Visibility and the SaaS Sprawl Problem: How Did We Get Here?

Chaos rarely announces itself. It simmers silently in the background and strikes suddenly without warning, shattering your peace of mind. Yes, this is SaaS sprawl, a problem you’re very likely familiar with.  

SaaS sprawl occurs when organizations adopt a growing number of SaaS applications without formal approval and oversight.   

These organizations often lack a centralized procurement process and struggle to enforce application use policies, which means employees can independently sign up for or purchase SaaS subscriptions. As SaaS apps accumulate—unknown and unchecked—this leads to redundant tools, higher operating costs, and a greater risk of data breaches.  

Threat actors are also increasingly targeting SaaS applications because they know the associated vulnerabilities.  

For instance, Mandiant has observed a rise in the use of social engineering to target users who threat actors suspect have privileged access to SaaS environments. 

SaaS sprawl leads to wasted resources, budget blowouts, and compromised security. 

Four (4) reasons SaaS sprawl is bad for your business: #4 will upset you 

Shadow IT and shadow AI are major drivers of SaaS sprawl. 

A 2024 survey of 6,000 knowledge workers in the US, UK, and Germany showed that 75% now use shadow AI regularly. Typically, they’re trying to do their jobs more efficiently while inadvertently exposing their companies to cyber risks. Mainly, they use it to save time (83%), make their jobs easier (81%), and get more done (71%). 

The bad news?  

1. More than 65% say they know shadow AI is prone to inaccurate information but 34% use it to automate tasks anyway.  
2. To “get the job done,” developers at 80% of companies regularly skirt internal rules to use AI code completion tools. This leads to significant compliance and intellectual property concerns. 
3. About 30% of IT admins at SMBs admit they don’t have the time, skills, or resources to uncover shadow IT at their organization. 
4. Many SaaS contracts not only have auto-renewal clauses but may also include automated annual price hikes – which can rise as high as 71%. 

SaaS sprawl is a VERY real threat to your business – but what can you do about it? Below, we talk about why it happens and reveal how you can get it under control with a solution that’s affordable, fast to deploy, and easy to manage. 

The hidden epidemic of SaaS sprawl: Is your business at risk? 

Not sure if you need to worry about shadow IT or AI? 

If so, ask yourself this: Do you or your IT team know exactly how many SaaS apps your employees are using? 

According to Zylo’s 2025 SaaS Management Index:  

• The average organization has 275 SaaS applications – but underestimates the actual quantity by nearly 2X. 

• Businesses spend $4,830 per employee on SaaS apps annually. 

• 52.7% of SaaS licenses go unused, which amounts to $21M in wasted spending per year. 

And that’s not all. SaaS sprawl isn’t just draining budgets—it makes organizations 5X more susceptible to cybersecurity incidents. Data breaches involving shadow IT or AI also take 26.2% longer to identify and 20.2% longer to contain. Plus, they cost more, averaging USD $5.27 million per breach. 

Despite the risks, just 29% of employees check their organization’s data usage policies before uploading business data into Gen AI tools like ChatGPT.  

As a result, the likelihood of exposing proprietary or confidential data is high. In 2023, Samsung was forced to ban employee use of Gen AI after its engineers accidentally leaked internal source code by uploading it to ChatGPT. 

The dangers of ChatGPT don’t stop at data leakage. 

With no insight into how their information is processed or stored, organizations have little control over how their data is used.  

Along with Gen AI’s tendency to hallucinate (due to its propensity for bias), this can lead to legal risks, non-compliance with privacy regulations, and reputational damage. 

If you aren’t sure how many SaaS apps your employees are using, it may be time to find out. 

How did we get here? The root causes of SaaS chaos  

Before we do that, let’s talk about the factors driving SaaS sprawl. 

In 2025, the most common causes of SaaS sprawl are decentralized procurement, the rise in remote work, and the ease of acquiring SaaS apps.   

The one procurement mistake that guarantees SaaS sprawl 

It’s 2025: Is decentralized procurement dead? 

While this procurement approach—which allows teams or departments to handle their own purchasing—can foster innovation and agility, it’s also a key driver of SaaS sprawl.  

IT only manages, on average, 16% of an organization’s SaaS. The other 84% is being managed and purchased by individual employees or departments. 

As a result, the average organization adds approximately seven (7) new SaaS apps every 30 days. This is how businesses end up with duplicate tools that go unused. 

How remote work causes SaaS overload – without you realizing it 

For the first time in history, a pandemic fueled a dramatic rise in both remote work and SaaS usage, marking major shifts in how businesses operate. SaaS adoption grew 62% in the first year of the pandemic.  

Tools such as Zoom, Microsoft Teams, Slack, Asana, Windows 365, Discord, and Trello suddenly became essential to business continuity. 

In all, the tech and retail industries led the rise in SaaS adoption, growing their SaaS portfolios by 101% and 131% respectively. 

Prior to 2020, most employees worked on site (60%). In 2025, remote work is now mainstream - and along with it - SaaS sprawl. 

And here’s why SaaS sprawl is almost inevitable if you have a remote workplace: Employees see shadow tools as a means of gaining a competitive edge in performance and efficiency. They quietly adopt them to automate tasks and collaborate in ways that get results. So, they’ll use them – not because they want to break the rules but because they want to win. 

Ease of acquisition + use = a SaaS ticking time bomb for your business 

SaaS apps can often be purchased with minimal effort, such as using a corporate credit card or signing up for a free trial.  

With SaaS apps, manual installations aren’t needed, and all updates are automatic. They’re also affordable and can be accessed from any device with internet connectivity. 

Let's face it: SaaS apps are easy to acquire and use – and this represents a ticking time bomb for your business. Their unchecked expansion increases the attack surface, which attackers can exploit to escalate privileges, harvest proprietary information, and monetize any data they steal on the Dark Web. 

Manage SaaS Sprawl the easy way with LastPass 

If you’re doing business today, you’re likely losing money over rogue apps you never even authorized.  

Your employees may also be accessing apps that lack support for MFA and SSO. This lack of visibility into app usage means you can't enforce security best practices like password hygiene and strong authentication measures. This can increase the risk of data breaches for your business. 

This is where LastPass comes in. 

Our new SaaS monitoring tool allows you to: 

• Fill those visibility gaps to give your organization comprehensive protection 

• Monitor app usage to stay compliant with industry regulations and avoid expensive fines  

• Minimize your risk of data theft, operational disruptions, and third-party compromises  

• Stop paying for apps that haven’t been used in 30+ days 

• Invest the savings in new tools your employees actually need to be more productive 

• Implement role-based access controls and get visibility into privileged accounts 

• Enforce password policies and best practices for authentication security 

• Help IT enforce strong authentication even in unsanctioned tools 

With LastPass, you get a powerful solution that’s designed to integrate smoothly into your routine. 

 

It’s easy to deploy: Simply click a button to enable SaaS monitoring – and start getting visibility immediately. 

It’s frictionless: There’s no need to deploy agents – you can enable SaaS monitoring through the LastPass browser extension. 

It’s holistic: You can get visibility of your entire SaaS footprint while ensuring organization-wide application of password and identity security management. 

Enable better visibility, security, and optimization of SaaS usage across your organization today.