SaaS management blind spots: what IAM teams need to fix

TL;DR: Six common SaaS management mistakes, from spreadsheet tracking and legacy SAM reliance to manual provisioning, weaken visibility, compliance, and access control in environments averaging 1,250 SaaS applications, according to Zluri. The real risk is not spend inefficiency but unmanaged identity and governance drift across apps and users.

NHIMG editorial — based on content published by Zluri: 6 SaaS Management Mistakes to Avoid

By the numbers:

• An average mid-size business uses 1250 SaaS applications.
• 75% of those with Flexera paid $3M-$10M in audit fees in just the past year.
• Only 20% said their focus is security, risk, and governance.

Questions worth separating out

Q: How should security teams govern SaaS applications across the identity lifecycle?

A: Security teams should govern SaaS as part of identity lifecycle management, not as a separate procurement exercise.

Q: Why do spreadsheets fail as a control for SaaS governance?

A: Spreadsheets fail because they cannot keep pace with frequent application changes, entitlement movement, and ownership shifts.

Q: What do organisations get wrong about SAM and CASB for SaaS control?

A: They assume tools built for software counting or cloud monitoring can replace identity governance.

Practitioner guidance

• Replace spreadsheet inventory with automated discovery Use discovery methods that reconcile application ownership, active users, and subscription status continuously so access and procurement decisions are based on current data, not manual updates.
• Separate licence management from entitlement governance Keep SAM and CASB outputs for what they do well, but establish a SaaS governance process that owns application access, user entitlement review, and revocation decisions.
• Automate joiner-mover-leaver workflows across SaaS apps Trigger provisioning and deprovisioning from authoritative identity events so account creation, access changes, and removal happen consistently across high-risk applications.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

• How the SaaS discovery model is applied across app sprawl, ownership, and user access.
• The procurement and policy checks that determine whether an app should be approved, restricted, or removed.
• The practical differences between manual provisioning, automated provisioning, and offboarding in SaaS operations.
• The specific ways Zluri frames its employee app store and discovery approach for implementation teams.

👉 Read Zluri's blog on the six SaaS management mistakes to avoid →

SaaS management blind spots: what IAM teams need to fix?

Explore further

View Full Forum →  |  NHI Foundation Course →