The economics of enterprise software are changing in ways most organisations are not yet equipped to handle.
.jpg&h=420&w=748&c=0&s=0)
For years, SaaS management was fundamentally a visibility problem. Shadow IT was an annoyance. Unused licences were wasteful but contained. Renewals arrived with enough predictability that a periodic audit and a spreadsheet could get you through the year. The financial exposure was real, but it was bounded.
That is no longer the case.
The shift to consumption-based pricing has changed the risk profile of unmanaged SaaS entirely. When costs are fixed, an unused licence is a recoverable inefficiency. When costs scale with usage, an ungoverned tool is an open exposure. Every API call, every active user, every automated workflow is a financial event, and without real-time visibility into those events, organisations aren't managing spend so much as discovering it after the fact.
This is the new SaaS problem, and it isn't a shortage of data. Most organisations have more SaaS data than they can act on. The problem is that the data is fragmented, the ownership is distributed, and the decisions it should inform are still being made cyclically — at renewal, at audit, at incident. In a consumption-driven model, that cadence is structurally too slow.
The consequences compound. Access rights accumulate faster than they are reviewed. Redundant tools proliferate across business units without central visibility. AI-enabled applications enter the environment through individual sign-ups, outside procurement and security review. IBM's research found that 20% of organisations have experienced a security breach related to shadow AI alone. Calero, a leader in the SaaS Management Magic Quadrant, identified $2.7M in annualised Microsoft 365 waste for a single hospitality customer from licences that had simply been assigned and forgotten. These are not edge cases. They are the predictable outcome of applying a cyclical governance model to a continuous problem.
The risk is no longer just operational; it's financial and structural. Unmanaged SaaS doesn't reset at renewal; it compounds through it. Every renewal that rolls over without accurate usage data locks inefficiency into the next contract cycle. Every ungoverned consumption event becomes part of the baseline against which future spend is measured. Organisations aren't just paying for what they don't use; they're building that cost permanently into their technology economics.
What is needed now is a fundamental shift in how SaaS is governed: not a better dashboard, but a different operating model. Governance needs to be continuous rather than cyclical, proactive rather than reactive, and integrated across the functions that currently hold fragmented pieces of the same picture — IT, finance, procurement, security, and business teams. Finance sees cost, security sees access, procurement sees renewals, and IT sees applications; without a shared operational view, each is making decisions with incomplete information.
The emerging framework for this is closer to FinOps than traditional IT asset management. Once focused primarily on cloud infrastructure, FinOps disciplines are now expanding into SaaS because the financial model demands it. Variable consumption, usage-linked billing, and distributed purchasing require the same real-time feedback loops, cost accountability, and optimisation rigour that cloud teams have been building for a decade.
Mature organisations are already moving in this direction, away from reactive cleanup and toward continuous optimisation. That means policy and automation keeping access aligned to role, licences aligned to need, and spend aligned to demonstrable value. It means governance that operates at the pace of the business, not the pace of the audit cycle.
The goal is not control for its own sake. SaaS governance should not become a bottleneck that slows the teams it is meant to support. The goal is to create the guardrails that allow business units to move quickly without the organisation absorbing unseen cost and risk along the way.
The organisations that will lead the next phase of SaaS management are those that have stopped treating ungoverned software as an inconvenience to be periodically cleaned up. They are treating it for what it actually is: a compounding financial risk, embedded in every renewal, every usage event, and every tool that enters the environment without review.
Visibility is just the starting point. Continuous governance is the real work ahead.
