Ghost subscriptions: the SaaS budget growing without IT's knowledge

Three simultaneous trends made this permanent after 2020:

• One-click purchase — modern SaaS goes from email + credit card to active in 30 seconds. No IT approval step.
• Widespread corporate cards — mid-level managers and team leads can buy with their own limits. Finance sees one line: "Stripe $89/mo", the provider is opaque.
• Departmental autonomy — marketing, sales, design, engineering pick their own tools. Not because they want to bypass IT; that's just how the workflow is now.

In an average organisation, the SaaS list IT actually maintains is 40–60% of the real number. The rest is hidden in finance data behind anonymous payment-processor names like "Stripe" / "PayPal" / "Adyen".

Traditional SaaS management tools try to solve ghost subscriptions from finance data: they connect to accounting, categorise, claim "we can save you 30%". This approach falls short for three reasons:

1. Anonymous payment processors

Payments through Stripe, PayPal, Adyen, iyzico appear in finance as just "Stripe payment". Which app, which team, which user — unknown.

2. Free tiers

Notion, Trello, Slack, Figma — many apps have a free starting tier. A team starts on free, gradually 20–50 people join, personal data flows. No bill ever reaches finance. Risk is maximal.

3. Personal account → corporate use

A designer starts on a personal Figma account and uploads corporate files there. No corporate card, finance integration is blind. But the data is the firm's, and so is the risk.

A ghost subscription hurts finance in four different ways:

• 1. Duplication — marketing uses Slack, engineering uses Discord, sales uses Teams. Same need, three separate subscriptions.
• 2. Idle product — the subscription is active, but nobody has used it in six months. The bill keeps coming.
• 3. Idle seat — the app is in use, but half of the assigned seats haven't logged in for 90+ days.
• 4. Renewal surprise — a one-year auto-renew, the team has changed, no usage, but you're committed to 12 more months.

Together these four costs typically equal 20–30% of a firm's SaaS spend. So the portfolio that's outside the inventory eats nearly a third of the annual SaaS budget by itself.

1. Endpoint-based SaaS inventory

Put the finance list aside. Build a real usage inventory through endpoint agent + browser extension. The delta is your ghost-subscription list.

2. Per-department showback

List which department is using each app, attribute the bill to that department. Decisions change when departments see their own cost.

3. 90-day usage baseline

Distinguish active seats, idle seats, and never-logged-in across a 90-day window. Renewal decisions made with data are decisions that hold.

4. Approval-thresholded purchase

As a policy: any SaaS purchase on a corporate card above $25/mo requires IT approval. Equivalent to: catching ghost growth at its starting point.

To stop asking "What was this app, again?", finance data alone isn't enough — because ghost subscriptions by definition aren't there. The answer is an inventory grounded in actual usage and a showback model that makes departmental responsibility visible.

CenseCloud builds this inventory through endpoint + browser extension + finance correlation. See the SaaS cost solution→ or the CenseCost module→ for details.