LastPass, a global leader in password and identity management trusted by over 100,000 businesses worldwide, has officially introduced SaaS Protect at Black Hat 2025. This new solution expands on the company’s existing SaaS Monitoring capabilities and represents a significant step forward in transforming visibility into actionable security controls.
With SaaS Protect, IT and security teams gain access to advanced policy enforcement features that help them shift from passive monitoring to proactive governance. The platform offers customizable policies for SaaS applications, real-time credential risk detection, and enforcement reporting all designed to address challenges like Shadow IT, Shadow AI, and the misuse of credentials with greater accuracy and speed.
Key business benefits of SaaS Protect include:
-
Real-time SaaS governance: IT can immediately restrict access to unsanctioned or high-risk applications and influence user behavior using custom warnings.
-
Compliance-ready auditing: Automatically generate governance reports aligned with frameworks like SOC 2.
-
Optimized SaaS spending: Identify redundant or over-licensed tools, reducing waste and minimizing tech sprawl.
Now available in beta to current LastPass Business and Business Max customers, SaaS Protect is included at no additional cost in the Business Max bundle. The feature is currently being showcased live at Black Hat 2025, with general availability expected in early Fall.
Growing SaaS Sprawl Presents Rising Risks for SMBs
As businesses increasingly rely on cloud-based tools, SaaS sprawl has become a serious risk particularly for small and mid-sized businesses. According to Zylo, these organizations are using an average of 275 known SaaS applications, yet IT departments only manage about 26% of the associated spend. The rest is driven by business units or individual employees, creating visibility gaps and increasing risk.
Studies further reveal that companies may be unknowingly using up to ten times more SaaS apps than they realize. With Shadow IT and AI tools multiplying across departments, most smaller organizations lack the bandwidth or resources to monitor or secure their rapidly expanding digital footprint. This, combined with statistics showing that 78% of users reuse passwords across multiple accounts, raises serious concerns about credential-based threats.
Also Read: Bitwarden Introduces Agentic AI for Secure Credentials
“Small and mid-sized businesses are facing a perfect storm of complexity: unknown risks living within unknown apps and AI services,” said Don MacLennan, Chief Product Officer at LastPass. “We built SaaS Protect to turn that chaos into clarity. It’s designed specifically for resource-constrained businesses that need visibility, policy enforcement, and credential protection without adding operational overhead.”
From Insight to Action
Since the launch of SaaS Monitoring in May 2025, LastPass has enabled organizations and partners to consolidate their view of application usage and credential hygiene. However, with projections indicating that 75% of employees will use unauthorized tech by 2027, simply knowing what’s being used is no longer sufficient.
SaaS Protect builds on this foundation by enabling direct intervention. IT teams can now detect risky behavior, determine the legitimacy of apps, and make swift decisions about which tools to approve, restrict, or retire.
This is accomplished seamlessly via the LastPass browser extension no need for device agents or complex deployments. Admins gain real-time insights and can enforce policies directly through the centralized console, ensuring security doesn’t come at the cost of user productivity.
Advancing the Secure Access Experiences Framework
Both SaaS Monitoring and SaaS Protect are integral components of LastPass’ broader Secure Access Experiences initiative. This evolving framework is designed to help businesses consolidate visibility, enforce credential hygiene, and implement access controls all in one streamlined, intuitive platform. It supports organizations that need to move fast, stay secure, and apply their own governance policies without relying solely on passwords.
SaaS Protect will be generally available in late August 2025. Attendees at Black Hat Las Vegas can explore the solution at Booth 5311 from August 4–7. Additionally, LastPass will demo its upcoming passkeys feature offering passwordless authentication via biometric or device-based login which is also expected to become generally available later this August, following a successful beta rollout.
