LastPass, a global leader in password and identity management trusted by over 100,000 businesses worldwide, unveiled SaaS Protect at Black Hat 2025. Building on the company’s existing SaaS Monitoring capabilities, SaaS Protect introduces a robust set of policy enforcements that enable organizations to move from passive visibility into proactive access control. With features including customizable SaaS app policies, credential risk detection, and real-time enforcement reporting, SaaS Protect empowers IT and security teams to address Shadow IT and Shadow AI and credential misuse with speed, precision, and confidence.
Business benefits include:
- Real-time SaaS governance: Quickly restrict access to unsanctioned or high-risk SaaS apps and guide user behavior with custom warnings.
- Audit-ready compliance: Generate governance reports with SOC 2 and other compliance frameworks in mind.
- SaaS cost optimization: Identify duplicate or over-licensed apps to help reduce spend and tech sprawl.
SaaS Protect is now available in beta to current LastPass Business and Business Max customers and will be included at no additional cost in the Business Max bundle. The feature is being showcased live at Black Hat 2025, with general availability expected in early Fall.
SaaS Sprawl is putting small and mid-sized businesses at elevated risk
According to Zylo, small and mid-sized businesses now use an average of 275 known SaaS applications, but IT teams oversee just 26% of that spend, with the rest driven by business units and individual employees. In addition, recent studies show organizations may be using 10 times more SaaS apps than they realize, with Shadow IT and Shadow AI tools pushing the actual footprint to hundreds of applications.
Also Read: Daloopa Receives $13 Million Strategic Investment to Power Next-Generation AI in the Financial Industry with the Most Accurate and Complete Data Infrastructure
This mix of sanctioned and unsanctioned tools creates a sprawling, fragmented attack surface that most smaller organizations lack the resources to monitor or secure. Alarmingly, around 78% of users reuse the same password across multiple accounts, and when those reused or weak credentials tie back to unmanaged apps, credential risk can skyrocket. IT can’t protect what they don’t know exists, leaving sensitive data exposed, compliance at risk, and productivity strained by fragmented access and limited support.
“Small and mid-sized businesses are facing a perfect storm of complexity: unknown risks living within unknown apps and AI services,” said Don MacLennan, Chief Product Officer at LastPass. “We built SaaS Protect to turn that chaos into clarity. It’s designed specifically for resource-constrained businesses that need visibility, policy enforcement, and credential protection without adding operational overhead.”
Transforming visibility to action
Launched in May 2025, LastPass SaaS Monitoring gave organizations and LastPass Partners a consolidated view of application usage and credential hygiene. But visibility alone isn’t enough. With 75% of employees expected to use unauthorized tech by 2027, businesses need a way to intervene quickly and confidently.
That’s where SaaS Protect comes in. Building on the foundation of SaaS Monitoring, SaaS Protect gives businesses the ability to act on how tools are being used, spot risky behavior, and make informed decisions about which apps to allow, restrict, or retire.
All of this happens without disrupting the workforce. No device agents. No heavy deployments. The feature operates via the browser extension on employee devices, with activity data and policy enforcement results populating directly in the admin console.
Source: BusinessWire