Product Spotlights
6 minutes

Introducing The Next-Gen of SaaS Security Posture Management

We are thrilled to announce the release of the next iteration of Obsidian’s SaaS Security Posture Management (SSPM). This new version of the product is the result of extensive feedback from our customers, our dedicated engineering efforts, and technical development that redefines the future of SaaS security and governance.

Obsidian’s Next-Gen SSPM solution consists of three interconnected modules that work together seamlessly, allowing enterprises to significantly reduce SaaS-related risks by up to 80%. Additionally, it simplifies the ability of customers to adhere to SaaS compliance processes and governance from months to mere minutes, reducing costs and complexity.

Throughout this week, we will be unveiling the details of the three critical components that make up our Next-Gen SSPM solution: Obsidian Integration Risk Management, Obsidian Extend, and Obsidian Compliance Posture Management.

But first, the problem with SaaS security and compliance today

Over the past few years, we have been privileged to collaborate with IT teams, security leaders, and GRC teams, to gain insights into how application deployment has evolved and the implications it has for their security and compliance posture. The COVID-19 pandemic and the subsequent changes in work patterns have accelerated the adoption of SaaS, leading to a sudden spike in its usage. As a result, organizations have been grappling with new security and compliance challenges, and we have been working closely with our customers to develop solutions that address these challenges effectively.

First, increasingly, more data is flowing between applications than between users and applications.

SaaS applications are designed to be interconnected, creating a seamless user experience with data synchronization between multiple services. However, integrating multiple third-party applications can create a complex ecosystem that poses a significant security risk. 3rd party supply chain management is becoming a complex exercise in SaaS risk analysis and continuous threat management. This needs addressing today. 

Second, organizations need coverage across all of their applications. 

Our customers love using our product. We hear time and again how we help our customers protect their sensitive data that is stored and processed across their Salesforce tenants, Google Drive folders, and Workday instances.

But customers also tell us they want more. Their IT ecosystem doesn’t just comprise a handful of large SaaS platforms (like Salesforce, Microsoft, Slack, Workday, Salesforce, etc.) It also comprises a bunch of niche, often custom-built applications that have been ignored by SaaS security vendors. 

CISOs recognize that securing a handful of core applications in their environments is not sufficient. They need visibility and centralized manageability of their entire SaaS ecosystem. Traditional SSPM vendors have only offered support for a handful of SaaS applications. 

Third, GRC teams and CISOs orgs need to work together

As the number of SaaS applications continues to grow, managing them effectively has become increasingly complex. This has led to the use of cumbersome tooling and resource-intensive governance programs that are either ineffective or impractical for most enterprises.

In fact, we recently received feedback from a customer who shared their experience with us, stating, “In order to stay compliant, we have to manually map CCM controls across our SaaS services. This process currently takes us 3 months to complete as we have to coordinate with the different application owners to provide us data and evidence we need to undergo our compliance certifications. This process is cumbersome and isn’t going to scale as more SaaS apps fall under the purview of our compliance audits.” 

This underscores the challenges that organizations face when managing multiple SaaS applications, and the urgent need for simpler, more efficient solutions.

It became clear to us that a new approach was needed.

3 SaaS security+compliance products in one

We are excited to be at the forefront of SaaS security and compliance and deliver key modules:

  1. Obsidian Integration Risk Management: surfaces risk exposure introduced by SaaS integrations and helps security teams minimize that risk by over 80%. This starts with a deep understanding of complex interconnections between applications, mapping permissions and different levels of access, analyzing integration activity, and uncovering areas of excessive risk.

    Obsidian’s Integration Risk Management is the industry’s first solution that will give security teams visibility into their integrations across the entire SaaS estate, and allow them to automatically remediate SaaS third-party integration threats in real-time via centrally defined security policies.
  2. Obsidian Extend: Security teams face significant challenges in protecting sensitive business data across an ever-expanding IT ecosystem that includes dozens of SaaS platforms such as Salesforce, Workday, Google Workspace, and Microsoft 365. The challenge is not limited to these central platforms alone but extends to the numerous niche cloud applications deployed across an organization, specific to a team, an industry, or custom-developed in-house.

    Obsidian Extend provides a consolidated, automated, and scalable solution for organizations to assess and monitor security risk across their entire SaaS infrastructure. With this innovative tool, security teams can effectively manage their organization’s entire SaaS estate, ensuring data protection, and minimizing security risks. This is a crucial step in enhancing the overall security posture of an organization, particularly in today’s complex and ever-changing IT environment.
  1. Obsidian Compliance Posture Management: enables organizations to measure and maintain compliance across SaaS environments to both internal security policies, industry and regulatory standards including SOC 2, NIST 800-53, ISO 27001, CSA Cloud Controls Matrix (CCM), and more. By mapping complex frameworks to individually manageable SaaS controls, Obsidian gives teams clear and continuous assurance that the applications their business relies on are in compliance with the legal and regulatory obligations they must uphold. On average, customers can expect to reduce the cost and complexity associated with SaaS compliance from months to minutes.

These releases are accompanied by a number of improvements to our existing products, such as an entirely new experience for monitoring, prioritizing, and customizing SaaS settings across your environment. We’re excited to dive deeper into these releases throughout the week and demonstrate all the ways we’re making SaaS even more secure. 

Obsidian is the only comprehensive platform for SaaS security. 

While this week is all about the security and compliance ‘posture’ of enterprises, having a strong posture alone is not enough. Security teams also need to effectively respond to SaaS security threats in near real-time and to do so, they need a complete and continuous understanding of application activity—which users and integrations are accessing their environment, what they’re doing, and when they’re behaving in a way that’s risky, unusual, or outright malicious. In addition to Posture Hardening, and Integration Risk Management, we also offer Threat Mitigation for SaaS.

We’re thrilled to bring months of product innovation and development to the market and are excited to hear our customers’ feedback on our latest releases. But we’re just getting started. We remain committed to continuously improving our products and developing new solutions to help enterprises better manage and secure their SaaS environments.

You can learn more about Obsidian Security and our products. Also, we are hiring