
Why Securing SaaS Apps Needs An AI Makeover
Modern enterprises now depend on hundreds—sometimes thousands—of SaaS tools. With each new hire, role change or departure, traditional static roles and permission models quickly become outdated and unmanageable.
To make things even more complex, AI tools are entering the workplace at an accelerating pace, and access requirements are changing daily. IT teams need an always-on AI engine—one that continuously monitors activity, dynamically adjusts roles and permissions, and ensures the right people have access to the right tools, exactly when they need them.
What's Going Wrong In Access Management Today
When IT owned and controlled the entire tech stack, access management was straightforward:
• Assign a few systems at onboarding.
• Remove them at offboarding.
• Maintain a centralized, static access matrix.
But the rise of SaaS—and citizen IT, where departments buy their own tools—has changed everything. In today's reality, every SaaS application and AI tool comes with 20 to 30 granular permission settings. Departments often purchase and manage their own apps without informing IT. AI tools can spin up new instances automatically, outside traditional IT controls, while cross-functional roles demand access to multiple systems beyond what static job titles suggest.
Take the example of onboarding a new sales development representative (SDR). It's no longer just about giving access to Salesforce. Over time, the SDR team has added tools like:
• Messaging platforms
• Intent data providers
• Data enrichment services
• Personalized video tools
These tools are often managed at the departmental level, outside IT's purview. So now, when a new SDR joins, there's no standard "access template." Instead, IT has to figure out:
• Which apps the SDR team most frequently use or log every day.
• What permissions are needed inside each tool.
• What old accounts still linger unused.
• How to avoid giving too much or too little access.
It's almost like you need to scan your environment daily just to keep up with what your teams are using to stay productive and continuously update both your list of applications and each user's access permissions.
The shift to decentralized access has introduced new vulnerabilities. To start, department-owned apps and DIY access management fly under IT's radar. Tools are adopted and access is granted without oversight, creating hidden risks and unchecked sprawl.
Risky behavior can also go undetected. If a departing SDR downloads mass customer data, it may go unnoticed until a quarterly audit, too late to prevent damage. Finally, approval fatigue sets in as managers overwhelmed by endless access requests tend to rubber-stamp approvals without careful review.
IBM's 2024 Cost of a Data Breach Report found the average breach now costs $4.88 million, a risk most lean IT teams can no longer afford.
AI: The Transformative Force In IGA
More enterprises are turning to AI to address today's access management challenges. Rather than relying on manual reviews, static policies and human memory, AI can bring continuous, intelligent oversight that scales with the complexity of the modern enterprise.
Here's how AI is reshaping access governance:
Instead of periodic reviews, AI continuously monitors user access and behavior against established baselines. If an SDR suddenly gains access to tools they've never used or performs actions like large data downloads after hours, AI can detect these anomalous access permissions in real time and flag them for investigation.
By learning usage patterns across roles and departments, AI helps identify risks early, minimize blind spots and ensure that access remains aligned with business intent.
Since AI evaluates access requests across multiple dimensions—user role, historical behavior, peer access patterns and data sensitivity—AI can predict a likely "yes" for a manager who has previously been approved to access similar tools for similar roles, streamlining approvals.
But when an access request deviates from the norm, such as unusually high privileges or tools outside the team's typical stack, it flags it for review and asks for explicit approval, reducing the risk of improper provisioning while accelerating access for legitimate needs.
AI mitigates approval fatigue by proactively detecting compliance risks before they escalate. It identifies policy violations, dormant accounts and anomalous access accumulation in real time, reducing the burden on managers to catch every issue manually.
Instead of reacting during audit season, organizations can rely on AI to surface potential risks early, enforce smarter access decisions and maintain continuous compliance. This marks a shift from reactive governance to intelligent, proactive access oversight—a level of scalability and precision previously out of reach.
Humans And AI: A Smarter Team
AI isn't here to replace people. It's here to support them with context, speed and intelligence.
Imagine an access request system where:
• AI recommends the best action based on real-world context.
• The system explains why it made that recommendation.
• Humans stay involved in high-risk decisions or sensitive approvals.
