Cloud access security broker (CASB) is an on-premise or cloud-hosted solution that is installed between the customer endpoint (PC, Mobile, VM) and the SaaS provider (Jira, Slack, Monday). CASB solutions should enforce security and compliance policies across cloud applications. CASB solutions provide another layer of protection on top of their enterprise WAF, endpoint security and Firewall.

• Visibility - Discover cloud services and gain visibility into user activity cross identities and SaaS providers.
• Compliance - Audit, alert and fix compliance issues to support security frameworks such as CIS, NIST, HIPAA/HITECH, PCI DSS, and CSF.
• Data Loss Protection - Enforce data-centric security such as encryption, tokenization, access control, and information rights management.
• Inline Protection - Detect and respond to negligent or malicious insider threats, privileged user threats, and compromised accounts.

SaaS Security Posture Management (SSPM) is a robotic set of security tools and automation that enables the organization’s Security and IT teams to get visibility and manage the security posture of their SaaS environments. While CSPM is looking at the security posture of the Public Cloud or IaaS environments like AWS; SSPM is diving into Services that the servers (or workloads) are not under the control of the organization like Salesforce and Slack.

Some of the benefits of SSPM include:

• Visibility - Inventories all cloud assets across IaaS, PaaS or SaaS, and alerts when new items are added, who added them, and if they are secure and compliant, Etc.
• Compliance - Audit, alert and fix compliance issues to support security frameworks such as CIS, NIST, HIPAA/HITECH, PCI DSS, and CSF.
• Misconfiguration - Identifies risky configuration settings and providing visibility into the current security posture of your cloud environment.
• Audit Trail - Recognizes and logs changes in configuration and who made them, helping to identify accidental, inappropriate or malicious changes.