* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/)
* Next-Gen CASB with SSPM S...

# Next-Gen CASB with SSPM Secures the SaaS Apps Business Runs On

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2022%2F09%2Fnext-gen-casb-with-sspm-secures-the-saas-apps%2F)  
[](https://twitter.com/share?text=Next-Gen+CASB+with+SSPM+Secures+the+SaaS+Apps+Business+Runs+On&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2022%2F09%2Fnext-gen-casb-with-sspm-secures-the-saas-apps%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2022%2F09%2Fnext-gen-casb-with-sspm-secures-the-saas-apps%2F&title=Next-Gen+CASB+with+SSPM+Secures+the+SaaS+Apps+Business+Runs+On&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2022/09/next-gen-casb-with-sspm-secures-the-saas-apps/&ts=markdown)  
\[\](mailto:?subject=Next-Gen CASB with SSPM Secures the SaaS Apps Business Runs On)  
Link copied  
By [Lee Klarich](https://www.paloaltonetworks.com/blog/author/lee-klarich/?ts=markdown "Posts by Lee Klarich")  
Sep 13, 2022  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[data security](https://www.paloaltonetworks.com/blog/tag/data-security/?ts=markdown)  
[Next-Generation CASB](https://www.paloaltonetworks.com/blog/tag/next-generation-casb/?ts=markdown)  
[SSPM](https://www.paloaltonetworks.com/blog/tag/sspm/?ts=markdown)

Just about every business in the world is running on SaaS applications. At the same time, very few of these businesses have a handle on how all of their SaaS apps are configured and whether they're configured in a secure way.

The typical enterprise depends on over 100+ sanctioned SaaS apps to get work done -- from video conferencing to messaging and collaboration, and much more. An organization using 100+ business critical SaaS apps, with 10s to 100s of settings each, is now responsible for ensuring thousands of settings are properly configured. Further, SaaS is owned and managed by various application owners across multiple business units, who are focused on making the apps increasingly easier for users. In this reality, it's impossible for InfoSec to maintain a secure environment. What's needed is real-time, constant and comprehensive visibility and control over every security-relevant setting.

In short, this is a security disaster.

## Solving the SaaS Posture Security Problem

We're always focused on understanding and solving the most pressing security issues facing organizations today. When we got to work on this particular SaaS issue, we understood that a great solution would have three elements:

1. \*\*Support for a comprehensive set of SaaS applications:\*\*Securing a small number of applications is a superficial approach -- it just won't work. Businesses are no longer relying on a handful of apps to increase productivity and execute critical functions.
2. \*\*Focus on security rather than compliance:\*\*The impact of just one misconfiguration can be tremendous, which is why it's critical to monitor all settings that can impact the security posture of an app and provide best practice recommendations.
3. \*\*Real-time security validation and enforcement:\*\*The ability to quickly identify and fix a detected misconfiguration is critical when having to oversee hundreds of apps and thousands of settings. Traditional app audits can only provide a point-in-time assessment. It could be over a year before the app gets revisited.

With all of this in mind, we created an SSPM solution that secures the modern consumption of SaaS.

## Introducing Next-Gen CASB with SSPM

Our Next-Gen Cloud Access Security Broker (Next-Gen CASB) with new SaaS Security Posture Management (SSPM) capabilities changes SaaS security completely by addressing an attack vector that traditional CASBs have overlooked -- the app itself. Designed to prevent data loss and reduce the risk of a security breach, SSPM encompasses all the elements that a great SaaS security solution should have, with several industry-first capabilities:

* **Broadest CASB-native app coverage**(including the most critical apps) currently provides continuous monitoring for over 40+ enterprise SaaS apps, and is targeting support for 100 apps by the end of the year. This scale is only achievable using an industry-first Posture Security Policy Engine that aligns thousands of app-specific configurations to a common security framework that an InfoSec operator can easily understand and manage.
* **Security beyond compliance**with comprehensive security best practice recommendations provides complete coverage of all settings that impact the security posture of a SaaS app (not just those on a compliance checklist).
* **Prevention-first approach** with API-driven remediation can find and fix misconfigurations, including drift prevention that locks security-critical settings in place, no matter who attempts to change them.

Palo Alto Networks Next-Gen CASB with SSPM is available with [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown), the industry's most complete SASE solution. Prisma SASE consolidates multiple point products, including Next-Gen CASB, SD-WAN, Zero Trust Network Access 2.0, Autonomous Digital Experience Management, Cloud Secure Web Gateway, and [Firewall as a Service](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) into a single integrated service, reducing network and security complexity while increasing organizational agility.

As your organization continues to adopt SaaS to enable a remote-hybrid workforce, consider our Next-Gen CASB with SSPM to continuously monitor business critical SaaS apps and prevent misconfigurations that put users and data at risk. Learn more about how [Next-Gen CASB with SSPM](https://www.paloaltonetworks.com/network-security/saas-security-posture-management?ts=markdown) can help your organization.

***Forward-Looking Statements***

*This article contains forward-looking statements that involve risks, uncertainties and assumptions, including regarding the benefits or potential benefits to customers of our products. These forward-looking statements are not guarantees of future performance, and actual results, developments and business decisions may differ from those envisaged by such forward-looking statements. There are a significant number of factors that could cause actual results to differ materially from statements made in this article. We identify certain risks and uncertainties that affect our performance in our Annual Report on Form 10-K, filed with the U.S. Securities and Exchange Commission on September 6, 2022, and our other filings with the SEC, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.*

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA](https://www.paloaltonetworks.com/blog/2024/10/data-loss-at-enterprise-scale-with-nvidia/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Uncover the Hidden Dangers in Your Identity Infrastructure](https://www.paloaltonetworks.com/blog/sase/uncover-the-hidden-dangers-in-your-identity-infrastructure/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma SASE 3.0 --- Securing Work Where It Happens](https://www.paloaltonetworks.com/blog/2024/05/prisma-sase-3-0/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Security for Interconnected SaaS](https://www.paloaltonetworks.com/blog/sase/security-for-interconnected-saas/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SaaS Security](https://www.paloaltonetworks.com/blog/network-security/category/saas-security/?ts=markdown)

[#### Next-Gen CASB \& Gamma.AI](https://www.paloaltonetworks.com/blog/2022/04/next-gen-casb-gamma-ai-data-protection/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Introducing Next Generation CASB with Prisma Access 3.0](https://www.paloaltonetworks.com/blog/2021/11/next-generation-casb-with-prisma-access-3-0/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language