SaaS sprawl: how subscriptions become invisible IT debt
Dozens of SaaS services in a company are not just a budget problem. They are an architectural issue that affects security, data, and manageability.
When a company is small, SaaS services are a genuine benefit. You connect a tool in five minutes - no servers, no IT department, no lengthy approval. The team moves faster.
Three years later the company has 80 people and 60 active SaaS subscriptions. Nobody quite remembers why some of them were started. Some are charged to the credit card of a department head who left. Some have employees logging in with company data without telling anyone.
This is called SaaS sprawl, and it has several measurable consequences.
Three kinds of problems it creates
The first is financial. Research shows that companies actively use 30-40% of the SaaS tools they pay for. The rest is either duplicated functionality or services that stopped being used but were never cancelled. For a company of 100 people, this can be several thousand dollars per month with no visible return.
The second is security. Every SaaS service is another entry point for company data. When an employee connects a new tool with their corporate email and uploads work documents, that data moves outside the controlled IT infrastructure. When the employee leaves, their access to that service persists until someone manually revokes it. Usually nobody does.
The third is operational. When company knowledge is spread across dozens of poorly integrated tools, productivity falls. People spend time searching for information and switching contexts. A new employee struggles to find where anything lives.
Why this happens systemically
SaaS sprawl is a structural problem, not a result of team disorganisation. It happens because the decision to connect a new tool is made locally (a department sees a problem and finds a solution), while the costs are distributed across the organisation (data, security, money).
Centralised control - "everything goes through IT" - also fails; it creates a bottleneck and slows teams down.
The right answer is somewhere in between: a lightweight approval process with a minimal set of required checks.
What makes sense to do
Run an inventory. A list of all active SaaS services, with a named owner, the data that flows into each one, and the budget. This often produces unexpected findings.
Introduce a minimal process for adding new tools. Not a multi-page approval, but three questions: what problem does this solve, what data will flow into it, who is the owner? That takes five minutes but creates visibility.
Tie access to employee identity. If services are connected through corporate SSO (single sign-on), revoking access when someone leaves becomes automatic.
Hold a quarterly review. Once a quarter, look at the list and ask a simple question: who used this in the last 90 days? What can be switched off?
A simple question for self-assessment
Can you name all the SaaS services where your company's data is stored or processed - right now?
If the answer is uncertain, that is already a signal. Not an emergency, but a task that deserves one focused day of work.