SaaS sprawl and asset visibility: what IAM teams are missing

TL;DR: ITAM gaps let shadow SaaS, weak access oversight, and poor renewal discipline create security, compliance, and cost risk as organisations scale, according to Zluri. The underlying issue is not tool shortage but governance drift across discovery, access, and lifecycle control.

NHIMG editorial — based on content published by Zluri: IT Teams Top 4 ITAM Challenges And Solutions to Overcome Them

By the numbers:

• The platform integrates with 300+ apps and gives teams an overview of app cost, department usage, and renewal updates.

Questions worth separating out

Q: How should security teams reduce SaaS sprawl without creating more governance overhead?

A: Start with a single authoritative inventory, then attach ownership, access, and renewal data to each application.

Q: Why do unused SaaS apps become security risk even if nobody is actively using them?

A: Unused apps often still retain valid identities, permissions, and integrations.

Q: How do organisations know whether SaaS usage data is good enough for governance decisions?

A: Usage data is good enough when it can support a specific action, such as renewal, restriction, or retirement, without manual reconciliation.

Practitioner guidance

• Map every SaaS app to an accountable owner Require a named business owner, a technical owner, and a removal path for every application in inventory so no app remains unowned at renewal or offboarding.
• Tie renewal decisions to usage telemetry Use active usage, last-access data, and department demand to decide whether an app should be renewed, restricted, or retired before the contract date arrives.
• Unify app approval and access review Connect procurement, entitlement approval, and access recertification so that apps cannot remain approved without a current access justification.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• The full breakdown of Zluri's nine discovery methods for SaaS inventory and where each method fits in practice.
• Specific workflow examples for onboarding, offboarding, approvals, and app store-style access control.
• Contract and renewal alert mechanics, including the timing of reminders before renewals and payments.
• Examples of how usage metrics support licence reduction, app retirement, and negotiation planning.

👉 Read Zluri's analysis of the top ITAM challenges affecting SaaS governance →

SaaS sprawl and asset visibility: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →