Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

SaaS sprawl and shadow subscriptions: what IAM teams miss


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: More than 30% of SaaS spend is wasted each year, according to Zluri research, while the post argues that unused, duplicate, and abandoned subscriptions also create security and compliance drag as SaaS adoption accelerates. The practical issue is not just cost control. It is governance over app access, lifecycle, and entitlement cleanup before shadow subscriptions become shadow identities.

NHIMG editorial — based on content published by Zluri: The Story of Forgotten Subscriptions & the Birth of Zluri

By the numbers:

Questions worth separating out

Q: How should security teams govern SaaS subscriptions that are no longer in use?

A: Treat unused subscriptions as active identity assets until they are formally removed.

Q: Why do forgotten subscriptions create more than just financial waste?

A: Because an unused subscription can still hold live authentication links, delegated admin rights, or connected data access.

Q: What do organisations get wrong about SaaS inventory management?

A: They often track licences without tracking access.

Practitioner guidance

  • Build a governed SaaS inventory Record every subscription with a business owner, technical owner, renewal date, authentication method, and revocation path.
  • Tie offboarding to application removal When an employee leaves or a team changes tools, remove the subscription assignment, disable linked logins, and revoke any delegated admin access.
  • Run periodic access recertification on SaaS apps Review high-value applications on a fixed cadence to confirm usage, ownership, and necessity.

What's in the full article

Zluri's full blog post covers the personal story and SaaS-management framing this post intentionally leaves for the source:

  • The founder's step-by-step reasoning from personal subscription waste to a SaaS management business case
  • The product framing around subscription monitoring, unused app discovery, and business-user SaaS oversight
  • The operational detail behind why mid-market and enterprise teams struggle with SaaS record-keeping
  • The original discussion of compliance and scalability concerns in SaaS-heavy environments

👉 Read Zluri's story on forgotten subscriptions and SaaS management →

SaaS sprawl and shadow subscriptions: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

SaaS sprawl is really entitlement sprawl. Once subscriptions outnumber the team that owns them, the governance problem is no longer procurement alone. Access and ownership drift apart, and that creates conditions where dormant applications still retain active identity paths. The implication is that SaaS management must be treated as an access governance discipline, not a finance hygiene exercise.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
  • Only 79% of organisations have experienced secrets leaks, and 77% of those incidents caused tangible damage.

A question worth separating out:

Q: How can teams tell whether SaaS sprawl is becoming an identity governance problem?

A: Look for mismatches between application count, active usage, and revocation speed. If apps keep renewing after adoption falls, if ownership is unclear, or if offboarding does not remove access quickly, SaaS sprawl has moved from cost inefficiency to governance exposure. That is the point where IAM and procurement must act together.

👉 Read our full editorial: SaaS sprawl and forgotten subscriptions are creating identity risk



   
ReplyQuote
Share: