Security monitoring tool for shadow IT risks rolled out by LastPass for safety-focused teams
In the digital age, the proliferation of SaaS applications and the rise of shadow IT pose significant challenges for small and mid-sized businesses. To address these issues, LastPass, a leading provider of password management solutions, has unveiled a new feature called SaaS Protect.
SaaS Protect is designed to empower IT and security teams with proactive governance and control over SaaS application usage. Building on LastPass' existing SaaS Monitoring, SaaS Protect introduces policy enforcement capabilities, allowing teams to transition from merely observing app usage to actively managing risk in real time.
Key functionalities of SaaS Protect include real-time SaaS governance, credential risk detection, audit-ready compliance reporting, SaaS cost optimization, and non-intrusive deployment.
Real-time SaaS governance allows administrators to quickly restrict or allow access to unsanctioned, duplicate, or high-risk SaaS and AI applications. Customizable in-app warnings guide user behavior towards compliant usage.
Credential risk detection identifies risky credential practices, helping prevent unauthorized access and account takeovers linked to weak or reused passwords.
Audit-ready compliance reporting generates reports aligned with compliance frameworks like SOC 2, facilitating easier governance audits.
SaaS cost optimization identifies duplicate or over-licensed applications, helping organizations reduce spending and control technology sprawl.
Deployed via a browser extension on employee devices, SaaS Protect operates without adding operational overhead. It collects usage data centrally for policy enforcement.
Gartner statistics show that three-quarters of employees are expected to use unauthorized tech by 2027, underscoring the need for solutions like SaaS Protect. Last year, 73% of people polled by Next DLP used SaaS apps that weren't approved by corporate IT, despite being aware of the risk of data breaches.
Research from Zylo shows that small and medium businesses have an average of 275 known SaaS applications, but only a quarter of these are authorized by IT teams. Shadow IT, whereby employees use applications or devices unknown to IT departments, is on the rise.
Don MacLennan, Chief Product Officer at LastPass, stated that small and mid-sized businesses are facing a complexity storm due to unknown risks living within unknown apps and AI services. He also stated that SaaS Protect was built to turn chaos into clarity.
SaaS Protect is currently in beta for LastPass Business and Business Max customers, with no additional cost for Business Max users. It is expected to be generally available in early Fall 2025. The launch of SaaS Protect follows the launch of SaaS Monitoring tools by LastPass in May 2025.
The NCSC is encouraging the use of password managers and passkeys to enhance security. With SaaS Protect, LastPass is providing businesses with a comprehensive solution to combat SaaS sprawl and shadow IT security risks, thereby enhancing security, compliance, and cost management.
- In the digital age, small and mid-sized businesses deal with challenges posed by the abundance of SaaS applications and the rise of shadow IT, and LastPass aims to address these issues with their new feature SaaS Protect.
- LastPass' SaaS Protect offers proactive governance and control over SaaS application usage, featuring real-time SaaS governance, credential risk detection, audit-ready compliance reporting, SaaS cost optimization, and non-intrusive deployment.
- SaaS Protect is expected to help businesses comply with various compliance frameworks like SOC 2 by generating audit-ready reports, thereby facilitating easier governance audits.
- In the face of increasing unauthorized use of tech by employees and the growing trend of shadow IT, Don MacLennan, Chief Product Officer at LastPass, sees a "complexity storm" in small and mid-sized businesses that SaaS Protect was built to alleviate.
