TL;DR: As headcount, devices, SaaS accounts, and access requests grow, spreadsheet-led IT management creates data gaps, orphaned accounts, privilege creep, and audit pain, while JumpCloud cites 83% of former employees retaining access to previous employer accounts and a $4.9 million average breach cost. The core issue is not tooling convenience but the collapse of a single source of truth for identity and device governance.
NHIMG editorial — based on content published by JumpCloud: why spreadsheets hold IT back as companies grow
By the numbers:
- 83% of former employees retain access to accounts from their previous employer.
- 17.3 hours a week , almost half the work week, for knowledge workers in small and medium businesses.
Questions worth separating out
Q: What breaks when IT teams manage access in spreadsheets?
A: What breaks first is accuracy, then enforcement.
Q: Why do manual IT processes create privilege creep?
A: Manual processes create privilege creep because access changes happen in slow, human-driven steps and revocation is easy to miss.
Q: How do teams know if spreadsheet-based asset tracking is failing?
A: A clear signal is when onboarding, offboarding, and audit preparation all depend on searching multiple files, emails, and notes to reconstruct the current state.
Practitioner guidance
- Replace spreadsheet-based entitlement tracking Move user, device, and application records into a controlled system that can update access state as people join, move, and leave.
- Automate offboarding and access revocation Link leaver events to account disablement, application revocation, and device recovery so access removal does not depend on a manual checklist.
- Run access reviews against live entitlement data Use recertification workflows that compare approved access with current role and device state.
What's in the full article
JumpCloud's full article covers the operational detail this post intentionally leaves for the source:
- How the vendor frames the move from spreadsheets to centralized IT administration for growing organisations
- Specific examples of onboarding, provisioning, and audit pain that support the article's operations argument
- The vendor's own description of a unified identity, access, and device management model
- The downloadable eBook angle on scaling IT foundations beyond manual checklists
👉 Read JumpCloud's article on why spreadsheet-based IT management breaks at scale →
Spreadsheet IT management: what it means for access and audit risk?
Explore further
Spreadsheets create identity governance drift because they cannot keep pace with lifecycle change. Once identity, device, and application records are updated manually, the control plane falls behind the actual state of access. That drift shows up first as onboarding delays and later as missing revocations, stale permissions, and inconsistent evidence. The practical conclusion is that governance fails when the record cannot move at the speed of the identity lifecycle.
A few things that frame the scale:
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when access revocation is missed after offboarding?
A: Accountability sits with the identity and IT governance function that owns the lifecycle process, not with the spreadsheet itself. The organisation needs a named control owner, explicit revocation steps, and evidence that leaver access is removed before the account remains active in downstream systems.
👉 Read our full editorial: Spreadsheet-based IT governance breaks down as companies scale