The State of SaaS Management: New Data Reveals Critical Gaps and Opportunities for IT Leaders

Most IT leaders think they can see their entire software stack - every application, license, and integration point in their environment. 

They are likely wrong. 

Our research shows that only 15% of IT leaders actually have that level of visibility. 

The other 85%? 

They're operating with significant blind spots.

While companies rush to adopt new software tools, they're increasingly unable to keep track of what they already own and operate. 

‍

These numbers point to a compelling paradox: companies claiming better SaaS visibility express more concern about security — not less. 

‍

IT leaders who report the highest visibility into their systems are actually 60% more likely to express serious security concerns. 

‍

It's not that their systems are less secure - they've simply uncovered risks that others haven't found yet. 

‍

This stark contrast between perceived and actual security risks forms the foundation of our report, which examines how organizations' confidence often clashes with reality when it comes to managing their software environments.

‍

Through detailed analysis of responses from IT professionals at companies of various sizes, we uncover critical blind spots, identify key risk factors, and provide practical strategies to help you gauge and improve your own organization's software visibility and security.

‍

The Hidden Costs & Security Gaps: What the Data Reveals About SaaS Management

‍

Our research revealed five critical findings that every IT leader needs to understand:

‍

1. The Visibility Myth 

Only 15% of organizations have complete visibility into their SaaS environment. Yet here's what's striking — 54% of IT teams report being "very satisfied" with their current visibility. This gap between perception and reality creates significant blind spots in security and spending.

‍

2. The Security Awakening 

The more you can see, the more you realize what's at risk. 91% of IT leaders worry about the use of unsanctioned applications, but many lack the tools to detect them.

‍

3. The Manual Management Trap 

Would you believe 63% of organizations still track their SaaS applications using spreadsheets? It gets worse. For 52% of companies, setting up a new employee with necessary SaaS tools takes more than 5 hours. That's nearly a full workday lost to manual provisioning.

4. The Cost Control Crisis 

Three out of four organizations struggle with SaaS licensing issues. Unused licenses, duplicate subscriptions, and poor renewal tracking drain budgets. Without automated oversight, companies hemorrhage money on tools they don't fully utilize.

‍

5. The Automation Gap 

Half of the surveyed companies lack automated processes for basic tasks like employee onboarding and offboarding. What's the impact? 20% report taking multiple days to fully equip new hires with needed software. Meanwhile, delayed offboarding creates security vulnerabilities.

These numbers tell a clear story: while SaaS tools power modern business operations, most organizations haven't modernized how they manage them. 

The following sections will break down each of these findings, examining not just the problems they reveal, but the opportunities they present for forward-thinking IT teams.

‍

Insight #1: The SaaS Visibility Mirage – What You Can’t See Can Hurt You

‍

While 63% of IT teams believe they use fewer than 30 SaaS applications, reality paints a different picture. 

Most IT professionals dramatically undercount their actual SaaS footprint — and this miscalculation creates serious risks.

‍

The False Comfort of Limited Visibility 

Here's a puzzling discovery: organizations reporting lower SaaS visibility often express less concern about security risks. 

Despite such limited visibility, they remained confident about their security posture.

‍

Size Matters — But Not How You'd Think 

Larger organizations report feeling more confident about their software visibility, largely due to their access to sophisticated tracking tools and resources. 

However, our research uncovered a telling disconnect: while senior IT leaders expressed satisfaction, junior staff handling daily operations reported frequent struggles with visibility and control.

‍

Why Visibility Gaps Grow 

Visibility gaps grow through a combination of organizational behaviors and technical complexities. 

Department-level purchasing decisions frequently create hidden subscriptions that IT never sees. 

Meanwhile, free trials silently convert to paid accounts without oversight, creating unexpected costs and security risks. 

The problem compounds when employees share login credentials across teams, obscuring actual usage patterns and creating security vulnerabilities. Adding to this complexity, integration tools automatically connect to new services, creating an expanding web of unseen applications and data flows.

‍

The Real Cost of Poor Visibility 

Poor SaaS visibility doesn't just create security risks — it hits budgets hard. 

Our research reveals that 75% of organizations struggle with basic license tracking. The problem cascades as multiple departments unknowingly pay for identical services, while unused accounts remain active long after employees leave. 

Critical renewal dates frequently slip by unnoticed, along with valuable opportunities to negotiate better terms or consolidate services.

