There is a version of enterprise technology that CIOs and IT leaders describe in strategy documents and board presentations. It has a coherent architecture, governed procurement processes, and a clearly managed portfolio of approved tools that serve defined business needs. And there is the version that actually exists in most large organisations, where dozens or hundreds of SaaS applications have been acquired by individual teams, departments, and individuals through corporate cards and expense accounts, outside any central visibility, governance, or approval process.
The gap between those two versions is what the industry calls SaaS sprawl, and in 2026 it has become one of the most commercially significant and most poorly managed problems in enterprise technology. Research consistently shows that large organisations are running significantly more SaaS applications than their IT departments know about. The average enterprise in 2024 used more than a hundred and thirty distinct SaaS tools, and the typical IT team had visibility into fewer than half of them. The tools they could not see were still generating licence costs, data flows, integration dependencies, and security exposure that sat entirely outside the governance framework.
This blog examines why SaaS sprawl has got worse rather than better despite years of awareness of the problem, what the real commercial and governance consequences are, and what a genuinely effective approach to SaaS estate management looks like for enterprise organisations in the second half of 2026.
Why SaaS Sprawl Has Got Worse in 2026
The forces driving SaaS sprawl have not weakened. If anything, they have intensified. The ease of SaaS procurement has continued to increase, with more tools available on free trial or freemium models that convert to paid subscription without triggering a formal purchasing event. AI-powered SaaS tools have proliferated at a rate that makes the earlier wave of productivity and project management SaaS look modest by comparison. Every functional team in a large organisation now has access to AI writing tools, AI data analysis tools, AI coding tools, and AI workflow automation tools that can be purchased with a credit card in under five minutes.
The budget availability for shadow IT has also grown. In many organisations, individual team budgets have absorbed more technology spending responsibility as central IT has moved toward a platform and enabling model rather than a service delivery model. Teams that previously needed IT approval to buy software now have the budget authority and the procurement pathways to acquire SaaS tools independently. The governance gap is structural, not accidental.
The post-pandemic hybrid working model has reinforced this dynamic. Teams that are geographically distributed and working asynchronously have a strong practical incentive to adopt the specific tools that their particular team members find most useful, regardless of whether those tools are on the approved list. The friction of raising a central procurement request and waiting for approval feels disproportionate when the alternative is a thirty-second credit card transaction.
Zylo’s annual SaaS Management Index is one of the most comprehensive data sources on enterprise SaaS sprawl, documenting application counts, spend levels, utilisation rates, and governance maturity across thousands of organisations. Their Zylo SaaS Management Index and enterprise SaaS sprawl research provide the benchmarking context that helps organisations understand whether their SaaS estate is typical for their size and sector, or whether the governance gap is significantly wider than average and therefore an above-average commercial and security risk.
The Real Costs of SaaS Sprawl
The commercial cost of SaaS sprawl is straightforward to understand but difficult to quantify without visibility into the full SaaS estate. There are four distinct financial impacts that collectively make SaaS sprawl one of the most significant sources of unnecessary enterprise technology spend.
The first is direct duplication. When multiple teams independently purchase tools that perform similar functions, the organisation pays for the same capability multiple times. Organisations that have audited their SaaS estates typically find multiple project management tools, multiple document collaboration tools, multiple video communication tools, and multiple analytics tools all in active use by different teams. The consolidation savings from eliminating this duplication, while not effortless to achieve, are typically material.
The second is licence waste within individual tools. SaaS subscriptions are frequently provisioned on a per-user basis, and when users leave the organisation or change roles, their SaaS licences are often not reclaimed. The same joiner-mover-leaver process failures that create waste in Microsoft 365 and Salesforce licences apply to the entire SaaS portfolio, but with less visibility because the shadow IT tools are not connected to the central identity management and provisioning processes that would catch these cases automatically.
The third cost is security and compliance exposure. SaaS applications that access organisational data, process customer information, or integrate with core business systems create data governance obligations that shadow IT tools are rarely meeting. GDPR and other privacy regulations require the organisation to understand where customer data flows and to maintain appropriate contractual protections with data processors. Shadow IT tools are almost by definition outside this compliance framework.
