Next-Gen CASB with SSPM Secures the SaaS Apps Business Runs On

Sep 13, 2022
5 minutes
... views

Just about every business in the world is running on SaaS applications. At the same time, very few of these businesses have a handle on how all of their SaaS apps are configured and whether they’re configured in a secure way.

The typical enterprise depends on over 100+ sanctioned SaaS apps to get work done – from video conferencing to messaging and collaboration, and much more. An organization using 100+ business critical SaaS apps, with 10s to 100s of settings each, is now responsible for ensuring thousands of settings are properly configured. Further, SaaS is owned and managed by various application owners across multiple business units, who are focused on making the apps increasingly easier for users. In this reality, it’s impossible for InfoSec to maintain a secure environment. What’s needed is real-time, constant and comprehensive visibility and control over every security-relevant setting.

In short, this is a security disaster.

Solving the SaaS Posture Security Problem

We’re always focused on understanding and solving the most pressing security issues facing organizations today. When we got to work on this particular SaaS issue, we understood that a great solution would have three elements:

  1. Support for a comprehensive set of SaaS applications: Securing a small number of applications is a superficial approach – it just won’t work. Businesses are no longer relying on a handful of apps to increase productivity and execute critical functions.
  2. Focus on security rather than compliance: The impact of just one misconfiguration can be tremendous, which is why it’s critical to monitor all settings that can impact the security posture of an app and provide best practice recommendations.
  3. Real-time security validation and enforcement: The ability to quickly identify and fix a detected misconfiguration is critical when having to oversee hundreds of apps and thousands of settings. Traditional app audits can only provide a point-in-time assessment. It could be over a year before the app gets revisited.

With all of this in mind, we created an SSPM solution that secures the modern consumption of SaaS.

Introducing Next-Gen CASB with SSPM

Our Next-Gen Cloud Access Security Broker (Next-Gen CASB) with new SaaS Security Posture Management (SSPM) capabilities changes SaaS security completely by addressing an attack vector that traditional CASBs have overlooked – the app itself. Designed to prevent data loss and reduce the risk of a security breach, SSPM encompasses all the elements that a great SaaS security solution should have, with several industry-first capabilities:

  • Broadest CASB-native app coverage (including the most critical apps) currently provides continuous monitoring for over 40+ enterprise SaaS apps, and is targeting support for 100 apps by the end of the year. This scale is only achievable using an industry-first Posture Security Policy Engine that aligns thousands of app-specific configurations to a common security framework that an InfoSec operator can easily understand and manage.
  • Security beyond compliance with comprehensive security best practice recommendations provides complete coverage of all settings that impact the security posture of a SaaS app (not just those on a compliance checklist).
  • Prevention-first approach with API-driven remediation can find and fix misconfigurations, including drift prevention that locks security-critical settings in place, no matter who attempts to change them.

Palo Alto Networks Next-Gen CASB with SSPM is available with Prisma SASE, the industry’s most complete SASE solution. Prisma SASE consolidates multiple point products, including Next-Gen CASB, SD-WAN, Zero Trust Network Access 2.0, Autonomous Digital Experience Management, Cloud Secure Web Gateway, and Firewall as a Service into a single integrated service, reducing network and security complexity while increasing organizational agility.

As your organization continues to adopt SaaS to enable a remote-hybrid workforce, consider our Next-Gen CASB with SSPM to continuously monitor business critical SaaS apps and prevent misconfigurations that put users and data at risk. Learn more about how Next-Gen CASB with SSPM can help your organization.

Forward-Looking Statements

This article contains forward-looking statements that involve risks, uncertainties and assumptions, including regarding the benefits or potential benefits to customers of our products. These forward-looking statements are not guarantees of future performance, and actual results, developments and business decisions may differ from those envisaged by such forward-looking statements. There are a significant number of factors that could cause actual results to differ materially from statements made in this article. We identify certain risks and uncertainties that affect our performance in our Annual Report on Form 10-K, filed with the U.S. Securities and Exchange Commission on September 6, 2022, and our other filings with the SEC, each of which are available on our website at and on the SEC's website at All forward-looking statements in this release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.