‍

When Better Visibility Reveals Uncomfortable Truths 

Companies that implement comprehensive SaaS monitoring tools often discover:

• Shadow IT is much more extensive than estimated
• Unauthorized access to sensitive data
• Compliance violations they didn't know existed
• Significant overlaps in tool functionality

This explains why organizations with better visibility report more security concerns — they've uncovered the true scope of their challenge.

The data proves a counterintuitive truth: if your SaaS environment doesn't worry you, you might not be seeing it clearly enough. 

‍

Insight #2: Security Through Clarity – The More You See, The More You Worry

A surprising disconnect emerges from our research data about security risks. 

While IT leaders frequently cite shadow IT as a concern, actual security breaches often stem from a more fundamental issue: the gap between perceived and actual SaaS governance.

The Perception Problem 

Senior IT leaders recognize potential security threats. Yet remarkably, 91% express concern about unsanctioned applications while struggling to implement effective detection measures. 

One statistic stands out: IT teams with comprehensive visibility are 61% more likely to flag security as a critical concern. 

This suggests that organizations without full visibility aren't necessarily more secure - they simply haven't discovered their vulnerabilities yet.

‍

Why Junior IT Sees It Differently 

A telling divide exists between senior and junior IT perspectives, but not in the way you might expect. 

Junior IT staff, who manage day-to-day operations, find themselves deep in the trenches of software management - wrestling with uncontrolled application sprawl, handling constant app requests, and navigating security gaps in real-time. 

Their concerns are immediate and tactical, focused on the daily challenges of maintaining control over a rapidly expanding software environment.

Senior IT leaders, however, often remain removed from these front-line struggles. 

While they focus on strategic issues like data exposure, compliance, and authentication security, they frequently underestimate the operational chaos that stems from poor software governance. 

This disconnect between strategic vision and operational reality creates blind spots that can undermine even the most carefully planned security initiatives.

‍

The Real Security Risks You're Missing 

Our data reveals that organizations typically underestimate three critical security vulnerabilities:

• Orphaned Accounts: Former employees often retain access to sensitive company data because 50% of organizations lack automated offboarding processes. Without automatic deactivation of accounts when someone leaves, access credentials can remain active indefinitely.

‍

• Integration Sprawl: SaaS tools automatically connect to other services. Each connection creates new data sharing channels. Most IT teams can't track these integration webs effectively.

‍

• Authentication Gaps: Only 30% of organizations use Single Sign-On (SSO). The rest rely on individual password policies, creating security weak points across their SaaS stack.

‍

Why More Visibility Increases Security Concerns 

Companies with full SaaS visibility report higher security concerns as they uncover layers of previously hidden risks. 

These organizations regularly detect unauthorized data sharing between applications and users, while spotting non-compliant application usage across departments. They identify concerning patterns in how applications integrate and share data. 

Perhaps most critically, they discover authentication vulnerabilities that could compromise sensitive information.

This explains why IT leaders with better visibility into their systems often report higher levels of concern - they're seeing the full scope of their vulnerabilities for the first time.

‍

The Security Maturity Gap 

Organizations progress through distinct security awareness stages, starting with a phase of unknown risks where concerns are minimal simply because threats remain hidden. 

As awareness grows, they move into basic risk recognition, followed by active risk management. 

The most mature organizations achieve comprehensive security integration across their systems. 

Our research shows most companies haven't progressed beyond basic awareness, which explains why they often underestimate their security exposure.

‍

Key Takeaway: From Reactive to Proactive Security 

Smart organizations have stopped playing catch-up with security and started getting ahead of the threats.

These companies implement real-time SaaS discovery to catch new applications as they appear while automating security policy enforcement to ensure consistent protection. They continuously monitor integration security to prevent unauthorized data flows and standardize authentication protocols across their SaaS ecosystem. 

This comprehensive approach ultimately transforms security from a response mechanism into a strategic advantage.

‍

Insight #3: Spreadsheets Aren’t Security – Why Manual SaaS Management is a Risk

‍

Not all organizations manage their SaaS applications the same way. Our research identifies four distinct governance models, each with unique challenges and opportunities.

Let's break down what we discovered about how companies control their SaaS environments:

• The Wild West: The Wild West represents the first stage, where we found 63% of organizations operating with unlocked doors in their digital fortress. These companies lack formal SaaS policies, allowing departments to purchase apps at will. They rely on manual tracking via spreadsheets, with zero automated controls in place.

