4 minutes

Obsidian Security Unveils Next-Gen SaaS Security Posture Management (SSPM) Solution

NEWPORT BEACH CA, April 3, 2023 – Obsidian Security, the leader in SaaS security, today announced the release of its latest suite of SaaS security solutions. This suite of solutions comprising Obsidian Compliance Posture ManagementTM, Obsidian Integration Risk ManagementTM, and Obsidian ExtendTM will together enable security and GRC teams to increase their SaaS security and compliance posture measurably.

“For far too long, Security and GRC teams have been working in the dark. We hear from security leaders time and again that they have no control over their ever-expanding mesh of SaaS applications and that they worry about every new integration posing an exponentially increased organizational risk,” said Glenn Chisholm, Chief Product Officer of Obsidian Security. “On the other hand, GRC and compliance teams today lack basic tooling and often take several months to gather the evidence they need in SaaS to demonstrate and verify compliance with local and industry regulations.”

Additionally, despite sharing the same overarching goal—to keep business running smoothly—security and GRC teams have not had a common language to communicate and collaborate in. Obsidian Security’s Next-Gen platform aims to change that by filling a void in the marketplace that has been underinvested in for the last decade with the first set of deeply integrated solutions that will together help organizations reduce third-party SaaS integration risk by over 80% and map technical controls in SaaS to regulatory requirements 90% faster. 

Obsidian’s Next-Generation SSPM will include three key modules:

  • Obsidian Compliance Posture Management: enables organizations to measure and maintain compliance across SaaS environments to both internal security policies and third-party standards including SOC 2, NIST 800-53, ISO 27001, CSA Cloud Controls Matrix (CCM), and more. By mapping complex frameworks to individually manageable SaaS controls, Obsidian gives teams clear and continuous assurance that the applications their business relies on are in compliance with the legal and regulatory obligations they must uphold. On average, customers can expect to reduce the cost and complexity associated with SaaS compliance from months to minutes.
  • Obsidian Integration Risk Management: surfaces risk exposure introduced by SaaS integrations and helps security teams minimize that risk by over 80%. This starts with a deep understanding of complex interconnections between applications, mapping permissions and different levels of access, analyzing integration activity, and uncovering areas of excessive risk.

    Obsidian’s Integration Risk Management is the industry’s first solution that will give security teams not just visibility into their integrations across the entire SaaS estate, but also automatically remediate SaaS third-party integration threats in real-time via centrally defined security policies.
  • Obsidian Extend: Security teams today struggle with protecting sensitive business data across an enterprise IT ecosystem that comprises dozens of SaaS platforms such as Salesforce, Workday, Google Workspace, and Microsoft 365. This challenge isn’t limited to just these central platforms, either—there can be any number of niche cloud applications deployed across an organization specific to a team, an industry, or custom-developed in-house.

    Obsidian Extend solves this problem by providing a consolidated, automated, and scalable solution for organizations to assess and monitor security risk across their entire SaaS estate. 

All modules of Obsidian’s Next-Gen Posture are generally available to customers beginning today. To learn more, visit our blog at

About Obsidian Security

Obsidian Security protects the applications businesses rely on most. We are the first and only comprehensive security solution built for SaaS. Our platform helps reduce enterprise risk by proactively identifying SaaS misconfigurations, detecting real-time threats, and enabling visibility and control of 3rd-party SaaS integrations. Notable Fortune 500 companies trust Obsidian Security to secure SaaS apps, such as Salesforce, GitHub, ServiceNow, Workday and Atlassian. Headquartered in Southern California, Obsidian Security is a privately held company and is backed by Menlo Ventures, Norwest Venture Partners, Greylock Partners, IVP, GV, and Wing. For more information, visit