SaaS sprawl and shadow IT: what IAM teams need to fix first

TL;DR: SaaS management platforms help IT teams recover visibility, reduce redundant apps, manage licenses and contracts, and surface security risk across a growing SaaS stack, including shadow IT and unauthorized access attempts, according to Zluri. The deeper issue is not software sprawl alone, but the identity and governance gaps that appear when access, usage, and lifecycle controls are fragmented.

NHIMG editorial — based on content published by Zluri: 5 reasons why you need a SaaS management platform

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: How should security teams govern SaaS sprawl across identity and procurement workflows?

A: They should build one control view that connects discovery, ownership, licensing, and access review.

Q: Why does SaaS sprawl create identity risk as well as cost waste?

A: Because unmanaged applications often carry active user access, delegated permissions, and stored data even when no one is tracking them centrally.

Q: How do teams know whether SaaS governance is actually working?

A: Look for decreasing counts of unmanaged applications, fewer duplicate tools, shorter renewal exceptions, and a tighter match between licensed seats and active users.

Practitioner guidance

• Correlate SaaS discovery across identity, finance, and app telemetry Build a single inventory that reconciles SSO logs, identity provider records, expense data, and direct app integrations so unmanaged applications can be identified without manual chasing.
• Link license reviews to access reviews Use unassigned and underused licenses as a trigger to confirm whether the underlying access should be removed, reassigned, or recertified.
• Prioritise high-risk applications by data authority Rank SaaS apps by what they can read, modify, or delete, and start with services that touch sensitive shared data or critical business systems.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step walkthrough of the nine discovery methods used to build a SaaS inventory across SSO, finance, integrations, and browser signals
• Interface-level examples showing where license, subscription, contract, and perpetual views are surfaced for operational users
• Detailed screenshots and field-level examples of the security and compliance tabs, including events, data shared, compliance, and security probes
• Renewal alert timing and contract management mechanics that procurement teams can use to avoid unwanted renewal cycles

👉 Read Zluri's article on why SaaS management platforms matter for IT teams →

SaaS sprawl and shadow IT: what IAM teams need to fix first?

Explore further

View Full Forum →  |  NHI Foundation Course →