Security teams are paying for sprawl in more ways than one

Most enterprises run security programs across sprawling environments that include mobile devices, SaaS applications, cloud infrastructure, and telecom networks. Spend control in these areas often sits outside the security organization, even when the operational consequences land directly on security teams. Tangoe’s 2026 Trends & Savings Recommendations Report connects these cost domains to recurring governance failures that create risk exposure across identity, endpoint management, and infrastructure visibility.

The report focuses on IT expense management across three major areas: mobility, cloud, and telecom. Each category includes cost pressures driven by AI adoption, supply chain volatility, pricing model changes, and tool sprawl. Those pressures also track closely with common cybersecurity problems, including unmanaged endpoints, weak asset inventory, inconsistent policy enforcement, and poor accountability for usage.

Mobile fleets are now a social engineering attack surface

Mobile devices have become a primary entry point for AI-driven phishing and impersonation attacks. Employees receive targeted messages built from scraped public data, and attackers use GenAI to produce realistic content at scale. Tangoe reports that more than one million enterprise employees were exposed to mobile phishing in Q2 2025, representing a 20% increase from Q1. Executives were also 23% more likely to fall for personalized attacks such as deepfakes and tailored phishing content.

Security teams already treat email as a core threat vector. Mobile phishing at that scale increases the need for stronger mobility governance. Security and IT teams need visibility into device inventory, enrollment status, patch levels, and access controls to reduce exposure and enforce consistent standards across the fleet.

The report also describes broader mobility volatility tied to device supply chains and pricing uncertainty. It cites a nearly 40% drop in U.S. smartphone shipments assembled in China over the past year. It also cites research estimating smartphone average selling prices could rise by about 7% in 2026.

Those market conditions push organizations toward delayed refresh cycles, mixed device models, and uneven replacement schedules. Each of those conditions complicates security baseline enforcement.

BYOD programs create cost and governance problems

BYOD programs are often managed as a cost lever, but they also reduce enterprise control over endpoints. Corporate-liable models provide stronger control over device refresh cycles, security enforcement, and lifecycle management. Tangoe recommends a lifecycle approach that treats devices as owned assets and separates device negotiations from service plan negotiations as carrier subsidies decline.

Cost control and security control rely on the same foundational requirement: accurate inventory. Tangoe emphasizes lifecycle management as the mechanism for enforcing that discipline, tying device ownership, refresh timing, sourcing flexibility, and reuse or repurposing strategies to stronger oversight of the mobility environment.

Cost control and security control rely on the same foundational requirement: accurate inventory.

UEM sprawl leads to inconsistent security controls

Many enterprises still operate multiple unified endpoint management platforms. Tangoe cites a 2024 IDC study finding that more than 70% of enterprises run two or more UEM platforms, and over a third run three or more. 

This fragmentation creates operational problems:

• Inconsistent device posture validation
• Gaps in logging and telemetry
• Different policy templates across business units
• Multiple admin consoles with varying access controls

Tool sprawl also creates predictable failure patterns during incidents. When a security team needs to isolate a device, revoke access, or confirm enrollment status, the response depends on clean, centralized management controls.

The report also includes a key mobile security statistic: only 35% of organizations have Mobile Threat Defense in place, even though mobile devices play a role in 59% of recent security incidents.

That gap suggests mobile security remains treated as optional in many organizations, even as attackers expand into mobile-first delivery methods.

SaaS license waste overlaps with identity risk

SaaS governance continues to drift in many enterprises. Tangoe reports that in 2025, almost half of all SaaS licenses paid for were never used, representing more than $20 billion in wasted spend.

SaaS sprawl also increases the attack surface through unmanaged integrations, API tokens, and shadow IT procurement. Security teams typically discover these tools after an incident, during an audit, or when a vendor breach triggers an internal review.

The report describes cloud expense management platforms that ingest usage data across SaaS environments to identify unused licenses and renewal risks. That same usage visibility supports security goals like access recertification, least privilege enforcement, and early detection of unauthorized application adoption.

Cloud pricing shifts are forcing tighter workload governance

Cloud providers continue to adjust pricing models, especially as AI drives data center investment. Tangoe notes that IBM plans to raise global pricing by about 6%, with some IaaS offerings increasing by as much as 10%.

Cloud cost pressure pushes organizations to scrutinize workload placement, instance selection, and region usage. The report describes workload placement decisions as a major lever, with potential IaaS savings of up to 50% depending on the environment.

Security teams benefit from this kind of workload governance because it forces better tagging and asset ownership, better mapping of workloads to business purpose, more consistent environment segmentation, and more attention to cloud configuration drift.

When engineering teams can deploy workloads freely without cost accountability, security governance tends to follow the same pattern.

AI spend has become its own risk category

AI workloads introduce spending patterns that differ from typical cloud usage. Tangoe describes GPU-heavy workloads that scale rapidly, containerized environments that expand quickly, and continuous retraining that drives ongoing compute and storage consumption. It also points to scattered cost centers that make AI spend difficult to track.

Tangoe states that AI budgets are growing three times faster than IT budgets. It also states that over 80% of executives view the surge in AI spending as a driver of complexity, including vendor sprawl and fragmented accountability.

Security leaders see the same pattern through a different lens. AI programs often expand faster than governance, which creates exposure in data sourcing and model training pipelines, access control to sensitive datasets, vendor onboarding and third-party risk, and model deployment practices across cloud and edge environments.

The report also describes AI cost metrics such as cost per token, cost per inference, GPU hours per model, data-egress cost per result, and idle training compute. These metrics have security relevance because they provide operational signals that can also support anomaly detection. A sudden spike in inference usage or egress cost can indicate abuse, misconfiguration, or unauthorized access.

Licensing changes are turning Microsoft cost management into a security issue

Tangoe notes that Microsoft ended volume-based discounts for online services under major volume licensing agreements as of November 1, 2025. The report states that some large enterprises are already seeing increases of up to 13%.

Microsoft licensing changes are also becoming a major cost management issue. Tangoe notes that Microsoft ended volume-based discounts for online services under major volume licensing agreements as of November 1, 2025. The report states that some large enterprises are already seeing increases of up to 13%, increasing pressure to reassess licensing mix, model downgrade scenarios, and renegotiate renewals with usage data.