If clients ask you to do cyber risk assessments of their corporate apps (Office 365, G Suite, Salesforce, etc) and you plan to do that manually, you’re wasting time and money.

In modern workplaces, SaaS is procured and managed by business people.

While IT has visibility into core applications such as Office 365, G Suite, Slack and Zoom, they won’t know how other sensitive data bearing SaaS apps like Salesforce, JIRA, GitHub, Xero and Slack workspaces are managed by the various other business teams.

Getting on top of risks with Office 365, G Suite, and many other SaaS apps across your business begins with data insights. Do you have the data to begin?

SaaS Security Posture Management (“SSPM”) is a new Gartner category defined as “tools that continuously assess the security risk and manage the security posture of SaaS applications.”

Core capabilities include reporting the configuration of native SaaS security settings and offering suggestions for improved configuration to reduce risk. Optional capabilities include comparison against industry frameworks and automatic adjustment and reconfiguration.

If you’re a B2B business looking to or already supplying to large organisations, you will probably have noticed an uptick in the number of questions and the “proof” of information security controls asked of you for systems that host business critical and customer sensitive data.

These are not difficult questions to answer but can be very time consuming. However, your reputation may be on the line over time if you fail to provide proof to your customers that internal information security management systems (ISMS) you said you have are actually enforced.