A CFO at a mid-market financial services group asked her IT Director a straightforward question last quarter: 'What are we actually spending on application management?'
Four weeks later, the IT Director returned with an answer. The number was £3.63 million annually. The CFO had expected something closer to £800K.
The difference nearly £2.8 million had been hiding in plain sight across redundant contracts, overlapping support arrangements, and IT staff spending the majority of their working week maintaining software that fewer than one in twenty employees actually opened.
This is not an unusual story. It is the rule.
What Application Sprawl Actually Costs
Application sprawl is the term used to describe what happens when an organisation accumulates more applications than it has visibility, governance, or strategy to manage. Every enterprise experiences it. Very few quantify it.
When Camwood conducts an initial ALICE assessment with a new client, the first finding is almost always the same: the organisation is running significantly more applications than anyone believed. The second finding is equally consistent: the majority of those applications fall into one of four categories of waste.
The first is duplicate versions of the same application multiple editions or releases running in parallel across departments, business units, or acquired entities. In a recent post-acquisition assessment, Camwood found several generations of the same productivity and collaboration tools deployed simultaneously, alongside multiple versions of Acrobat and overlapping video conferencing platforms all actively supported at the same time. This duplication creates avoidable cost across procurement, support, compatibility, and security management. Illustrative annual waste from duplication and version sprawl: £2.4 million.
The second is underutilisation software that is licensed, installed, and supported but rarely or never used. Usage analytics reveal that in most enterprises, between 30% and 50% of installed applications have been opened by fewer than 5% of users in the past 90 days. Every one of those applications carries a cost, a support obligation, and a security monitoring requirement.
The third is legacy maintenance the ongoing cost of keeping ageing applications operational. This includes extended support agreements (which typically cost three to five times standard support rates), compatibility infrastructure maintained solely to run legacy software, and specialist staff retained or contracted to support systems that no longer receive security updates.
The fourth, and most insidious, is incident cost the financial impact of security breaches, compliance failures, and operational disruptions traceable to unmanaged applications. A single GDPR enforcement action resulting from a data breach in an unpatched legacy application can exceed the entire annual IT application budget.
The M&A Accelerant
For organisations that have grown through acquisition, application sprawl is not a gradual problem it is an overnight crisis. Every acquisition brings a new application estate with its own licences, its own infrastructure dependencies, its own security posture, and its own tribal knowledge about what runs what.
A typical post-acquisition scenario presents an IT Director with four separate Microsoft 365 tenants, 1,800+ applications scattered across the combined business, multiple versions of every core productivity tool, and a board expecting consolidation to be complete within a financial quarter.
The traditional approach to this challenge manual inventory, spreadsheet mapping, sequential rationalisation takes between six and eighteen months. During that period, the combined organisation haemorrhages money on duplicate licensing and accumulates security risk from unmonitored legacy software in the acquired estate.
Camwood's ALICE platform eliminates this delay. By connecting to existing infrastructure SCCM, Intune, Active Directory, and network scans across all acquired tenants simultaneously, ALICE produces a complete, consolidated inventory of every application across every entity within 24 hours. Not weeks. Hours.
The Security and Compliance Cost Nobody Quantifies
The financial exposure most commonly overlooked in application sprawl conversations is not licensing cost it is regulatory and security risk.
Unmanaged application estates contain three categories of security liability. End-of-life software that no longer receives security patches but remains operational because decommissioning it requires someone to understand its dependencies first. Applications with known CVEs (Common Vulnerabilities and Exposures) that have not been patched because they are not on any monitoring register. Shadow IT applications software installed outside of IT governance processes that bypass security controls entirely.
A CISO at a financial services firm recently shared the outcome of their ALICE assessment: 47 applications discovered across acquired tenants were past end-of-life. Three had critical vulnerabilities actively being exploited in the wild at the time of assessment. The organisation had no knowledge these applications existed.
The potential GDPR enforcement exposure: £4.2 million. The cost of the ALICE assessment that identified the risk: a fraction of that.
What £2.9 Million in Annual Savings Looks Like
The financial case for structured application rationalisation is not theoretical. It is built from the consistent results Camwood has delivered for 200+ enterprise clients over 25 years.
For the financial services group referenced at the opening of this article, the ALICE assessment produced a complete estate inventory in 24 hours. The rationalisation analysis identified 1,847 applications, of which 186 were genuinely essential to business operations a 90% reduction candidate pool.
