New CIO reviews IT expenses. Accounting sends a list of payments to software vendors: 180 different vendors. CIO asks IT: “Do we have an inventory of these tools?” IT has a list of 60 approved applications. Where are the remaining 120? Marketing bought their own tools. Sales has their own. HR purchased something on a corporate card. Shadow IT - applications IT doesn’t know exist.

Research shows that the average mid-sized company (500-2000 employees) uses 200-400 SaaS applications. Large corporations - over 1000. IT is aware of maybe half of them. The rest is shadow IT - tools bought by business departments without IT’s knowledge and approval.

Consequences? Duplicate tools (3 departments paying for different project management apps). Unused licenses (50 seats purchased, 20 active). Security risk (unverified applications with access to data). Compliance gaps (GDPR, industry regulations). And simply wasted money - estimates say 20-30% of SaaS spend is waste.

What is SaaS sprawl and why is it hard to control?

“The average organization uses 130+ SaaS applications but only actively utilizes 60% of their subscriptions.”

Snow Software, SaaS Management Report 2024 | Source

Decentralization of purchasing decisions. SaaS is easy to buy - credit card, 5 minutes, done. You don’t need IT, you don’t need procurement, you don’t need approval. Marketing Manager decides they need a new email marketing tool - they buy it themselves.

Free tiers and trials converting to paid. Developer starts with free Slack workspace. Team grows, needs grow, upgrade to paid. IT finds out when accounting asks “what’s this invoice?”

Low per-seat cost hides total spend. “$10/user/month - that’s nothing!” - says the department head. But 10 × 500 users × 12 months = $60,000/year. Many small subscriptions add up to significant spend.

Employee-led adoption. Employees bring tools they know from previous jobs, from personal use. “I used Notion at my previous company, I’ll set up a workspace here.”

Rapid SaaS market growth. Thousands of new SaaS apps every year. For every need there are 10 options. Easy to start using a new tool without central coordination.

IT doesn’t want to be a bottleneck. IT knows that blocking everything frustrates business. So they don’t block - but they lose visibility.

What are the real consequences of uncontrolled SaaS?

Financial waste. Duplicate apps (Asana + Trello + Monday in different departments). Unused licenses (30% seats never logged in). Auto-renewals (contracts renew automatically, no one verifies). Estimates: 20-30% SaaS budget is waste.

Security exposure. Unverified applications with access to corporate data. OAuth connections to Google/Microsoft accounts. Data exfiltration vectors. Phishing targets (fake SaaS login pages).

Compliance violations. GDPR requires knowing where personal data is - but if you don’t know what apps you use, you don’t know where data is. Industry regulations (HIPAA, PCI-DSS) have requirements for software vendors - unverified SaaS may violate.

Integration chaos. 20 different apps storing customer data. No single source of truth. Manual data transfer between systems. Integration maintenance nightmare.

Shadow IT risk upon employee departure. Employee leaves. Had admin on 5 SaaS apps IT doesn’t know about. Accounts remain, access remains, no one knows they need to be closed.

Vendor risk concentration. Without inventory you don’t know that 40% of your data is with one vendor. If vendor has breach, outage, or bankruptcy - impact may be bigger than you think.

How to discover the entire SaaS landscape in the organization?

Financial analysis. Start with payments: all expenses from corporate cards, all invoices from software vendors, all recurring charges. Accounting/Finance has this data.

SSO/Identity provider analysis. If you use Okta, Azure AD, Google Workspace - check OAuth apps, SAML integrations, connected apps. This will show apps that are authentication-integrated.

Network traffic analysis. CASB (Cloud Access Security Broker) tools see traffic to SaaS apps. Netskope, Microsoft Defender for Cloud Apps, Zscaler can do discovery automatically.

Browser extension / endpoint analysis. Some SaaS management tools have browser extension that reports apps used. Endpoint agents see what’s installed/running.

Employee surveys. Ask people: “What tools do you use for work?” Not ideal (depends on honesty and memory) but gives signal.

SaaS Management Platforms. Zylo, Productiv, Torii, Vendr - tools that automate discovery through integration with SSO, expense systems, and other methods.

Contract/procurement audit. All signed agreements with software vendors. May be dispersed across departments - need to gather centrally.

How to categorize and prioritize discovered SaaS?

Tier 1 - Business Critical. Apps without which the company can’t function. Core infrastructure: email, collaboration (Slack/Teams), CRM, ERP. Highest priority for: security review, contract management, disaster recovery.

Tier 2 - Department Essential. Apps key for specific functions: marketing automation for marketing, IDE for developers, HRIS for HR. Important but localized impact.

Tier 3 - Productivity/Nice-to-have. Apps that increase productivity but aren’t mission-critical: note-taking apps, diagramming tools, project management for small teams. Lower priority.

Tier 4 - Unknown/Unapproved. Shadow IT. Apps discovered that haven’t been verified. Priority for: security assessment, decide keep/replace/remove.

Classification criteria:

  • Data sensitivity (what data does it store?)
  • User count (how many people use it?)
  • Business criticality (what happens if it disappears?)
  • Spend (how much does it cost?)
  • Risk (security, compliance)

How to rationalize the SaaS portfolio?

Identify duplicates. 3 project management tools? Choose one, migrate, cancel the rest. Criteria: feature fit, user adoption, price, integration capability.

Rightsize licenses. 100 licenses, 60 active users = 40 to reduce. Analyze usage data, reduce seats, renegotiate.

Consolidate vendors. 5 tools from 5 vendors vs. suite from one (Microsoft 365, Google Workspace) - consolidation can give: volume discount, simpler management, better integration.

Eliminate unused apps. Apps with zero or minimal usage for 6+ months - cancel. Watch out for seasonal apps (tax software used once/year).

