Independent and vendor-neutral. Every figure on this site is either a source-cited published statistic or a reader-controlled bounded calculation. No vendor averages presented as fact.

ShadowITCost

REV. JUNE 2026

/ The root condition

SaaS Sprawl: What It Costs and How to Measure It

SaaS sprawl is the uncontrolled growth of the application portfolio that produces most shadow IT cost. This page defines it, separates it from shadow IT, shows how to count it, and maps it onto the four cost categories so the spend becomes measurable rather than rhetorical.

Definition

SaaS sprawl is the accumulation of software-as-a-service applications across an organization faster than IT can catalogue, secure, or rationalize them. It happens because adopting a modern SaaS tool requires nothing more than an email address and a credit card, so the portfolio grows from the edges (individual employees and teams) rather than through central procurement. Sprawl is the structural cause; shadow IT cost is the consequence.

Sprawl versus shadow IT

Shadow IT is any technology used without IT approval or visibility. SaaS sprawl is the specific, now-dominant form that shadow IT takes: the proliferation of cloud applications. The categories are not identical (shadow IT also covers unmanaged hardware, personal scripts, and self-provisioned cloud infrastructure), but in a knowledge-work organization the overwhelming share of shadow IT is sprawl. That is why measuring the app portfolio, the count and spread of SaaS in use, is the practical entry point to measuring shadow IT cost at all.

How big is the portfolio?

The only systematic measurement comes from SaaS management vendors who publish telemetry from their customer bases. Productiv reports an average app count in the high-200s per customer organization

Productiv

Productiv State of SaaS Apps Report (2024)

measures: Average and median number of SaaS applications per surveyed customer organization, departmental SaaS adoption patterns, and licence usage rates.

methodology: Vendor-published. Aggregated telemetry from Productiv platform customer base; not a representative sample of all enterprises. Sample size and methodology self-disclosed in the report.

trust: Vendor-published, methodology self-disclosed

https://productiv.com/state-of-saas/
, and the most-cited spending figure, Gartner's estimate that 30 to 40 percent of large-enterprise technology spending occurs outside the IT organization
Gartner

Gartner CIO Agenda research, analyst estimate of business-led IT spending (2019/2022)

measures: Estimated share of enterprise technology spending occurring outside the formal IT organization in large enterprises.

methodology: Analyst estimate derived from Gartner's CIO survey panel and analyst forecasting models. Not a primary measurement of any single organization. Range commonly cited as 30 to 40 percent of large-enterprise technology spending.

trust: Analyst estimate, methodology partially disclosed

https://www.gartner.com/en/information-technology/insights/cio-agenda
, is an analyst estimate rather than a measurement of any one company. A widely repeated claim that roughly a third of SaaS spend is unmanaged
vendor blogs

Various vendor blogs: roughly one third of SaaS spend is unmanaged (various)

measures: Often-quoted claim that approximately one third of SaaS spending in surveyed organizations is unmanaged or outside formal IT procurement.

methodology: We have not been able to trace this figure to a single primary public source. It appears across vendor blog content with partial or chained attribution. Treat as indicative, not authoritative.

trust: Widely repeated, primary source unverified

circulates across vendor content without a traceable primary source; we list it with that caveat rather than as fact. The honest position: published numbers are directional, your own SSO export and expense audit produce the only count that applies to you.

How sprawl turns into cost

App count is not a cost by itself; it is a proxy for the surface area you have to govern. Sprawl becomes a number on the ledger through the same four categories the rest of this framework uses. Each row links to its measurement method.

C-01

Observable spend

More apps means more subscriptions, more duplicated tools, and more unused seats. Sprawl is the volume that license waste is measured against.

C-02

Breach exposure

Each unmanaged app is an additional credential store, OAuth grant, and data egress path. Sprawl widens the attack surface that contributes to breach probability.

C-03

Compliance exposure

Apps adopted outside procurement process personal data, card data, or health data without a data processing agreement or a lawful basis, creating GDPR, HIPAA, and PCI exposure.