This augmented model can help save time, reduce risk and keep humans firmly in control where it matters most. The key is thoughtful change management:
• Start with low-risk tasks. Automate high-volume, routine access requests, such as standard business apps with basic license levels, to reduce manual workload and speed up provisioning.
• Be transparent. Always show users why the AI made its recommendation.
• Learn from human feedback. Fine-tune models based on overrides and corrections.
• Reserve sensitive decisions for people. Keep critical high-privilege approvals under human control.
Managing access safely in a decentralized, SaaS-first world requires more than scaling old models. It demands intelligence and the ability to govern dynamically, continuously and contextually.
By 2028, AI-augmented identity governance will likely be table stakes for large enterprises. Organizations that begin laying the groundwork now will be better positioned to navigate this shift thoughtfully. Early adoption allows time to refine policies, adapt processes and align teams—ultimately enabling faster onboarding, more intelligent access decisions and stronger compliance, all without significantly increasing operational overhead.
As AI becomes more deeply embedded in enterprise infrastructure, the question is no longer whether to automate access management—but how to do it responsibly.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


Business Wire
9 minutes ago
- Business Wire
Calero Launches New Offering to Meet Organizations' Most Critical SaaS Management Needs – Visibility, Control, and Optimization
ROCHESTER, N.Y.--(BUSINESS WIRE)-- Calero, the leading provider of Technology Business Management solutions, today announced a new SaaS Management offering designed to meet the urgent needs of today's organizations. The simplified offering will quickly and cost-effectively add value to overworked and under-resourced IT teams by providing solutions for visibility, control and optimization. The Calero SaaS Management Platform (SMP) offering meets users where they are today – not overwhelming them with more work. Now more than ever, organizations rely on a wide array of software-as-a-service (SaaS) tools to manage day-to-day operations. While many of these applications are effectively centralized, an increasing number of SaaS applications are brought into the business by end users without the knowledge of IT or Procurement. This shadow SaaS can create data silos, redundancies, waste, and risk. The Calero SaaS Management Platform (SMP) offering meets users where they are today – not overwhelming them with more work. Whether organizations need visibility, control, or optimization, the Calero SMP offering provides a proven, cost-effective solution from a company with staying power and a three-decade history of success. Calero's Visibility offering provides immediate insight into the SaaS applications and usage in the organization. Using existing data sources, IT leaders can identify unapproved and risky apps and organize their environment, leading to exceptional time-to-value at a very low cost. Calero's Control offering provides organizations real-time, actionable recommendations for their most critical SaaS Vendors. The solution leverages discovery sources, finance systems, and vendor data for one source of truth, so teams can improve license usage efficiency, negotiate renewals with confidence, and drive accountability. And Calero's Optimization offering empowers teams to meet more strategic goals without adding headcount. This solution leverages Calero's managed services expertise to reclaim valuable time fetching vendor data, managing licenses for joiners, leavers, and movers, preparing for renewals, and more. Results include better user experiences and more efficient SaaS spend. "Many leaders recognize they have a significant SaaS management problem but are unsure where to start," said Scott Gilbert, CEO of Calero. "Inaction comes at a cost. With over 30 years' experience helping organizations manage telecommunications, mobility, and market data, Calero makes it easier for leaders to address these challenges. We're committed to lowering barriers to entry and leading the way again." For more information on Calero's new SaaS Management offering, technology leaders from CIOs to IT managers can visit About Calero Calero is the leading provider of Technology Business Management solutions, empowering organizations to streamline and optimize their technology investments through three key solution pillars: Technology Expense Management: Advanced software solutions designed to optimize technology spend across market data, telecom, mobile, SaaS, and beyond. Technology Lifecycle Management: Comprehensive unified platform that enhances IT asset management, providing detailed inventory visibility, lifecycle tracking, and secure processes for asset reallocation and disposal—from procurement to retirement. Managed Technology Services: Tailored managed services that enable organizations to automate, streamline, and maximize the efficiency of IT resource management. With a focus on delivering actionable insights and operational efficiency, Calero helps businesses achieve greater control and cost savings across their technology ecosystem. Find out more at