The consolidation programme that followed delivered:
- Licensing Rationalisation: from £2.4M to £720K annually a saving of £1.68M
- Support Contract Consolidation: from multiple vendor agreements to unified managed service — saving £630K annually
- Training Standardisation: eliminating cross-system training duplication — saving £242K annually
- Total Annual Saving: £2.55M, representing a 70% reduction in application-related operational costs
The ROI on the ALICE assessment and subsequent programme, measured over the first year: 8,700%.
For a board that has been asking why IT costs continue to grow without corresponding business value improvement, these numbers represent a fundamentally different conversation.
The 24-Hour Assessment That Changes Everything
The most common reason enterprises delay addressing application sprawl is the assumption that the inventory exercise itself will take months. It is a reasonable assumption based on prior experience of manual approaches.
ALICE eliminates that barrier. The platform integrates with existing infrastructure in a matter of hours, requires no replacement of current systems, and produces a complete estate inventory within a single working day. The 30-day assessment programme then converts that inventory into a board-ready rationalisation roadmap: prioritised by financial impact, security risk, and operational complexity.
For CFOs who want to understand the true cost of their application estate before the next budget cycle. For CIOs who need board-ready answers to questions about IT spend. For M&A teams facing an integration timeline measured in quarters rather than years.
Camwood offers a free assessment. No commitment. No disruption. Just clarity delivered in 24 hours.
The Bottom Line
Application sprawl is not a technical problem. It is a financial performance problem masquerading as a technical one.
The cost sits invisibly across licensing agreements, support contracts, infrastructure budgets, and incident response reserves. It grows with every acquisition, every shadow IT deployment, and every legacy application that outlives its business purpose.
The enterprises that address it systematically using intelligent discovery, data-driven rationalisation, and managed ALM practices consistently recover millions in annual savings whilst simultaneously reducing security exposure and accelerating their transformation programmes.
The question is not whether your organisation has this problem. It almost certainly does. The question is how long you are prepared to fund it.
The Four Categories of Waste: A Financial Breakdown
The following breakdown is drawn from a typical post-acquisition enterprise estate assessment. Figures are illustrative of the cost structure Camwood consistently identifies across similar-sized organisations.
|
Waste Category |
Description |
Typical Annual Cost |
Post-Rationalisation Cost |
Annual Saving |
|
Duplicate Licensing |
Same software procured independently across departments or entities |
£2.4M |
£720K |
£1.68M |
|
Legacy Maintenance |
Extended support at 3–5× standard rates; specialist staff for EOL systems |
£890K |
£260K |
£630K |
|
Training Duplication |
Duplicate training on overlapping or conflicting tools across entities |
£340K |
£98K |
£242K |
|
Total |
|
£3.63M annually |
£1.08M annually |
£2.55M (70% reduction) |
Note: Underutilised application costs are embedded within licensing and support figures above. Incident costs from preventable security breaches (£50K+ annually) are not included in this table but add further to the saving case.
Manual Inventory vs ALICE: A Direct Comparison
|
Dimension |
Manual Approach |
ALICE Assessment |
|
Time to complete inventory |
6–18 months |
24 hours |
|
Accuracy |
Estimated counts, significant gaps |
Complete, validated inventory |
|
Security visibility |
Unknown until manually reviewed |
Integrated Defender assessment from day one |
|
Duplicate identification |
Manual cross-reference across spreadsheets |
Automated cross-tenant analysis |
|
Board-ready output |
Months after assessment begins |
3 weeks from engagement start |
|
Ongoing maintenance |
Resource-intensive, always out of date |
Continuously updated, automated |
|
Cost during discovery period |
Continued duplicate spends throughout |
Duplicates identified immediately, action within week one |
|
Total investment |
Internal resource at significant opportunity cost |
Free 30-day assessment, no commitment |
Related Reading in This Series
- Why Application Lifecycle Management Is the Hidden Engine of Enterprise Digital Transformation: The strategic case for ALM governance and what it enables
- Post-Merger Application Chaos: How to Regain Control Before the Board Loses Patience: The M&A-specific rationalisation case with £2.9M outcome
- Application Rationalisation: The 95% Reduction Strategy: How the 95% reduction is achieved in practice, step by step
- The Zero-Day Problem: Why Security-First Patch Management Is No Longer Optional: The security and compliance cost of unmanaged application estates
