The Value of Breadth and Depth in SaaS Security

An Emerging Tech report by analyst firm Gartner® focused on the ways SaaS ecosystem security products are transforming SaaS security. Among its recommendations, it wrote that product leaders must “focus on integration breadth and depth; key criteria include the number of integrated SaaS apps.”  In this blog, we’ll define terms and show what it entails based on our thoughts.

Zehava Musahanov, Content Manager Manager

In July, an Emerging Tech report by analyst firm Gartner® focused on the ways SaaS ecosystem security products are transforming SaaS security. Among its recommendations, it wrote that product leaders must “focus on integration breadth and depth; key criteria include the number of integrated SaaS apps. Prioritize critical apps.” 

As usual, to us this insight (as well as others within the report – download it today) is spot on. We feel the need for both breadth and depth in a SaaS security platform is not just a recommendation, but a responsibility for building a robust and comprehensive security posture. However, many SaaS security experts are still defining what it means to have breadth and depth. In this blog, we’ll define terms and show what it entails. 

SaaS Security Breadth

The market is brimming with SaaS applications that enable businesses to get more done. Some of these applications, such as Microsoft 365, Salesforce, and Google Workspace, have broad usage across entire enterprises. Other apps are made for departmental use. These include tools like Hubspot, used by marketing, Workday, an HR and Finance app, and GitHub, which helps R&D teams manage their development. 

Each of these applications contains sensitive data, some of which is regulated and must be secured in different countries or industries. A solution with breadth should be capable of covering all of these SaaS applications (For its part, Adaptive Shield’s solution covers more than 160 applications out of the box – 3 times as many as others in the market – and includes an integration builder so security teams can add and monitor any app).

Breadth includes more than app coverage. There are multiple security domains, such as access management, data protection, and GenAI, all of which must be monitored and secured. It also includes the detection and monitoring of third-party integrated applications, and determining their risk level based on scopes. Users – including non-human identities –, devices, and data monitoring are all part of a broad SaaS security platform 

This level of comprehensive protection covers all potential attack vectors, and reduces the likelihood of security breaches, operational interruptions, and data exfiltrations. The visibility and control across all applications generated through a SaaS Security Posture Management (SSPM) platform positions security teams for success. 

Depth in SaaS Security

There is a lot of confusion in the market when SSPM companies discuss depth. Many use it to refer to the number of security checks they run on every application. While the volume of checks may give off the impression of a comprehensive security solution, the reality is actually far more nuanced. Many of these checks are superficial and don’t address deeper, underlying risks associated with user behaviors or complex integrations. 

True SaaS security depth refers to the thoroughness and complexity of security checks in the context of how they relate to configurations, user data, permissions, and integrations. It requires an analysis of how the different elements within the applications interact with each other, as it considers the context behind actions or the vulnerabilities that might be introduced by a third-party integration.

SSPM solutions with actual depth provide a far more accurate risk assessment and identify issues that would be otherwise missed by a security check.

Combining Breadth with Depth for Robust SaaS Security

Implementing a SaaS security program with both the breadth and depth advocated for by Gartner ensures that every application is protected with strong defenses. This holistic approach to SaaS security ensures that every aspect of your applications is monitored, and all SaaS apps are fortified against potential attacks. 

This combination improves risk management, as security teams have a more accurate understanding of the risks to their applications, and provides a strong framework to manage those risks. More importantly, it enables organizations to better protect their data and operations to ensure business continues to operate as expected.

For more Gartner insights, download Emerging Tech: SaaS Ecosystem Security Products Transform SaaS Security today!

 

Gartner disclaimers:

Gartner, Emerging Tech: SaaS Ecosystem Security Products Transform SaaS Security, 19

July 2024, Lawrence Pingree, Mark Wah

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in

the U.S. and internationally and is used herein with permission. All rights reserved.

 

About the writer

Zehava Musahanov, Content Manager Manager

After completing her BA in Communications, Zehava began her career diving into the world of content writing. She recently joined Adaptive Shield as Content Manager bursting with ideas to create engaging discussion around SaaS security and the rapidly developing world of SSPM. Oh, and she does portrait drawings.