LastPass just launched a tool to help security teams keep tabs on shadow IT risks

LastPass has launched a new feature to help enterprises tackle ‘SaaS sprawl’ and shadow IT security risks.

Unveiled at Black Hat 2025, the new SaaS Protect feature will allow IT admins to see how user-installed apps are being used across their organization — and to take action to avoid misuse or risk.

The new feature follows the launch of its SaaS Monitoring tools in May this year, and aims to provide a consolidated view of app usage and credentials. Both tools are part of LastPass' Secure Access Experience approach.

"Small and mid-sized businesses are facing a perfect storm of complexity: unknown risks living within unknown apps and AI services," said Don MacLennan, Chief Product Officer at LastPass.

"We built SaaS Protect to turn that chaos into clarity," he added.

Shadow IT, whereby employees use applications or devices unknown to IT departments, is on the rise.

This brings with it a range of security-related risks, research shows, largely due to the fact security teams lack visibility into how applications are being used and opening enterprises up to an array of threats.

LastPass pointed to Gartner statistics that show three-quarters of employees are expected to use unauthorised tech by 2027. Similar research from Zylo shows small and medium businesses have an average of 275 known SaaS applications – but just a quarter of these are authorized by IT teams.

The rest, the study noted, are installed by individual employees or business units, with the latter creating dangerous interdepartmental silos.

Last year, 73% of people polled by Next DLP admitted to using SaaS apps that weren't approved by corporate IT, despite being fully aware of the risk of data breaches.

This long-running issue is now being exacerbated by shadow AI, with unapproved AI bots being used by a third of staff, according to one survey, putting data at risk.

LastPass wants to keep it light

Rather than a device agent that disrupts staff, SaaS Protect is deployed via a browser extension on employee devices, the company revealed. It works by pulling in activity data to an admin console to support policy enforcement, such as allowing or restricting an app or showing a custom warning to guide user behavior.

"It’s designed specifically for resource-constrained businesses that need visibility, policy enforcement, and credential protection without adding operational overhead," said MacLennan.

Alongside spotting and restricting shadow IT, SaaS Protect can also help reduce costs by identifying duplicate or over-licensed apps to help slash app sprawl, as well as assist with creating audits for compliance, the company said.

SaaS Protect is currently in beta for LastPass Business and Business Max customers, the latter of which will pay no additional cost for the product. General availability is expected in early autumn.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• The NCSC wants you to start using password managers and passkeys
• Are password managers safe?
• Looking for a new password manager? Here are our top picks