The average employee uses nine apps per day for work. What happens to their accounts when they leave the company or switch teams? In many cases, they turn into zombie accounts.
What are zombie accounts? When an account hasn’t been used for an extended period, it becomes a zombie account. These accounts eat away at your bottom line and make you more vulnerable to hackers.
It’s unlikely that you have a handle on just how many of these inactive user accounts are out there. According to Gartner’s Market Guide for SaaS Management Platforms, companies use an average of 125 different SaaS applications, and the IT department only is aware of one-third of the accounts associated with them.
That’s why it’s important to have a plan for finding zombie accounts and preventing them from being created in the first place. This may seem like it makes managing your tech stack more complicated. However, with the right preventive measures and tools, dealing with zombie accounts can be a simple, straightforward process.
How zombie accounts are made
Zombie accounts are an unfortunate byproduct of the widespread proliferation and convenience of SaaS products. Implementing many SaaS applications doesn’t require the involvement of IT, since there’s nothing to download. For employees with a company-issued credit card, subscription fees are often low enough to pay on their own, so accounting doesn’t ever receive an invoice. If employees don’t tell IT and accounting about these subscriptions, they have no way of knowing they exist.
Under these circumstances, zombie accounts are more likely to go unnoticed when an employee moves on to another company, project, or team.
1. They’re missed during offboarding
IT offboarding can be a complicated process since employees use a wide range of devices and software for work. IT has to identify all of the outgoing employee’s user accounts and make sure they’re deactivated. This may be a little easier to do for company-wide applications like Slack, or for software that’s widely used in certain departments, like Salesforce. However, keeping track of applications that are only used by small teams or individual employees can be challenging.
Plus, when an account is deactivated, it isn’t always deleted. Sometimes, accounts need to be revisited 30 or 60 days after an employee leaves to be truly removed.
2. They’re forgotten after one-off projects
There are so many SaaS applications out there that it’s easy for employees to find specialized tools perfectly suited for a one-off project. It’s not uncommon to buy a subscription with the intent to cancel once the project is over. Despite their best intentions, employees often get distracted with other things and forget the account is still out there, so it becomes an inactive user account.
3. They fall through the cracks because an employee switched teams or changed roles
When an employee switches teams or job duties, it doesn’t trigger an offboarding process. If they still have an account for an application they no longer use, it’s up to the employee or their leadership to cancel the account. However, these accounts often slip through the cracks. Since there’s no formal offboarding process, it’s often unclear who is responsible for notifying the right stakeholders the account is no longer needed.
The dangers of zombie accounts
Employees are always on the move, whether internally or externally. Without a process to track their accounts, it’s easy for the number of inactive user accounts to snowball rapidly over time, leading to major financial and security pitfalls.
Financial risk
Year-over-year, SaaS spending is rising sharply. It rose by 18% in 2022 and is on track to grow by 20% in 2023. Pricing structures tend to vary, but many are priced per user. If you don’t keep a close eye on your accounts, you can easily pay for licenses that you’re not using. Over time, the costs of these zombie accounts can add up exponentially.
Cybersecurity risk
Eighty-two percent of cybersecurity breaches involve data stored in the cloud, and zombie accounts increase the vulnerability of your cloud systems. They increase your threat surface and they aren’t being monitored for unauthorized access.
If a zombie account is part of a data breach, hackers can use the credentials to access sensitive data, like a credit card number or client details, that may be stored in the application. Also, if the user uses the same credentials on multiple sites, hackers can use that username and password to log into other applications and wreak havoc.
Things get even more dangerous if an employee has downloaded an application and given it a broad set of permissions. Now, hackers can access data that’s not just in the application but also stored on the computer, such as contacts and emails.
Compliance risk
Many data privacy laws require companies to prove they have appropriate controls in place to protect sensitive data. These measures can include limiting system access to only those who need it for their work and demonstrating that someone is responsible for managing user accounts. If zombie accounts are uncovered during an audit, it’s a clear indication of non-compliance
Best practices for preventing zombie accounts
Zombie accounts can have scary implications, but you can defend yourself against them with the right combination of processes and policies. Using technology like SaaS license software can also help. Follow these best practices to keep zombie accounts at bay.
1. Create a central repository of all software licenses
The first step to managing SaaS subscriptions more effectively is to keep a centralized log of all applications and their users. If you choose to do this with a spreadsheet, you’ll need to take the following steps:
- Create a spreadsheet with columns for the name of the SaaS application, number of users, list of users, pricing tier and structure, and internal contact. Check out our free SaaS contract tracker here.
- Start entering the SaaS products that you know, like Zoom.
- Reach out to each department head to find out which systems their teams use. Ask them to compile which systems are used by individual contributors.
- Comb through expense reports to surface any potential subscriptions that may be overlooked.
Following this process thoroughly can take e a while. Even if you’re meticulous, you can still miss some accounts. You have to rely on people to remember all the applications they signed up for and properly respond to your requests. Also, once the initial spreadsheet is created, the process must be repeated on an ongoing basis to make sure you’re constantly capturing new accounts.
Alternatively, you can use a SaaS management platform that will automate this process for you. SaaS spend management applications can leverage existing applications, such as accounting software and G Suite, to seek out SaaS subscriptions and compile them in one place. You don’t have to chase people down to find all of their accounts and hope that they’ve provided an accurate list. The platform can run in the background on an ongoing basis, actively monitoring user accounts so you can focus on other tasks.
2. Assign ownership of each SaaS application to a specific admin or team
It’s a best practice to assign an admin for tools like Salesforce, and it should be repeated across the board. Every single platform should have an owner. If that person leaves or changes teams, they are responsible for handing off responsibility to their manager or another teammate.
3. Establish clear policies for approving and renewing subscriptions
As easy as it is to adopt SaaS applications, it’s important to have rules in place to ensure you keep track of them and that they align with company guidelines. Create policies for purchasing and renewing SaaS subscriptions. Communicate these rules company-wide and hold employees accountable.
Here are a few policies to consider:
- All subscriptions require approval from a manager.
- Anyone purchasing a new SaaS subscription must notify IT and/or accounting, regardless of how they pay for it.
- All contracts must meet company standards, such as being HIPAA compliant or having SOC certification.
Fending off zombie accounts is easier with SaaS spend management software
Implementing these best practices alongside SaaS spend management software can help you tackle zombie accounts efficiently. These platforms not only help you surface potential zombie accounts, but they also help you make smarter decisions about your SaaS applications. Look for solutions with the following features:
- Ability to visualize all user accounts for all employees
- Analytics that break down different ways to eliminate unnecessary software costs
- Heat maps that show how often a system is being used, so you can make smarter decisions about whether someone needs a pro or free license
SaaS applications are continuing to grow in popularity. There’s an application tailored to every role, in every business, in every industry. The convenience of these applications is an asset. It’s up to you to balance that ease of use with SaaS spend management practices and technology. With the right processes and tools in place, you can give employees the freedom to use the SaaS applications they need while reducing financial and security risks.