‍

• IT Sponsorship: IT Sponsorship marks a step up, though problems persist. While basic guidelines exist and IT stays aware of major purchases, enforcement remains limited and security measures operate reactively rather than proactively.

‍

• IT Gatekeeper: The IT Gatekeeper stage shows significantly better control. These organizations require IT approval for new apps and maintain standardized request processes. They've begun implementing basic automation and conduct regular security reviews.

‍

• Proactive IT: Proactive IT represents the gold standard, achieved by only 15% of organizations. These companies employ automated discovery and monitoring, enforce security policies consistently, maintain integrated access management, and track usage in real-time.

‍

What Sets Mature Organizations Apart 

Companies with mature SaaS governance share common traits. They automate their onboarding and offboarding processes, conduct regular access reviews, maintain clear ownership of SaaS strategy, and integrate security controls across their environment.

‍

The Cost of Immature Governance 

Organizations stuck in early governance stages face measurable consequences. 

Our research shows 75% of organizations struggle with licensing issues, while 52% waste hours on manual processes. 

Security risks often go undetected, and duplicate purchases drain budgets unnecessarily.

Several factors keep companies stuck in early governance stages: 

• Resource constraints limit improvement opportunities. 
• Organizations face internal resistance to change. 
• Executive buy-in proves difficult to secure. 
• Many teams fear technical complexity.

‍

Despite these challenges, our research reveals that well-managed organizations evolve their governance in predictable stages, starting with basic cost control measures. 

As teams gain confidence, they build automated workflows to reduce manual burden. This foundation enables them to implement comprehensive security measures. 

Finally, they implement continuous oversight to maintain and improve their governance structure.

The benefits of this evolution appear in measurable ways. 

Organizations that advance their governance model report 26% better SaaS visibility overall.

They achieve significant cost savings through improved license management and reduced duplicate spending. Employee onboarding speed accelerates dramatically. 

Perhaps most importantly, these organizations experience fewer security incidents, thereby validating their investment in mature governance.

‍

Insight #4:  Wasted Licenses, Wasted Budgets – Why Poor SaaS Oversight Costs More Than You Think

When 52% of IT teams spend over five hours setting up tools for each new employee, something needs to change. 

Let's look at what our research reveals about automation — or the lack of it.

The Five-Hour Setup Problem 

Only 6% of companies can get a new employee ready with SaaS tools in under an hour. 20% take multiple days to complete setup, 52% need more than 5 hours, and 21% manage it in 2-5 hours. The remaining companies don't even track their setup time. 

‍

The Real Cost of Manual Management 

Beyond wasted time, manual processes create cascading problems throughout organizations. New hires sit idle waiting for tool access, costing precious productivity. Security policies get inconsistently applied across different teams and departments. License purchases happen reactively rather than strategically. Perhaps most concerning, delays in deprovisioning create security vulnerabilities that can persist for weeks or months.

‍

Automated vs. Manual: Saving Time and Reducing Risk

The contrast between manual and automated processes reveals stark differences in efficiency and security. Manual processes require individual email requests for each application, one-off license purchases, custom account setup, individual permission configuration, password distribution, and constant documentation updates.

Automated systems, by comparison, streamline everything through role-based provisioning, pre-configured security settings, synchronized access management, and standardized onboarding flows. 

The difference isn't just in time saved — it's in risk reduced.

‍

The Security Connection 

Poor automation creates multiple security weak points across organizations. When departed employees retain access because of delayed removal, sensitive data remains exposed. Inconsistent permission settings across applications create vulnerability patterns while missing security configurations go unnoticed until it's too late. Forgotten password resets also leave doors open to unauthorized access.

‍

Why Teams Don't Automate 

Despite clear benefits, several barriers prevent teams from implementing automation. Budget constraints often top the list, followed by dependencies on legacy systems. Many organizations struggle with incomplete process documentation, making automation planning difficult. Technical skill limitations also likely slow adoption.

Yet the tide is turning. 

Our research shows 91% of IT leaders plan to invest in SaaS management solutions. They recognize that manual processes simply can't scale with growing SaaS adoption. 

‍

Insight #5: Automate or Stagnate – The Access Management Gap That Slows IT Down

‍

When 75% of organizations struggle with SaaS licensing issues, we need to look deeper than subscription fees. 

Our research reveals hidden costs that multiply across departments, teams, and processes.

‍

The True Price of Poor Management 

The visible costs — unused licenses, duplicate subscriptions, missed renewal deadlines — tell only part of the story. 