The FinOps Foundation’s resources on SaaS cost governance provide practical frameworks for organisations building the financial accountability structures needed to bring shadow IT spend under commercial control without eliminating the business agility that makes team-level SaaS procurement attractive. Their FinOps Foundation SaaS governance and cost management frameworks address the cultural and process dimensions of SaaS sprawl management, including the accountability models and shared responsibility frameworks that allow organisations to govern SaaS cost without recreating the central IT bottlenecks that drove shadow IT adoption in the first place.
Why Central IT Cannot Solve This Alone
A common organisational response to SaaS sprawl is to reassert central IT control, tightening procurement approval processes and attempting to block unapproved SaaS purchases. This approach has a consistent track record of failure. Teams that find the approved tool list inadequate for their needs will find ways around procurement controls. The shadow IT problem goes underground rather than disappearing, becoming more expensive to manage and more dangerous from a governance perspective because teams become incentivised to be less transparent about their tool usage.
The more effective response is to reduce the friction of compliant SaaS procurement while increasing visibility of non-compliant acquisition. This means creating a streamlined, low-friction process for teams to request and access approved SaaS tools quickly, maintaining a curated catalogue of approved tools that is comprehensive enough to meet the legitimate needs of most teams, and using financial and identity management controls to surface shadow IT spend without relying on behavioural compliance.
Credit card and expense management platforms that can identify and flag SaaS subscription charges, identity management systems that surface applications accessing organisational credentials without central authorisation, and network monitoring that identifies data flows to unapproved cloud services are all technical mechanisms for achieving visibility without requiring behavioural change from individual teams. The visibility is the prerequisite for everything else. You cannot govern what you cannot see.
Computer Weekly covers enterprise SaaS governance developments and the technology and process approaches that organisations are adopting to address SaaS sprawl in 2026. Their Computer Weekly SaaS governance and enterprise IT management coverage provide analysis of how IT leaders are balancing centralised governance with the business agility that makes shadow IT so persistent, including coverage of the technology platforms and governance frameworks that are proving most effective at closing the visibility gap.
Building a Practical SaaS Management Programme
A SaaS management programme that actually reduces sprawl rather than just documenting it has four components that work together.
The first is discovery. Using a combination of financial data from corporate card and expense platforms, identity management logs, and network traffic analysis to build a complete picture of every SaaS application in active use across the organisation. This discovery exercise will almost certainly surface more applications than expected, and the list it produces is the foundation of everything else.
The second is classification. Not all discovered SaaS tools require the same governance response. Tools that process sensitive data, connect to core business systems, or are used by large numbers of employees require thorough security and compliance review. Tools that are used by a small team for a low-risk purpose may require only lightweight oversight. Prioritising the governance effort on the highest-risk and highest-spend tools produces more commercial value than attempting to apply uniform governance across the full estate.
The third is rationalisation. Armed with the full picture of the SaaS estate, the organisation can identify consolidation opportunities, reclaim unused licences, and make informed decisions about which tools to standardise on and which to retire. The commercial savings from this rationalisation exercise typically exceed the cost of the programme that produced the visibility.
The fourth is prevention. Building the governance processes, procurement policies, and technical controls that reduce future sprawl accumulation without eliminating team autonomy. The goal is not a return to centralised IT gatekeeping but a system where teams can access the tools they need quickly and transparently, within a framework that maintains commercial and security governance.
ISACA’s IT governance resources address SaaS and cloud service management as a specific governance domain, providing frameworks for building the enterprise controls and accountability structures that keep SaaS estates manageable without stifling innovation. Their ISACA IT governance and SaaS management frameworks offer the governance architecture that organisations need to move from reactive SaaS sprawl management to proactive SaaS estate governance, covering the policy, process, and control dimensions of an effective SaaS management programme.
Conclusion
SaaS sprawl in 2026 is not a new problem that organisations have failed to notice. It is a structural problem that organisations have noticed but not yet solved at the root cause level. The commercial consequences, in duplicated spend, wasted licences, security exposure, and compliance risk, are too significant to leave unaddressed. The organisations that build practical, visibility-first SaaS management programmes that balance governance with business agility will manage their technology costs and risks significantly better than those still relying on procurement policy compliance to do a job that human behaviour has consistently demonstrated it cannot do.