C-04

Operational overhead

Duplicated tools, orphaned subscriptions after offboarding, and integration rework all scale with the number of apps nobody is tracking.

Measuring your own sprawl

No single discovery method finds the whole portfolio. The union of four does most of the job, with the gaps documented rather than assumed away:

  • SSO gap analysis exports every federated and OAuth-connected app from your identity provider and compares it against the approved catalog.
  • Expense audit pulls 12 months of corporate card and reimbursement data filtered for SaaS merchants.
  • CASB and network analysis surfaces traffic to SaaS domains from managed devices.
  • Browser inventory plus survey catches the personal-account and free-tier apps the other three miss.

Once you have the inventory, the observable-spend method attaches dollar values, and the full estimator combines all four categories into a board-ready range.

The honest framing

The goal of measuring sprawl is not a smaller app count. It is eliminating the unmanaged subset, the apps generating spend, breach, and compliance exposure without an owner. A large, fully catalogued and SSO-enforced portfolio is in better shape than a small, half-invisible one. See the statistics ledger for every figure quoted here with its source, year, and trust flag.

Quantify the spend

License waste ->

Find the apps

Discovery methods ->

Interactive

Measure your exposure ->

FAQ /

Frequently asked questions

Q.01What is SaaS sprawl?+
SaaS sprawl is the uncontrolled proliferation of software-as-a-service applications across an organization, where individual employees and teams adopt tools through free tiers, personal cards, or self-serve trials faster than IT can catalogue, secure, or rationalize them. It is the structural condition that produces most shadow IT: when adopting a new app takes a credit card and an email address, the app portfolio grows from the edges, not from procurement.
Q.02How is SaaS sprawl different from shadow IT?+
Shadow IT is any technology used without IT approval or visibility. SaaS sprawl is the specific, dominant form shadow IT takes today: the accumulation of cloud applications. The two are not identical (shadow IT also covers unmanaged hardware, scripts, and cloud infrastructure) but in a modern knowledge-work organization the overwhelming majority of shadow IT is SaaS sprawl. Measuring sprawl, the count and spread of your app portfolio, is therefore the practical entry point to measuring shadow IT cost.
Q.03How many SaaS apps does a typical organization have?+
Vendor-published telemetry is the only systematic data on this. Productiv reports an average in the high-200s of applications per customer organization in its State of SaaS reporting. That figure is vendor-published: the sample is Productiv's own customers (organizations that have already bought SaaS management tooling), not a representative sample of all enterprises, so read it as directional rather than a population benchmark. Your own SSO export and expense audit produce the only count that applies to your organization.
Q.04How do I measure SaaS sprawl in my own organization?+
Combine four discovery methods, because no single one is complete. An SSO gap analysis exports every federated and OAuth-connected app from your identity provider. An expense audit pulls 12 months of corporate card and reimbursement data filtered for SaaS merchants. A CASB or network analysis surfaces traffic to SaaS domains. A browser inventory plus an amnesty-framed survey catches the rest. The union of the four is your sprawl inventory; the gaps between them are documented honestly rather than assumed to be zero.
Q.05Is more SaaS always bad?+
No. App count is not a cost by itself; it is a proxy for the surface area you have to govern. A 300-app portfolio that is fully catalogued, SSO-enforced, and reviewed at renewal is in better shape than a 120-app portfolio where half the apps are invisible. The goal of measuring sprawl is not to minimize the number of apps but to eliminate the unmanaged subset, the apps generating spend, breach, and compliance exposure without anyone owning them.
Q.06What is the fastest way to reduce SaaS sprawl?+
Sequence it. First make the portfolio visible (SSO gap plus expense audit gives you the inventory in days). Then consolidate duplicates and reclaim unused seats, which is the observable-spend win that funds the rest. Then route new adoption through a lightweight approval gate so sprawl does not regrow. Treat any vendor-quoted reduction percentage as a marketing range and plan against a conservative 20 to 40 percent expected reduction with sensitivity analysis, as set out on the statistics and governance-ROI pages.

Updated 2026-06-16