Modern IT environments have inevitable gaps and inefficiencies due to fragmented tools and complex configurations in each tool.
The result is a lack of visibility of these gaps and opportunities, often unrecognized for months or, sometimes, years. The impact is security gaps, reduced employee experience, or missed cost savings.
IT teams have to manage 10s to 100s of tools including Core IT tools such as Okta, JAMF, Active Directory, company-wide tools such as Slack, Zoom and Office365, and function specific SaaS tools like Salesforce, Asana, and Airtable.
And core tools in particular have complex configurations - intricate webs of employees, contractors, apps, groups, and channels.
This results in a mesh that’s incredibly hard to decipher, and hence, gaps abound.
But never fear! At Stitchflow, we’re focused on fixing these issues for IT teams. We’ve seen consistent themes in the gaps caused by lack of IT visibility.
In this article, we lay out the exact tests you need to perform on your IT environment to ensure everything is in tip top shape for 2025!
The 4 types of visibility gaps in IT environments
First, let’s lay out the 4 categories of gaps you need to test for in your environment.
We’ve summarized the gaps, key areas of risk, impact on an organization’s productivity, security and cost, and the typical size of these gaps we see in IT teams.
| Category of Gap | Description | Impact | Typical Ranges Seen |
|---|---|---|---|
| Employee Management | Improper access to resources | Security, Audit, Cost | - 5-10% of employees with access after leaving company - 10-15% of employees without required access |
| Resource Drift | Group and channel membership errors | Employee productivity | - Over 10% inconsistency between communication platforms - Issues with Slack/Teams channels, Okta/AD groups, and Google group membership - Most concentrated in high-turnover teams (especially Sales) |
| Compliance and Device Security | Security and compliance gaps | Security, Audit | - 2-5% of employees without MFA - 5-10% of devices with no MDM, AV, or backup - 2-5% of devices without FileVault |
| SaaS App Gaps | Unused and underutilized SaaS | Cost | - >25% of all SaaS licenses under or unutilized |
Your detailed checklist to avoid these gaps
To mitigate these risks, we've compiled a comprehensive list of tests to run in your organization. These tests cover categories across all 4 types of visibility gaps and should be run once a month to once a quarter.
Employee Management
| Category | Description |
|---|---|
| Reconciling Systems of Record | Compare membership of AD, Okta, Google Workspace, MDMs, and any other employee systems to find users missing in each. |
| Incomplete Offboarding | - Deprovisioned Okta/AD users with 1 or more active apps. - Offboarded users with active accounts in tools (for each tool). - Offboarded users with admin roles. - Offboarded users with active group and channel membership. - Offboarded users with active devices. |
| Incomplete Onboarding | - Missing attributes for users in systems of record (e.g., type of employee). - 2FA/MFA not set up. - User never logged in. |
| Github (or Other Code Repos) | - Github teams membership with write access. - Github users - External users. - Github users deprovisioned in Okta/AD (non-external). - Github users not in Okta/AD. |
| Google Workspace/Office 365 | - Google/Office365 group access levels. - Google/Office365 group membership with external members. - Active Google/Office365 users deprovisioned Okta/AD. - Google admin roles and users. - Google/Office365 group memberships and roles. - Suspended Google/Office365 users in 1 or more Google/Office365 groups. - Suspended Google/Office365 users with active OAuth tokens. - Suspended Google/Office365 users with Google/Office365 admin roles. - Suspended Google/Office365 users with Owner role in Google/Office365 groups. |
| Group Permissioning | Verify permission levels for each Okta/AD/Google group. |
| Slack/Teams | - Active Slack users deprovisioned or missing in Okta/AD (non-external). - Slack user access: External users (non-company-domain.com). - Slack/Teams guest accounts. |
| Zoom | - Active Zoom users deprovisioned or not in Okta/AD (non-external). - Zoom user access: External users on Zoom (non-company-domain.com). |
Resource Drift
| Category | Description |
|---|---|
| Missing Members | - Missing from Google/Office365 group: Various departments and custom orgs. - Missing from Okta/AD group: Various departments and custom orgs. - Missing from Slack/Teams channel: Various departments, including Customer Success, Engineering, Sales, Marketing, and People Managers. |
Compliance and Device Security
| Category | Description |
|---|---|
| Device Health | - Anti-virus not up to date or responding. - Back-up not up to date or responding. - Devices with older model years. - MDM devices and details. - MDM devices with last boot > 1 month. - MDM devices with last check-in > 1 month. - Okta Managed Devices. - Suggestion: Computers with memory <16 GB / older processors. |
| Security | - Blacklisted IP for Okta/AD. - Devices with iOS versions. - Installed apps / OAuth apps with known threats from public sources. - Installed software out of date. - MDM Blueprints/configuration profiles not set up. - MDM device with FileVault not enabled. - Okta users not enrolled in MFA. |
SaaS App Usage
| Category | Description |
|---|---|
| All Tools | Identify unused software licenses (no authentication or usage in the last 3 months). |
Clean-Up
| Category | Description |
|---|---|
| Clean-Up | - Empty or unused Google/Office365 groups. - Empty or unused Okta/AD groups. - Slack channels with 0 members. - Slack groups with 0 members. |
You can fix these gaps manually, or Stitchflow can do it for you automatically!
Stitchflow completely eliminates the manual work involved and addresses all of the gaps in IT environments due to a lack of visibility. The platform connects every IT tool into a single pane of glass giving IT teams 360 visibility across their entire environment.
Stitchflow automatically applies over 100 checks across user access, drift in enrollment between groups, apps and channels, device health, compliance checks, and unused apps.
Stitchflow identifies exactly what needs to be fixed, enables remediation in bulk, and then automates maintenance so gaps are addressed as soon as they are found.
20 IT teams from incredible companies like Drata, Forma and Starburst Data have been using Stitchflow since May and are seeing daily value - hours saved every week in spreadsheets, quick identification of gaps in their environments, and the ability to rectify painful issues in bulk.
Stitchflow’s free pilot is commitment-light, requiring no set-up; All you have to do is authenticate your tools and Stitchflow generates a gap analysis.
Book your demo to see how Stitchflow gives you instant visibility into your IT environment and have confidence in the continuous correctness of your IT environment going forward.
Jay has been serving modern IT teams for more than a decade. Prior to Stitchflow, he was the product lead for Okta IGA after Okta acquired his previous ITSM company, atSpoke.
