How to clean up SaaS sprawl without breaking a sweat

Audit SaaS usage at scale and avoid wasted SaaS spend with our new playbook.

August 23, 2023

It’s happening at almost every organization: boards are pushing to reduce SaaS spend. As organizations shift from a single-minded focus on growth to an era of “efficient growth,” security and IT teams are faced with the challenge of justifying their organization’s SaaS investments and eliminating waste. From a security perspective, this focus on efficiency has the added benefit of reducing your SaaS attack surface, helping you minimize your organization’s overall risk. 

One obvious, high-impact place to start is eliminating unused SaaS accounts. But what’s the best way to tell which accounts are actually still in use? Users may not even remember all the applications they have signed up for. And while hunting down answers from individual departments is time-prohibitive, shutting off access that users still need can disrupt the flow of business and create even bigger headaches for IT and security teams. 

Evaluating your organization’s SaaS investments—and SaaS attack surface—requires user input. You need to know which applications are still necessary even if your employees only need to log into them once a quarter, and which ones are actually dead weight. However, collecting input from users represents a major investment of time from multiple departments. 

How Nudge Security can help

Nudge Security provides a variety of ways to help you eliminate unnecessary accounts and reduce your SaaS attack surface, all made possible by our innovative, patented method of SaaS discovery.

After using our platform to generate a full inventory of all SaaS and cloud accounts ever created by anyone in your organization, you can:

Now, Nudge Security’s latest playbook for automating the process of  identifying and removing abandoned accounts helps you audit your organization’s SaaS usage systematically and act on user feedback at scale. 

Using the playbook, you can:

  • Clean up long-forgotten accounts that may contain orphaned corporate data.
  • Reduce risk to your organization by minimizing your SaaS attack surface.
  • Reclaim unused licenses and reduce overall SaaS spend.

Explore the playbook for yourself in our interactive demo, or read on for more detail.

1. Get visibility of all the cloud and SaaS applications in use at your organization. 

In order to understand where you can reduce your SaaS attack surface and expenditures, you first need to understand what’s out there. As mentioned above, our patented approach to SaaS discovery helps you identify every cloud and SaaS application your employees have ever introduced, including those that aren’t managed by IT or security. In contrast, starting with a list of apps that have made it through procurement would miss out on free accounts housing corporate data and forgotten trials that haven’t reached the point of billing yet. 

2. Choose which applications to audit for unused accounts.  

While you can always discover unused accounts one app at a time from each application’s overview page, Nudge Security’s playbook for removing abandoned accounts enables you to audit multiple applications at once. 

To get started, select which applications you’d like to audit. You can prioritize which ones to choose by filtering based on factors like an app’s total number of accounts, approval status, compliance scope, sign-on mode, category, or compliance scope. For example, you might want to check your organization’s file-sharing applications for abandoned accounts that may contain lingering corporate data, or find out if you could consolidate your developer tools to reduce potential entry points to your development pipeline. Alternatively, you may want to audit your most expensive SaaS accounts ahead of a renewal to see if you can reduce your license costs. 

3. Nudge employees to ask whether they’re still using each application. 

For each of the applications you’ve selected, Nudge Security will send a nudge via email or Slack to each account holder asking whether or not they’re still using the application. Your users can respond directly from the nudge by choosing “I’m still using it,” “No, I’m not using this,” or “Account has been deleted.” These responses correspond to account statuses of “Active,” “Abandoned,” or “Deleted,” which you’ll be able to see within the playbook as well as in each application’s overview page. 

4. Watch as your users’ responses come in. 

The next step is easy. All you have to do is sit back and relax as your users’ responses flow in. 

As your employees respond to nudges, you’ll be able to track their answers within the playbook. We recommend waiting to move on from this step until at least 50% of users have replied, but you can get moving any time you’re happy with your response rates. 

5. Enlist help with abandoned account cleanup by nudging the technical contact for each application. 

Once you’re happy with the number of responses you’ve received, it’s time to act. At this point you’ll have a good idea of which accounts are still in use versus which ones have been abandoned and can be deleted to help reduce your organization’s attack surface. 

Here’s the best part. Instead of having to log into every app yourself and remove unused accounts, you can delegate this step to the technical owner of each app (i.e. a user with administrative privileges).  Nudge Security makes this easy by identifying a technical contact for each application in your environment, starting with the first user of the app, who typically has administrative privileges by default. (You can update this technical contact at any time, including at this stage of the playbook.) 

Next, you’ll send a nudge to each application’s technical contact containing instructions to delete the accounts, remove orphaned data, and reclaim any available licenses, along with a CSV file of the affected accounts. 

6. Track the results of your cleanup efforts. 

As your technical contacts confirm that they’ve taken action to remove the accounts you’ve identified, Nudge Security tracks their responses in the playbook. 

7. Share your results with colleagues to reinforce the value of your work. 

Make sure to share the results of your audit with your colleagues in finance and procurement, who can help you build and maintain momentum for ongoing SaaS audits. In partnership, you can minimize your SaaS attack surface, avoid wasted SaaS spend, and delight users by justifying spend on widely-used applications. 

Ready to see what Nudge Security can do for you? 

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors