Glossary

Access Management

practice of controlling access to specific assets. In order to secure an asset against attack/breach/exposure, limiting access to only...
Read more

Account Takeover

A type of cyber security attack where a bad actor steals the login credentials of an account. In some cases, the bad actor locks the...
Read more

Authentication

the act of verifying the identity of a user or SaaS app. In contrast with identification, the act of indicating a person or thing's...
Read more

Authorization

the function of specifying access rights and/or privileges to resources, such as SaaS apps, infrastructure, data, or devices and is...
Read more

BYOA

Bring your own application (BYOA) is the growing trend of employees using the application of their choice to perform their jobs...
Read more

BYOD

Bring Your Own Device. Employees using their personal devices to perform the duties of their job. In some cases this is approved by...
Read more

Business-led IT

Technology, software, or SaaS acquired and used by employees that is outside the purview of the central IT or security departments. In some
Read more

Cloud Access Security Broker (CASB)

CASB is an enforcement point for accessing cloud services and applications, generally deployed via a collection of services and...
Read more

Cloud Security

Cloud security is about making sure that cloud computing is safe and compliant, and that any risks associated with its use and...
Read more

Cloud Security Posture Management (CSPM)

Cloud security posture management (CSPM) is the continuous proactive process of enterprise-wide asset visibility, risk assessment, and...
Read more

Cloud environment vs SaaS environment

cloud refers to any asset or set of assets supporting digital workloads outside the physical corporate network. SaaS refers to cloud base...
Read more

Cybersecurity Mesh Architecture (CSMA)

Cybersecurity mesh architecture (CSMA) provides a security support layer to enable distinct security services work together, improving...
Read more

Dirty Environments

Enterprise IT environments with a lot of shadow SaaS, poor configurations, and lack of control...
Read more

Identity Attack Surface Management (IASM)

Identity attack surface management (IASM) is a security practice and technology solution that provides identity discovery, risk prior...
Read more

Identity Governance and Administration (IGA)

Identity governance and administration (IGA) is a set of processes, policies, and technologies used to manage digital identities and...
Read more

Identity Proofing Services

Identity-proofing services verify identities before provisioning accounts or authorized credentials to access SaaS services. These servi...
Read more

Identity Provider

Identity Provider (IdP) or Providers are security systems that are used to manage a central identity for users and employees, to define...
Read more

Identity Risk Management

Identity risk management refers to the practices used to protect enterprise identities, typically expressed in corporate email. The goal...
Read more

Identity Security

A comprehensive approach to identity security would include authenticating every identity correctly, authorizing each identity with...
Read more

Identity Security Fabric

Identity security fabric is a security architecture that provides identity-based protection for an organization's assets, systems...
Read more

Identity Security Posture Management (ISPM)

Identity security posture management (ISPM) refers to the practice of securing an organization's digital identities.
Read more

Identity Threat Detection and Response (ITDR)

Identity Threat Detection and Response (ITDR) is a security category designed and deployed to secure identities and identity-based...
Read more

Identity and Access Management (IAM)

Identity and Access Management is a set of policies, procedures, and technologies used to manage and control access to sensitive data...
Read more

Multifactor Authentication (MFA)

Multi factor authentication. One of the highest impact controls available to reduce likelihood of breach, but how can you ensure MFA is...
Read more

Nudge Security Strategy

A nudge security strategy is an approach that leverages nudges to create behavioral changes in employees to implement cybersecurity...
Read more

On-premises

Refers to software deployed within the organization's internal system along with the hardware and other infrastructure necessary for...
Read more

Open Authorization (OAuth)

Open Authorization (OAuth), is a widely used protocol for allowing third-party SaaS to access resources from a user's accounts, devices,...
Read more

Open ID Connect (OIDC)

Open ID Connect (IODC), often called “Social Login”, is a standard defined to allow users to use existing authentication method/vehicle...
Read more

Password Manager

An application that helps users store and manage their online credentials.
Read more

RBAC

Role Based Access Controls. Used to define who can access different types of assets based on their job type and role; often RBAC is used...
Read more

Remote Browser Isolation

Remote browser isolation (RBI) is a security technique designed to protect users from browser-based attacks including browser vulnerabili...
Read more

Rogue AI

AI that behaves unpredictably, maliciously, or contrary to its original programming.
Read more

SAML

Security Assertion Markup Language (SAML) is a standard for user authentication to platforms that allows SaaS applications to easily...
Read more

SaaS Identity Risk Management (SIRM)

SaaS Identity Risk Management (SIRM) is a cybersecurity category designed to address the unique challenges and risks of SaaS
Read more

SaaS Identity Sprawl

SaaS identity sprawl is a cybersecurity challenge that arises when an organization uses multiple cloud-based SaaS apps
Read more

SaaS Security

SaaS security is a set of architectures, processes, and strategies designed and implemented by companies to protect their data...
Read more

SaaS Security Control Plane (SSCP)

A SaaS Security Control Plane (SSCP) is an essential element of modern security architectures—identifying risks and threats within...
Read more

SaaS Security Posture Management (SSPM)

SaaS Security Posture Management (SSPM) is a category of products that continuously evaluate, measure, and help remediate risks...
Read more

SaaS Sprawl

SaaS publishers are marketing directly to their end user, and end users are adopting without following corporate policy around vendor sec...
Read more

SaaS application lifecycle

govern application onboarding, control sanctioned use and access, secure sensitive data, and revoke access when users no longer need acc...
Read more

Secure Access Service Edge (SASE)

Secure access service edge is a security framework aimed at guiding practitioners through a series of controls needed to enable the “work...
Read more

Secure Web Gateway (SWG)

Technology deployed to restrict web and internet activity, relationships, and connections to enforce security policy...
Read more

Shadow AI

AI technology or AI features within existing apps used by employees to do their job without the knowledge of IT or security.
Read more

Shadow IT

The use of technology, software, or SaaS used by employees to do their job without the knowledge of IT or security. Shadow IT is acquired
Read more

Shadow SaaS

SaaS applications in-use without the knowledge of IT or security. Often referred to as "business-led SaaS", shadow SaaS happens when...
Read more

Single Sign On (SSO)

Single sign on (SSO) is an authentication framework that allows users to log in to multiple, unrelated applications with a single ID and...
Read more

Software-as-a-Service (SaaS)

Applications owned, delivered, and managed by a provider whether via licensing or consumption. SaaS creates security gaps with limited...
Read more

Vulnerability Assessment

The process and outcome of identifying, enumerating, and evaluating of exposures and vulnerabilities in the SaaS attack surface....
Read more

Zombie Accounts

digital accounts that are no longer in use, but remain available creating risk exposure. Also known as abandoned accounts, zombie account...
Read more
medal icon

Don’t compromise

secure SaaS across 100% of applications across devices and users

thumbs up like icon

Make it simple

don’t require incremental expertise or resourcing

money coin icon

Make it cost effective

self explanatory

megaphone icon

No marketing fluff

hopefully even more self explanatory

Back arrow
01
/06
Next arrow

Talk to an Expert

Request a consultation and receive more information about how you can gain visibility to shadow IT and control access to these apps.

Your request has been sent
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.