Standardize by function. “For project management we use X, not Y, not Z.” Policy + enforcement. Grandfather existing projects, no new ones on non-standard.

Sunsetting process. Before cancellation: communicate to users, ensure data export, provide transition path to approved alternative, set deadline.

How to build governance for future SaaS purchases?

Intake process. Single point of entry for SaaS requests. Form: what app, why needed, how many users, what data, what budget, who owns.

Evaluation checklist:

  • Security assessment (vendor security practices, certifications)
  • Privacy review (GDPR compliance, DPA)
  • Integration capability (SSO, API)
  • Existing alternatives check (do we already have something similar?)
  • Cost-benefit analysis
  • Contract terms review

Approval workflow. Based on risk/spend tier:

  • Low risk, low spend (<$500/mo): Self-service with registration
  • Medium: IT review required
  • High: IT + Security + Legal + Procurement

Preferred vendor program. Pre-approved vendors/apps. “If you need project management, choose from this approved list.” Faster approval for approved apps.

Budget ownership. Clear budget owner for each SaaS. Owner responsible for renewal decisions, usage optimization.

Regular review cadence. Quarterly: review new apps added. Annually: full portfolio review - what to keep, consolidate, eliminate.

How to implement a SaaS Management Platform?

Discovery integration. Connect to: SSO (Okta, Azure AD), finance systems (NetSuite, QuickBooks), expense management (Expensify, SAP Concur). Platform automatically discovers apps.

Usage tracking. Browser extension for deeper usage analytics. Who uses what, how often, which features. Differentiates “license exists” from “license used”.

Contract management. Central repository of all SaaS contracts. Renewal dates, terms, pricing, contacts. Alerts before renewal.

Optimization recommendations. Platform identifies: unused licenses, duplicate apps, better pricing available, contract approaching renewal.

Workflow automation. Request → Approval → Provisioning → Deprovisioning workflows. Integration with HR systems (new hire = provision apps, termination = deprovision).

Reporting & dashboards. Total SaaS spend, spend by department, usage trends, compliance status, renewal calendar.

Leading platforms: Zylo, Productiv, Torii, Vendr (more procurement focused), BetterCloud, Zluri.

How to negotiate better SaaS terms at renewal?

Know your leverage:

  • Multi-year commitment for discount
  • Volume (more seats = lower per-seat price)
  • Case study / reference customer value
  • Competitive alternatives (real or potential)

Timing. Start renewal conversations 3-6 months before expiry. Last-minute = no leverage. Early = vendor has time to offer deals.

Usage data as leverage. “We’re paying for 200 seats, only 140 are active. Either reduce to 150 or give us 25% discount.” Hard data strengthens position.

Market benchmark. What are others paying? Vendr, Spendflo, Vertice provide benchmark data. “We know market rate for this is X, you’re charging Y.”

Bundle/consolidation leverage. “If we bring these 3 tools to you, what’s the package deal?” Vendor prefers larger deals.

Annual vs. monthly. Annual prepay typically gets 15-20% discount vs. monthly. If cash flow allows.

Terms to negotiate beyond price:

  • Billing terms (net 30 vs. upfront)
  • Auto-renewal opt-out
  • Price lock for future years
  • Termination for convenience
  • Data portability at end of contract

How to measure SaaS management program success?

Financial metrics:

  • Total SaaS spend (trend)
  • SaaS spend per employee
  • Realized savings (from optimization actions)
  • Cost avoidance (from better negotiations, eliminating waste)

Operational metrics:

  • Number of approved vs. shadow IT apps
  • Time to provision new app
  • License utilization rate (used/purchased)
  • Contract renewal on-time rate

Risk metrics:

  • % apps with completed security review
  • % apps with GDPR compliance verified
  • Number of apps with no designated owner

User metrics:

  • Employee satisfaction with tool availability
  • Time spent on manual data transfer between apps
  • Adoption rate of standard tools

Governance metrics:

  • % requests going through proper intake
  • Average time from request to decision
  • Policy compliance rate

Table: SaaS Management Maturity Model

LevelCharacteristicCapabilitiesKey ActionsMetrics
1 - Ad HocNo visibility, shadow IT rampantNoneManual spend auditUnknown
2 - AwarePartial inventory, reactive discoveryFinancial analysis, basic trackingConsolidate financial data, initial discoveryTotal known apps
3 - ManagedCentralized inventory, basic governanceSaaS management tool, intake processDeploy SMP, establish governance% apps in inventory, savings identified
4 - OptimizedUsage-based optimization, mature processesUsage analytics, automated workflowsRightsize licenses, automate provisioningUtilization rate, cost avoidance
5 - StrategicSaaS as strategic capability, continuous optimizationPredictive analytics, full automationPortfolio alignment with business strategyValue delivered per $ spent

SaaS sprawl is a challenge that grows every year. Without proactive management, costs grow, risks grow, and chaos deepens. Good news: with the right tools and processes, you can regain control and realize real savings.

Key takeaways:

  • Discovery is the first step - you can’t manage what you don’t see
  • Shadow IT is a symptom, not the problem - people buy because they need
  • Rationalization requires categorization - not all apps are equal
  • Governance must balance control with agility - don’t block, direct
  • Usage data is key to optimization - seats ≠ usage
  • Renewal is an opportunity for savings - negotiate with data
  • SaaS Management Platform is an enabler, not the goal - process comes first

A typical company can reduce SaaS spend by 20-30% through proper management. This isn’t marginal improvement - it’s meaningful savings at enterprise scale.

ARDURA Consulting offers Software Asset Management services including SaaS management, discovery, optimization, and governance. We help companies regain control over distributed subscriptions and realize savings. Contact us to discuss SaaS management in your organization.