SaaS sprawl and shadow IT: what identity teams need to govern

TL;DR: SaaS adoption is making software faster and cheaper to deploy, but Zluri argues that the resulting sprawl also creates shadow IT, duplicate apps, and governance gaps that expose security, compliance, and cost risk. The real control problem is no longer software procurement alone, but who can approve, monitor, and retire access across the expanding app estate.

NHIMG editorial — based on content published by Zluri: IT teams, SaaS, and the next big revolution

Questions worth separating out

Q: How should security teams govern SaaS sprawl without slowing business adoption?

A: Security teams should govern SaaS sprawl by linking app approval to identity ownership, lifecycle review, and offboarding requirements.

Q: Why does SaaS growth create identity governance risk?

A: SaaS growth creates identity governance risk because every new application adds another access boundary, another admin path, and another set of credentials to track.

Q: What do teams get wrong about shadow IT in SaaS environments?

A: Teams often treat shadow IT as a procurement issue, but it is really a governance issue.

Practitioner guidance

• Inventory SaaS applications by identity dependency Create a current register of sanctioned and unsanctioned apps, then map each one to business owner, admin owner, human access, and non-human connections.
• Embed offboarding into app retirement workflows Require every SaaS retirement or renewal decision to include removal of user access, service accounts, API keys, and delegated tokens.
• Extend recertification beyond employee access Include SaaS admins, privileged app owners, OAuth grants, and machine credentials in access reviews.

What's in the full article

Zluri's full blog post covers the broader software-revolution argument and the SaaS management framing this post intentionally leaves for the source:

• The article's historical analogy across industrial, computing, information, and software revolutions.
• Zluri's own explanation of how SaaS management platforms fit the procurement and governance model.
• The specific business case the vendor makes for reducing budget waste and automating IT tasks.
• The source article's product-oriented context around onboarding and safe offboarding.

👉 Read Zluri's blog post on SaaS growth, shadow IT, and identity governance →

SaaS sprawl and shadow IT: what identity teams need to govern?

Explore further

View Full Forum →  |  NHI Foundation Course →