SaaS renewals and the governance gap teams keep missing

TL;DR: SaaS renewal management is presented as a way to reduce waste, avoid missed renewals, and tighten visibility across subscription portfolios, according to Zluri. The deeper issue for identity and access teams is that renewal discipline is a lifecycle control problem, because unused entitlements, shadow IT, and auto-renewals all reveal weak ownership and review processes.

NHIMG editorial — based on content published by Zluri: SaaS Management SaaS Renewal Management, a guide to optimizing SaaS renewals

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• Only 5.7% of organisations have full visibility into their service accounts.
• 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.

Questions worth separating out

Q: How should organisations govern SaaS renewals in a mature identity programme?

A: Treat SaaS renewals as a lifecycle control, not just a finance process.

Q: Why do SaaS renewals create identity governance risk?

A: Because renewals keep software, data access, and integrations alive by default unless someone actively intervenes.

Q: What do teams get wrong about SaaS usage review?

A: They often treat usage review as a budgeting exercise instead of a governance signal.

Practitioner guidance

• Build a single renewal system of record Link each SaaS contract to a business owner, technical owner, renewal date, usage profile, and data sensitivity rating so renewals are never decided from spreadsheets alone.
• Require evidence-based renewal review Before any auto-renewal can proceed, require current usage data, active user counts, and a justification for keeping the subscription in service.
• Fold renewals into access recertification Review applications that provide user access or hold sensitive data through the same lifecycle governance cadence used for access reviews and offboarding.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• A step-by-step walkthrough of manual, SAM-based, and SaaS management approaches to renewal handling.
• Detailed examples of how renewal calendars, alerts, and prioritisation reduce missed deadlines and overspend.
• Practical guidance on categorising renewals into replace, eliminate, or retain decisions based on usage and value.
• Contract-level discussion of auto-renewal clauses, negotiation points, and benchmarking tactics used during renewal conversations.

👉 Read Zluri's guide to SaaS renewal management and renewal optimisation →

SaaS renewals and the governance gap teams keep missing?

Explore further

View Full Forum →  |  NHI Foundation Course →