SaaS sprawl and shadow IT: what identity teams are missing

TL;DR: SaaS sprawl, shadow IT, and inconsistent tracking practices are widespread across industries, with security and compliance now treated as the main concerns, according to Zluri’s survey of 157 tech leaders. The pattern matters because unmanaged SaaS adoption expands the identity surface, weakens onboarding and offboarding, and makes least privilege harder to enforce.

NHIMG editorial — based on content published by Zluri: SaaS Management How Different Industries Manage SaaS: A Data-Backed Study

By the numbers:

• Gartner says 30 to 40% of enterprise spending goes to Shadow IT.
• 52% of these industries track the data manually through dashboards within the SaaS application itself.
• 80% of the surveyors have said they don't use any tool to track their SaaS usage.

Questions worth separating out

Q: How should security teams govern SaaS sprawl across business units?

A: Security teams should govern SaaS sprawl by tying every application to an owner, an access method, and a lifecycle review.

Q: Why do SaaS sprawl and shadow IT create IAM risk?

A: They create IAM risk because each unmanaged application introduces another identity system, another set of privileges, and another place where access can persist after need changes.

Q: What breaks when SaaS access is tracked only with spreadsheets and dashboards?

A: Governance breaks because those tools can describe usage but cannot enforce ownership, entitlement review, or deprovisioning.

Practitioner guidance

• Build a complete SaaS identity inventory Create one authoritative list of SaaS applications, business owners, access methods, admin roles, and connected integrations.
• Separate licence management from entitlement review Review who can actually do what inside each SaaS application, including privileged roles, support access, and API connections.
• Automate offboarding across SaaS renewals Link leaver processes to application ownership and renewal events so access is removed when usage ends or contracts change.

What's in the full article

Zluri's full research covers the benchmarking detail this post intentionally leaves for the source:

• Industry-by-industry breakdowns of SaaS consumption, budgeting, and vendor churn.
• Survey data on how different sectors track SaaS usage and where manual processes still dominate.
• Detailed comparisons of the most desirable SaaS management features across finance, healthcare, software, and telecommunications.
• The article's sector-specific concerns around security, compliance, shadow IT, and vendor transparency.

👉 Read Zluri's survey on how industries manage SaaS sprawl →

SaaS sprawl and shadow IT: what identity teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →