Obsidian Security, an SaaS security provider, announced the release of its latest suite of SaaS security solutions. This suite comprising Obsidian Compliance Posture ManagementTM, Obsidian Integration Risk ManagementTM, and Obsidian ExtendTM will together enable security and GRC teams to increase their SaaS security and compliance posture measurably.
What does Obsidian’s next-gen SSPM have to offer?
Obsidian’s Next-Generation SSPM will include three key modules:
Obsidian Compliance Posture Management
This enables organizations to measure and maintain compliance across software-as-a-service (SaaS) environments to both internal security policies and third-party standards including SOC 2, NIST 800-53, ISO 27001, CSA Cloud Controls Matrix (CCM), and more.
By mapping complex frameworks to individually manageable SaaS controls, Obsidian gives teams continuous assurance that the applications their business relies on are in compliance with the legal and regulatory obligations they must uphold. On average, clients can expect to reduce the cost and complexity associated with SaaS compliance from months to minutes.
Obsidian Integration Risk Management
Surfaces risk exposure introduced by Software-as-a-Service (SaaS) integrations and helps security teams minimize that risk by over 80%. This starts with a deep understanding of complex interconnections between applications, mapping permissions and different levels of access, analyzing integration activity, and uncovering areas of excessive risk.
Obsidian’s Integration Risk Management is the industry’s first solution to give security teams not just visibility into integrations across the SaaS estate, but also automatically remediate SaaS third-party integration threats in real-time via centrally defined security policies.
Security teams today struggle with protecting sensitive business data across an enterprise IT ecosystem that comprises dozens of Software-as-a-Service platforms such as Salesforce, Workday, Google Workspace, and Microsoft 365. This challenge isn’t limited to just these central platforms, either—there can be any number of niche cloud applications deployed across an organization specific to a team, an industry, or custom-developed in-house.
Obsidian Extend solves this problem by providing a consolidated, automated, and scalable solution for organizations to assess and monitor security risk across their entire SaaS estate.
What is Obsidian looking to achieve with this update?
“For far too long, Security and GRC teams have been working in the dark. We hear from security leaders time and again that they have no control over their ever-expanding mesh of SaaS applications and that they worry about every new integration posing an exponentially increased organizational risk,” said Glenn Chisholm, Chief Product Officer of Obsidian Security.
“On the other hand, GRC and compliance teams today lack basic tooling and often take several months to gather the evidence they need in SaaS to demonstrate and verify compliance with local and industry regulations,” Glenn Chisholm further commented.
Also, despite sharing an overarching goal—to keep business running smoothly—security and GRC teams have not had a common language to communicate and collaborate in.
Obsidian Security’s Next-Gen platform aims to change that by filling a void in the marketplace that has been underinvested in for the last decade with the first set of deeply integrated solutions that will together help organizations reduce third-party SaaS integration risk by over 80% and map technical controls in SaaS to regulatory requirements 90% faster.
Securing Your SaaS Stack: A Guide for Security Leaders
“Without continual growth and progress, such words as improvement, achievement, and success have no meaning.” – Benjamin Franklin. When it comes to modern-day businesses, Software as a Service has become the new normal. From collaboration tools like Slack to accounting software like QuickBooks, SaaS has revolutionized the way businesses operate.
But with the ever-increasing SaaS apps in use, comes an increased risk of cyberattacks and data breaches. As a security leader, it’s your responsibility to ensure that your company’s SaaS stack is secure. But how do you do that? Here are some actionable insights on what security leaders should be doing to control their ever-expanding mesh of SaaS applications.
Know your SaaS Stack
The first step to securing your SaaS stack is to know what you’re working with. Create an inventory of all the SaaS apps in use. This will give you a better understanding of what data is being stored where, who has access, and what security measures are in place to protect it.
Use a Risk-Based Approach
Not all Software-as-a-Service (SaaS) applications are created equal. Some may be more critical to your business operations than others. That’s why it’s important to use a risk-based approach when evaluating your Software-as-a-Service (SaaS) stack. Identify which applications pose the greatest risk to your business and prioritize securing those first.
Implement Multi-Factor Authentication (MFA)
MFA is a mechanism that requires users to provide two or more forms of authentication before they can access an app. This can include something they know (like a password), something they have (like a token), or something they are (like biometrics). By implementing MFA, you can significantly reduce the risk of unauthorized access to your SaaS applications.
Monitor for Anomalies
In most cases, cyberattacks and data breaches often involve unusual activity. By monitoring for anomalies in your Software-as-a-Service applications, you can detect and respond to potential threats before they become a major issue. This can include monitoring for unusual login attempts, unusual data transfers, or unusual behavior within the application.
Keep Up-to-Date with Compliance Requirements
Compliance requirements are constantly changing. That’s why it’s important to stay up-to-date with the latest regulations and industry standards. By doing so, you can ensure that your SaaS applications are compliant and avoid costly fines or legal action.
As with any security strategy, there are mistakes to avoid
One common mistake is assuming that all SaaS apps are secure by default. While many SaaS providers do offer robust security features, it’s important to understand that ultimately, the responsibility for securing your SaaS stack lies with you. Another mistake is neglecting to review and update your SaaS inventory regularly. Your SaaS stack is constantly evolving, and it’s important to keep track of what’s in use to ensure that you’re protecting all of your data.
Securing your SaaS stack is critical to your business success. By following the above practices, you can significantly reduce the risk of attacks and data breaches. As the famous basketball coach John Wooden once said, “It’s not about being the best. It’s about being better than you were yesterday.” By continually evaluating and improving your SaaS security posture, you can ensure that your firm is better protected today than it was yesterday.
And for those of you who still think SaaS security is just a passing fad, remember this quote from the legendary Harry Potter series: “Constant vigilance!” All modules of Obsidian’s Next-Gen Posture are generally available to customers. For more, visit our blog at the website.
Gerald Ainomugisha is a freelance Content Solutions Provider (CSP) offering both content and copy writing services for businesses of all kinds, especially in the niches of management, marketing and technology.