The Hidden Costs of Security Tool Sprawl
▼ Summary
– Mobile devices are a primary attack surface for AI-driven phishing, with over a million enterprise employees exposed in Q2 2025, increasing the need for strong device governance and visibility.
– BYOD programs reduce enterprise control over endpoints, and effective cost and security management both depend on accurate device inventory and a lifecycle ownership approach.
– Many enterprises operate multiple UEM platforms, leading to inconsistent security controls, operational gaps, and predictable failures during security incidents.
– SaaS license waste, with nearly half of licenses unused in 2025, overlaps with identity risk by expanding the attack surface through unmanaged integrations and shadow IT.
– AI and cloud spending introduce new risks, as rapid, hard-to-track AI budget growth outpaces governance, and cloud pricing shifts force workload scrutiny that can benefit security through better asset management.
Modern enterprises operate within sprawling digital ecosystems encompassing mobile devices, cloud infrastructure, SaaS applications, and telecom networks. A critical yet often overlooked challenge is that spending control in these areas frequently falls outside the security organization’s direct purview, even though the operational consequences land squarely on security teams. This disconnect creates significant governance failures, exposing organizations to heightened risks across identity management, endpoint security, and infrastructure visibility. Recent analysis connects these cost domains directly to recurring cybersecurity vulnerabilities.
The financial pressures within mobility, cloud, and telecom categories are intensifying, driven by factors like widespread AI adoption, supply chain instability, evolving pricing models, and rampant tool sprawl. These same pressures mirror and exacerbate common security problems, including unmanaged endpoints, incomplete asset inventories, inconsistent policy enforcement, and a lack of accountability for usage.
Mobile devices have evolved into a primary attack surface for sophisticated social engineering. Employees are increasingly targeted with AI-driven phishing and impersonation attacks, where messages are crafted using scraped public data and generative AI creates convincing content at an industrial scale. Data indicates that over a million enterprise employees were exposed to mobile phishing in a single recent quarter, marking a sharp increase. Executives proved particularly vulnerable, being significantly more likely to fall for personalized deepfake and phishing attempts.
While email remains a core threat vector, mobile phishing at this scale demands stronger governance. Security and IT teams require comprehensive visibility into device inventory, enrollment status, patch levels, and access controls to enforce consistent security standards across the entire fleet. Broader market volatility further complicates this task, with smartphone supply chain shifts and predicted price increases pushing companies toward delayed refresh cycles and mixed device models. These conditions inherently weaken the enforcement of security baselines.
Bring-your-own-device (BYOD) programs, often managed primarily for cost savings, simultaneously erode enterprise control over endpoints. Corporate-liable device models offer stronger command over refresh cycles, security enforcement, and lifecycle management. A strategic lifecycle approach is recommended, treating devices as owned assets and decoupling device negotiations from service plans, especially as carrier subsidies diminish. Both cost control and security control hinge on a single foundational requirement: accurate and maintained inventory. Effective lifecycle management enforces this discipline, linking device ownership, refresh timing, and reuse strategies to stronger overall oversight of the mobile environment.
A fragmented approach to endpoint management creates substantial risk. Many organizations still operate multiple unified endpoint management (UEM) platforms, with a majority running two or more and a sizable portion using three or more. This sprawl leads directly to operational security gaps: inconsistent device posture validation, holes in logging and telemetry, different policy templates across business units, and multiple admin consoles with varying access. During security incidents, this fragmentation creates predictable failure patterns, hampering rapid response actions like isolating a device or revoking access. Notably, despite mobile devices being implicated in a majority of recent security incidents, only a minority of organizations have deployed Mobile Threat Defense, suggesting mobile security is still treated as optional.
SaaS governance lapses represent both massive financial waste and significant identity risk. Recent figures show nearly half of all paid SaaS licenses go completely unused, translating to billions in wasted expenditure. This SaaS sprawl dangerously expands the attack surface through unmanaged integrations, exposed API tokens, and shadow IT procurement. Security teams often only discover these tools reactively, after an incident, during an audit, or following a vendor breach. Cloud expense management platforms that analyze usage data to find wasted licenses and renewal risks can also support vital security objectives like access recertification, least privilege enforcement, and early detection of unauthorized app adoption.
Cloud pricing models are also shifting, particularly as AI demands drive data center investments, with some providers announcing price increases for infrastructure services. This cost pressure forces organizations to scrutinize workload placement, instance selection, and region usage, which can yield substantial savings. Security teams benefit directly from this enforced financial scrutiny, as it necessitates better asset tagging and ownership, clearer mapping of workloads to business purpose, more consistent environment segmentation, and closer attention to configuration drift. When engineering teams deploy workloads without cost accountability, security governance tends to deteriorate in parallel.
AI expenditure has rapidly emerged as its own distinct risk category. AI workloads, characterized by GPU-intensive processing, rapidly scaling containers, and continuous retraining, create spending patterns that are difficult to track across scattered cost centers. AI budgets are growing at a pace far exceeding general IT budgets, and most executives view this surge as a major driver of operational complexity, including vendor sprawl. Security leaders see the governance exposure: AI programs often expand faster than controls can be established, creating risks in data sourcing, model training pipeline security, access to sensitive datasets, third-party vendor risk, and deployment practices. Key AI cost metrics, like cost per inference or GPU hours per model, carry security relevance, as sudden spikes can serve as operational signals for anomaly detection, potentially indicating abuse, misconfiguration, or unauthorized access.
Finally, licensing changes from major vendors are turning cost management into a security imperative. For instance, the end of volume-based discounts for certain online services has led to immediate cost increases for large enterprises. This pressure forces reassessments of licensing mixes and renewal strategies, actions that require detailed usage data. This process of rationalization and scrutiny inherently strengthens security posture by forcing better oversight and management of software assets and access rights.
(Source: HelpNet Security)
