SaaS subscription management: How to stop shadow IT and boost security
Andreas RøyrvikBefore I started Cardboard, I worked as a developer in several tech startups and scaleups in Norway. In the early days of a startup, you buy a lot of SaaS - at least in the companies where I worked. Every time you buy something you need to need a 2FA code from your bank, which typically only the CEO or the CFO has access to. In a startup, people are always busy, and the person with access to the code is often not around when you need it. So sometimes you wait, or, if you get really impatient, you just buy it with your personal card and get reimbursed somewhere down the road. SaaS purchasing for employees was a cumbersome process.
I also remember it was a regular occurrence to get emails from our hosting provider telling us that our servers were about to go down because they hadn’t been able to charge our card due to insufficient funds. We had no way of knowing how much money was available on the card, because again, that's only something that a busy person with bank authentication codes was able to see. We came pretty close to having our servers go down a couple of times.
Since we were using a credit card, we also had several cases where the amount we had to pay was higher than our credit limit, and when that happens we had to call our bank to temporarily increase the limit, which usually meant waiting in line for 20 minutes before the bank would pick up our phone call.
Fast forward two years: we now had hundreds of employees and spent significantly more on SaaS purchasing for employees, and things were starting to get messy. Even though the CFO had to approve all card payments with their personal BankID, there were still quite a lot of people no longer working at the company who had access to our card details. We still struggled to keep enough money on our card to pay for everything, and the consequence was bigger than ever before. And since it's been so cumbersome for people to pay for stuff using the company card and have made purchases with their private card, you have shadow IT that you don't even know of - which is really bad for security and GDPR.
Not sure whether ex-employees still have access to your company cards?
Since you're not aware of all payments and they're not going through your company card, they might also start failing once employees leave. In one of my previous companies we lost the domain for one of our market's web shops because an early employee had used their personal card to pay for it, and hadn't told anyone before leaving. That meant that our online store was down for over a week!
For me as a developer it was really frustrating, because I was often the first to notice but didn’t have access to do anything about it. With no oversight, companies also risk paying for tools that are no longer in use, which makes it impossible to prevent SaaS overspend effectively.
Cardboard - get all of our SaaS subscriptions in one place
By using Cardboard, you get all of our subscriptions in one place. You reduce shadow IT subscription costs by letting all of your employees come with whatever they are paying for - and they will be happy that they no longer need to do reimbursements. In Cardboard, you decide who can buy - you can give an employee access to buy exactly the subscriptions that they need and nothing else. And since you've given them access to the card, they don't need to wait for the CFO to approve the BankID request. Our cards belong to the company, and not an individual, which means that it continues to work after they leave.
When it comes to keeping the lights on, Cardboard will always notify you when it's time to top up your account, eliminating the risk of critical systems going down due to failing payments. This kind of visibility is why modern finance teams should see SaaS spend control for CFOs as an essential feature, not a nice-to-have.
From Chaos to Control: SaaS subscription management before vs. after
Before
- SaaS purchases required CEO/CFO BankID → delays in approvals
- Staff used personal cards + reimbursements → created shadow IT
- Company card often had insufficient funds → servers nearly went down
- Credit limits frequently maxed out → required long bank calls
- Ex-employees still had access to card details
- No visibility of all subscriptions → duplicate or unused tools still billed
- Real incident: company lost a domain because it was tied to an ex-employee’s personal card
- Developers noticed issues but had no access to fix them
- High risk of GDPR issues, misuse, and overspending
- Startups & scaleups struggled with messy, manual processes
After
- Employees get direct access to approved subscriptions without waiting for BankID or similar approvals
- Company cards tied to the organization, not individuals
- Top-up notifications prevent downtime from failed payments
- Smooth payments without manual bank approvals or credit limit issues
- Ex-employee access automatically cut off once they are off-boarded
- All subscriptions managed in one place with full visibility
- Centralized payment ensures critical assets (like domains) remain secure
- Finance teams + department managers get clear control and oversight
- Reduces shadow IT, ensures compliance, and prevents SaaS overspend
- Both startups & large companies save costs, reduce risk, and gain efficiency
Whether you use Cardboard or any other SaaS management platform, I highly recommend using one. As a startup, you eliminate a lot of future problems, in addition to saving a lot of costs by staying on top of what you're spending money on, and saving money on accountant hours. With a SaaS subscription management platform, these can be easily managed. As a larger company, you eliminate risk, both in terms of downtime, misuse of company funds, and data leakage to services you didn't even know you were using.