The SaaS environment is dynamic and continually evolving. As employees are added or removed and new apps onboarded, permissions and configurations must be reset, changed and updated. In addition, there are continuous compliance updates and security configurations needed to meet industry standards and align with best practices (NIST, MITRE, etc.)…

Cloud or On-premise? The dependency of different organizations on SaaS applications has increased in different sections such as file sharing, collaboration, and marketing. In fact, this pandemic has made enterprises realize that SaaS solutions can offer great benefits, and the biggest of them is business continuity. Work practices have significantly shifted to remote work and cloud because employees were instructed to stay at home due to the pandemic.

SSPM Vendors: Obsidian Security, AppOmni & AdaptiveSheild Full article: SaaS Security Vendors Obsidian Security — SaaS Security Made Simple APPOMNI — Secure The Applications That Power The Enterprise ADAPTIVE-SHIELD — Complete Control For Your SaaS Security

Companies have a varity of insiders: employees, business partners, third-party vendors. They all have a certain level of access to sensitive business data. We can group types of insider threats into five categories: Malicious Insiders — employees or partners who use their legit access to corporate data for personal gain Inside Agents — Malicious insiders recruited external parties to steal, alter, tamper with, or delete valuable data

The number of software apps deployed by large firms across all industries world-wide has increased 68% over the past four years, reaching an average of 150 apps per company by the end of 2020 while nearly 10% of businesses now have more than 200 apps in their enterprise information-technology systems. …

The long tail of SaaS is growing rapidly. Today, thousands of unmanaged “Shadow IT” applications are used in every major enterprise around the globe and IT departments have little visibility or control over these rogue apps. While the challenge was first simply to secure major SaaS platforms like Office 365, the new reality is a “cloud and mobile-first world” where employees often use new applications that aren’t approved and put corporate data at risk.

Last year, 2020, was a turning point in how organizations are understanding cloud security. First, the market created a definition of what are the differences between IaaS Security (how can I secure my production environment) and SaaS Security (how can I secure my data in 3rd party services). …

What is security validation? how does Continuous Security Validation differ from a breach and attack simulation? Cloud Continuous security validation is a framework of tools built in order to challenge, measure, and optimize the effectiveness of cloud-native organizations including security controls, infrastructure configurations, policy enforcement, and more on an ongoing basis. As a result, cloud native companies minimize cyber risk across the entire business while protecting their reputation and economic value.

saasment-sspm/SaaS-Security-Posture-Management SaaS Security Posture Management. Contribute to saasment-sspm/SaaS-Security-Posture-Management development by creating…github.com https://twitter.com/SaaS_Security