SaaS Security

SaaS Security is an integrated CASB (Cloud Access Security Broker) solution that helps Security teams like yours meet the challenges of protecting the growing availability of sanctioned and unsanctioned SaaS applications and maintaining compliance consistently in the cloud while stopping threats to sensitive information, users, and resources. SaaS Security options include SaaS Security API (Data Security in the Cloud Management Console), SaaS Security Inline (Discovered Apps in the Cloud Management Console), and SaaS Security Posture Management (SSPM).

Use SaaS Security Inline to discover and manage risks posed by unsanctioned SaaS apps while you rely on SaaS Security API to scan assets in the cloud space for at-rest detection, inspection, and remediation across all user, folder, and file activity within sanctioned SaaS applications. SaaS Security Posture Management (SSPM) helps detect and remediate misconfigured security settings in sanctioned SaaS applications through continuous monitoring. 

With all three SaaS Security components, you have an integrated CASB that offers better security outcomes without the complexity of third-party integrations and the overhead and cost of managing the large number of vendors that exist with legacy CASBs.

Review the SaaS Security privacy datasheet for details on the privacy of the data you store in SaaS applications and how SaaS Security handles that data.

What's New

Month Feature Description
April 2024 Detailed user and group information from Cloud Identity Engine in SaaS Security Inline If you activated the Cloud Identity Engine on your tenant and configured directory sync in Cloud Identity Engine for Azure Active Directory (Azure AD), SaaS Security Inline can now obtain user information from Azure AD through the Cloud Identity Engine. This additional information is available to you in the Discovered Users view and in the Users & Groups area of the Create New Policy Recommendation page.

Behavior Threat detection Behavior Threats is a new feature in SaaS Security that helps you identify potential threats to your organization from compromised accounts, malicious insiders, and data breaches. Specifically, Behavior Threats examines how your organization’s users are interacting with sanctioned SaaS applications to identify suspicious user activities that might indicate attempts to steal or corrupt data.

Support for Custom Admin Roles in SSPM You can now create Custom Admin Roles for SSPM in the Strata Cloud Manager. With this launch, you have the extended capability of managing the Role-Based Access Control, leveraging the Identity and Access Management (I&AM) central framework for complete authentication and authorization.
January 2024 Allowed List of IP Addresses For a smooth app onboarding experience, an updated region-specific IP address list is now available. Add these IP addresses to the allowed list in your firewalls.

Onboarding Validations

You can now check onboarding status that validates if the connector has onboarded successfully. Validations have been launched for the following connectors:

  • Box
  • GitHub V2
  • Microsoft Exchange
  • Zoom

Improvements to tenant-level policy rule recommendations When you create policy rule recommendations at the tenant level, several improvements are now available, including increased tenant selection for applying policy rule recommendations and the addition of the Allow action for specific apps.

Tenant-level visibility and control for Salesforce Sales Cloud For Salesforce Sales Cloud applications, you can now detect the specific application tenants that are being accessed by users and submit policy rule recommendations at the tenant level. 

Support for Custom Admin Roles in Data Security

You can now create Custom Admin Roles for Data Security in the Strata Cloud Manager.

Autotagging recommendations for Sanctioned apps To help you identify discovered apps that you should tag as Sanctioned, SaaS Security Inline now provides tagging recommendations. Using information from the Cloud Identity Engine, SaaS Security Inline determines if a detected app is an enterprise application accessible through your identity provider.

New security and privacy attributes When you are viewing an application's attribute values in the Application Detail view in SaaS Security Inline, new security and privacy attributes are available.

Tenant-level visibility and control for Aha! ( For Aha! ( applications, you can now detect the specific application tenants that are being accessed by users and submit policy rule recommendations at the tenant level. 

Improved application searching in SaaS Security Inline

The search function in SaaS Security Inline has been improved to yield better results when searching for applications.

November 2023

Scan support for Workday App (Beta)

You can connect a Workday instance to Data Security to gain visibility into Workday User Activities. 

Interconnected SaaS: Third-party plugin detection in SSPM SSPM gives you visibility into the third-party plugins that are being used in your organization. You can then take action by approving the plugin or by revoking user access to it.

Tenant-level visibility and control for Azure OpenAI For Azure OpenAI applications, you can now detect the specific application tenants that are being accessed by users and submit policy rule recommendations at the tenant level.

Onboarding Validations You can now check onboarding status that validates if the connector has onboarded successfully. Validations have been launched for the Slack Enterprise V2 connector

For features added in earlier releases, see the SaaS Security Release Notes.


SaaS Security Release Notes

SaaS Security Administrator's Guide

Recommended Topics

Data Patterns

Learn about the types of data patterns available on Data Security—predefined, custom, and file property.

Identify Risky Unsanctioned SaaS Applications and Users

Learn how to identify and remediate risky apps on SaaS Security Inline.

Generate the SaaS Security Report

Learn how to generate the SaaS Security Report to share with your SaaS security team and executive management team.


Lightboard Series: Protect SaaS Applications with Next-Gen Security

This Lightboard video provides an overview of the key SaaS security requirements, including specific examples that showcase how our next-generation security platform provides complete SaaS control, based on users, content, and applications.

Lightboard Series - Securing Office 365

This Lightboard video is an overview on how to implement and secure Office 365.

Related Content

Enterprise DLP

Prisma Access

Book Image

Try the Podcast Series