow IT does not hide unmanaged access or duplicate tooling.

What's in the full article

Zluri's full guide covers the operational detail this post intentionally leaves for the source:

• Practical steps for centralising SaaS contract records across procurement, IT, and finance teams.
• Workflow ideas for renewal alerts, usage checks, and licence rightsizing before contracts auto-renew.
• Guidance on using contract metadata to reduce duplicate applications and hidden SaaS sprawl.
• Suggested process elements for aligning ownership, collaboration, and compliance across the SaaS lifecycle.

👉 Read Zluri's guide to SaaS contract management and renewal control →

SaaS contract sprawl and shadow IT: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →