| Where Can I Use This? | What Do I Need? |
|---|
|
|
- SaaS Security Posture Management license
Or any of the following licenses that include the Data Security license:
|
SSPM updated its terminology related to policies in July
2024. Previously, the term
policy referred to a built-in recommendation
for securing SaaS apps. Each policy was a grouping of similar settings, related to
the recommendation, across all apps. What was previously called a
policy in SSPM is now called a
rule. The purpose and
behavior of rules are the same as when they were called policies; only the name has
changed.
The term
policy now refers to an administrator-defined
grouping of SaaS app instance settings for SSPM to monitor.
From the Security Configurations view in SaaS Security Posture Management, you can quickly
identify misconfigured settings in your SaaS apps. You can then navigate to details
about a misconfigured setting to remediate the problem.
SSPM has built-in
rules for alerting you to misconfigured settings
across all SaaS apps that were onboarded to SSPM. You can also define
policies, which alert you to misconfigured settings for a group of
app instances and settings that you specify.
Rules — Rules are predefined groupings of similar settings across SaaS apps.
Each rule describes a security best practice. For each SaaS app that SSPM supports,
SSPM maps the SaaS app's settings to the related SSPM rules.
For example, SSPM defines a rule that recommends that MFA is implemented to
prevent attackers from using stolen credentials to access sensitive SaaS
apps. For Dropbox, the setting Two-step verification maps to this
rule. For Office 365, the settings that map to this rule include Enable policy to
block legacy authentication, Require MFA for all users, and
Require MFA for administrative roles. When SSPM detects that an app
setting is misconfigured, it triggers a violation for the setting. On the Security
Configurations view, SSPM changes the associated rule's status to Failed. A
daily digest email that SSPM sends to the app owner also includes information about
failed rules.
Policies — Like rules, policies are associated with SaaS app settings. The
difference is that policies are not predefined by SSPM. Instead, you
create policies to monitor specific settings for specific app
instances. This capability helps you to concentrate your attention on the
apps and settings that are most critical to your organization. When SSPM detects a
new violation status for any of the settings that the policy is tracking, SSPM
changes the policy's status to
Failed. A daily digest email that SSPM sends
to the app owner also includes information about failed policies.
For example, for the subset of apps that are most critical to your organization,
enforcing multi-factor authentication (MFA) and limiting session length might be of
primary importance to you. In this case, you could create a policy that monitors
only these critical apps and only the settings related to MFA and session duration.
If SSPM detects a new violation in these settings, SSPM updates the policy status on
the Security Configurations page. In this way, SSPM helps you track the status of
your most critical apps to maintain a healthy security posture.
