Notifications
Clear all
Topic starter
12/06/2026 8:58 pm
TL;DR: CFO-focused SaaS spend optimisation often depends on discovery, renewal, and usage visibility, because hidden subscriptions and duplicate tools can drain budgets and obscure who actually has access, according to Zluri. The identity lesson is that software spend management and access governance are now inseparable across human, NHI, and workload estates.
NHIMG editorial — based on content published by Zluri: Best Practices 3 Strategies For CFOs To Optimize Software Spend
Questions worth separating out
Q: How should teams stop SaaS subscriptions from auto-renewing after business need ends?
A: Tie every renewal to a named owner who must confirm active usage, business purpose, and approved budget before the deadline.
Q: Why does SaaS spend visibility matter to IAM teams?
A: Because the same lack of visibility that hides duplicate or unused subscriptions also hides stale access, orphaned app accounts, and unmanaged integrations.
Q: What do organisations get wrong about unused SaaS licenses?
A: They treat unused licenses as a cost issue only, when they are often a sign that access was never revalidated after role changes or project completion.
Practitioner guidance
- Link renewal review to access recertification Require owners to confirm business need, active users, and entitlement tier before any auto-renewal is approved.
- Reconcile app usage with assigned licenses Compare feature usage, user activity, and department allocation to identify over-provisioned seats.
- Treat shadow IT as shadow access Track unsanctioned applications alongside the identities and integrations they create.
What's in the full article
Zluri's full best-practices article covers the operational detail this post intentionally leaves for the source:
- Nine discovery methods for surfacing SaaS applications, including identity providers, finance systems, directories, and browser extensions.
- Examples of renewal-calendar alerts and timing controls that help teams act before contracts auto-renew.
- Usage-based tiering and seat reallocation examples that show how the platform maps consumption to spend reduction.
- Procurement negotiation examples using ZOPA and BATNA that are useful once a team moves from governance to vendor discussion.
👉 Read Zluri's best practices on optimising SaaS spend →
SaaS spend visibility: what it means for IAM and access control?
Explore further
12/06/2026 10:44 pm
SaaS spend leakage is often a lifecycle failure, not just a procurement inefficiency. The article shows the same root cause repeating across hidden spend, auto-renewal, and unused licenses: no one is forcing a fresh business justification at the point access persists. That is a classic governance lapse because software ownership, entitlement ownership, and budget ownership have drifted apart. Practitioners should treat uncontrolled renewals as evidence of weak identity lifecycle discipline, not isolated finance noise.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- The same report found that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which shows how quickly app sprawl becomes identity sprawl.
A question worth separating out:
Q: Who should be accountable for SaaS renewal and access decisions?
A: The business owner who requested the app should own the renewal decision, while IAM or IGA teams should verify that the users, entitlements, and approvals still match current need. Finance can supply the spend data, but accountability should sit with the person closest to the operational use case.
👉 Read our full editorial: SaaS spend control exposes hidden identity and access risk