Yahoo
2 hours ago
- Yahoo
SIGA to Host Business Update Call on August 5, 2025 Following Release of Second-Quarter 2025 Results
NEW YORK, July 29, 2025 (GLOBE NEWSWIRE) -- SIGA Technologies, Inc. (SIGA) (Nasdaq: SIGA), a commercial-stage pharmaceutical company, today announced that management will host a webcast and conference call to provide a business update at 4:30 P.M. ET on Tuesday, August 5, 2025. Participating in the call will be Diem Nguyen, Chief Executive Officer, and Daniel Luckshire, Chief Financial Officer. A live webcast of the call will also be available on the Company's website at in the Investor Relations section of the site, or by clicking here. Please log in approximately 5-10 minutes prior to the scheduled start time. Participants may access the call by dialing 1-800-717-1738 for domestic callers or 1-646-307-1865 for international callers. A replay of the call will be available for two weeks by dialing 1-844-512-2921 for domestic callers or 1-412-317-6671 for international callers and using Conference ID: 1130215. The archived webcast will be available in the Investor Relations section of the Company's website. About SIGA SIGA is a commercial-stage pharmaceutical company and leader in global health focused on the development of innovative medicines to treat and prevent infectious diseases. With a primary focus on orthopoxviruses, we are dedicated to protecting humanity against the world's most severe infectious diseases, including those that occur naturally, accidentally, or intentionally. Through partnerships with governments and public health agencies, we work to build a healthier and safer world by providing essential countermeasures against these global health threats. Our flagship product, TPOXX® (tecovirimat), is an antiviral medicine approved in the U.S. and Canada for the treatment of smallpox and authorized in Europe, the UK, and Japan for the treatment of smallpox, mpox (monkeypox), cowpox, and vaccinia complications. For more information about SIGA, visit Contacts:Suzanne Harnettsharnett@ and Investors Media Jennifer Drew-Bear, Edison GroupJdrew-bear@ Holly Stevens, CG Lifehstevens@
Yahoo
2 hours ago
- Yahoo
Boeing posts smaller loss as jet deliveries rise
(Reuters) -Boeing reported a smaller second-quarter loss on Tuesday as the U.S. planemaker ramped up jet production and deliveries, recovering from a regulatory crisis and a major strike that halted most production last year. Shares of the company rose 1.5% in premarket trading. After years of grappling with quality issues and production delays on its flagship 737 MAX, Boeing has cautiously ramped up monthly output this year. In May, the company produced 38 737s. Production has been stable since then, according to the company. "As we continue to execute our Safety & Quality Plan, there's more stability in our operations," CEO Kelly Ortberg said in a letter to Boeing employees on Tuesday. The U.S. Federal Aviation Administration had capped the production of Boeing's best selling 737 MAX jets following a mid-air panel blowout in a nearly new jet in January 2024. "We plan to seek FAA approval to increase to rate 42 when our key performance indicators (KPIs) show that we're ready," Ortberg added. It has delivered 206 737 MAX jets through the first half of the year. Wall Street closely tracks aircraft deliveries, because planemakers collect much of their payment when they hand over jets to customers. Boeing also increased 787 production at its plant in Charleston, South Carolina, from five aircraft a month to seven a month. Through the first half of the year, the planemaker has booked 668 orders, or 625 net orders after cancellations and conversions. An improvement in deliveries marks a pivotal step in Boeing's effort to rebound from years of production disruptions and crises that piled on debt, highlighting the urgency of accelerating output to restore financial stability. The planemaker posted a net loss of $612 million, or 92 cents per share, for the quarter through June, compared with $1.44 billion, or $2.33 per share, a year earlier. However, the planemaker continues to face pressure from supply chain disruptions that have delayed production and limited its ability to meet surging aerospace demand. It posted a loss of nearly $12 billion in 2024 due to challenges across its major business units including charges on its defense programs. It also remains exposed to U.S. President Donald Trump's sweeping tariffs, which could increase parts costs and further strain an already fragile supply chain. Boeing's revenue for the quarter through June rose 35% to $22.75 billion. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data