While 51.8% of survey respondents cite rising SaaS costs as a major concern, they often miss the expensive ripple effects of inadequate management.

‍

Size Changes Everything 

Company size dramatically affects how organizations view and handle SaaS costs. Our data shows smaller organizations prioritize immediate cost control, while larger enterprises focus more on security and compliance. Both approaches reveal different aspects of the same underlying problem: inefficient SaaS management creates cascading financial impacts.

‍

The Maturity Effect 

Organizations with mature SaaS governance report different priorities than those with basic oversight. Less mature organizations focus primarily on cost optimization as their first step toward better SaaS management. However, as companies mature their SaaS governance, security, and operational efficiency become higher priorities than direct cost savings.

‍

The Security Cost Connection 

The relationship between cost and security emerges clearly in our survey data. Organizations reporting the highest levels of SaaS visibility express significantly more concern about security risks. This suggests that as companies gain better oversight of their SaaS spending, they uncover security vulnerabilities that require additional investment to address.

‍

From Cost Center to Strategic Investment 

The data shows a clear progression in how organizations view SaaS management. Those with lower visibility focus primarily on controlling direct costs. However, organizations with mature SaaS governance treat management tools as strategic investments that impact security, productivity, and compliance.

‍

Looking Ahead: The Future of SaaS Access Management

‍

Our survey data points to clear shifts in how organizations plan to handle their SaaS environments: 91% of organizations are considering purchasing a SaaS management solution in the next 18 months, while 99% of IT leaders want to learn more about improving their SaaS oversight.

Market Signals 

The data shows two distinct groups emerging. 

First, organizations focused purely on cost control, typically those just starting their SaaS management journey. 

Second, mature organizations prioritizing security and automation. 

This split suggests a natural progression as companies develop their SaaS governance capabilities.

‍

Shifting Priorities 

Our survey also reveals changing focus areas for IT teams:

• Senior IT leaders express growing concern about security risks
• Junior IT staff prioritize operational efficiency
• Organizations of all sizes recognize the need for better automation
• Security becomes the top priority as visibility improves

‍

The Security-First Future 

The correlation between visibility and security concerns (60% higher for organizations with full visibility) suggests a coming shift. 

As more organizations gain true visibility into their SaaS environments, we expect security to become the dominant focus across company sizes.

‍

Strategic Recommendations 

Based on our survey findings, successful SaaS management strategies should focus on achieving accurate visibility. Only 15% of organizations claim full visibility today, making this the critical first step.

Second, companies need to implement basic automation. With 52% of companies spending over five hours on new employee setup, automated provisioning offers immediate returns.

Third, it is critical to strengthen security measures. Organizations with better visibility consistently identify more security risks requiring attention.

Fourth, moving from manual spreadsheets to automated oversight represents a key transition for the 63% still using basic tracking methods.

‍

What Success Looks Like 

The data suggests organizations should measure success through:

• Complete SaaS environment visibility
• Automated employee lifecycle management
• Centralized security controls
• Proactive cost optimization

The path forward requires balancing immediate operational needs with long-term strategic goals. Organizations that achieve this balance not only reduce their security risks and operational costs but also position themselves to scale more efficiently as their software needs grow. 

More importantly, they free their IT teams from constant firefighting, allowing them to focus on initiatives that drive business value.

‍

Conclusion: Moving from Insight to Action

‍

The gap between recognizing SaaS management challenges and actually solving them remains substantial. 

This disconnect between intention and execution creates both immediate risks and opportunities for improvement.

Our research points to a clear path forward. 

Organizations must first establish comprehensive visibility into their software ecosystem before attempting broader changes. 

With a clear understanding of their environment, they can then implement targeted automation to address their most pressing operational bottlenecks. 

Finally, they can build robust security measures based on their now-complete understanding of their software landscape.

The urgency for action grows daily. 

With 75% of organizations already struggling with basic licensing issues and software adoption accelerating, these challenges will only intensify. 

The question isn't whether to improve software management, but how quickly you can begin. 

Organizations that act now position themselves to handle increasing complexity, while those who delay face mounting security risks and operational inefficiencies.

Successful SaaS management isn't just about avoiding problems—it's about creating competitive advantage. 

The organizations that master this challenge first will have more secure environments, more efficient operations, and more time to focus on innovation rather than maintenance.

Learn how Josys can address these challenges with our SaaS management platform. Schedule a demo today.