Notifications
Clear all
Topic starter
12/06/2026 9:01 pm
TL;DR: SaaS sprawl creates redundant applications, unmanaged access, surprise renewals, and shadow apps that weaken security and inflate cost, according to Zluri. The governance problem is not just tool count, but the lack of visibility, ownership, and offboarding discipline across SaaS access.
NHIMG editorial — based on content published by Zluri: SaaS Management Symptoms of an Unoptimized SaaS Stack (+ Solutions)
By the numbers:
- 69% of workers waste 32 days per year just navigating workplace applications.
- 71% of millennials have admitted to using unapproved apps at least a few times a year.
- 51% of the applications that use Java scripts have at least one vulnerability.
Questions worth separating out
Q: What breaks when SaaS applications are not centrally inventoried?
A: When SaaS applications are not centrally inventoried, organisations lose the ability to connect access to ownership, data location, and lifecycle state.
Q: Why do shadow apps create both security and compliance risk?
A: Shadow apps create security and compliance risk because they sit outside approved procurement, monitoring, and lifecycle processes.
Q: How can security teams know if SaaS access reviews are working?
A: Access reviews are working only if the organisation can verify the full app inventory, the owner for each app, the current users, and the data exposure.
Practitioner guidance
- Build a complete SaaS inventory first Inventory every application, the business owner, the access method, the data it touches, and the renewal date.
- Make offboarding remove SaaS access by default Automate license suspension, account deprovisioning, and app-specific revocation when a worker leaves or changes roles.
- Eliminate duplicate tools through sanctioned standardisation Approve a small set of preferred collaboration and business apps, then retire overlapping subscriptions where users have created parallel stacks for the same use case.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- Practical examples of redundant SaaS apps and how teams identify overlap during audits
- Operational suggestions for automating onboarding, offboarding, and renewal notifications
- Tactics for consolidating SaaS data flows across business units without losing local usability
- The vendor's own workflow-oriented approach to SaaS discovery and monitoring
👉 Read Zluri's analysis of symptoms of an unoptimized SaaS stack →
SaaS stack sprawl: what IAM teams need to fix first?
Explore further
12/06/2026 10:49 pm
Unoptimized SaaS stacks are identity governance failures before they are cost problems. The article describes redundant apps, abandoned subscriptions, and surprise renewals, but the deeper issue is that access becomes detached from ownership. Once app choice is decentralised, IAM loses a reliable record of who should have access, who approved it, and when it should end. That is why SaaS sprawl should be treated as part of the identity control surface, not as a procurement nuisance.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity governance starts from incomplete inventory.
A question worth separating out:
Q: Who should own SaaS app lifecycle decisions when business units self-procure tools?
A: Business units should own the business justification, but IAM and IT should own the control framework that governs access, offboarding, and renewal. That split prevents uncontrolled procurement while still keeping accountability close to the users who rely on the tool. A named owner should be mandatory before approval or renewal.
👉 Read our full editorial: Unoptimized SaaS stacks expose identity and access governance gaps
