Adaptive Shield Takes Aim at Complex Permissions: New Features Boost SaaS Security

By Greg Tavarez

SaaS applications present a unique challenge due to the way apps assign access permissions, known as entitlements. Unlike traditional on-premises software with a centralized control system, SaaS applications have their own permission structures, often complex and dispersed. This creates what many might call “a labyrinth” for security teams and app owners trying to maintain a secure and compliant environment.

The root of the problem lies in the heterogeneity of SaaS solutions. The likes of Salesforce, Workday, M365, Zendesk and Google Workspace have their own terminology for user roles and permissions, displayed through varying UIs. This inconsistency makes it difficult for security teams to understand and audit access controls across the entire SaaS landscape.

The lack of standardization is a problem. Complex permission structures become breeding grounds for misconfigurations, where access is accidentally granted or left overly broad. Auditing these configurations requires security teams to become experts on each individual platform. Furthermore, with entitlements spread across various applications, the big picture of user permissions gets lost, which hinders efforts to identify potential security weaknesses.

Compounding the issue is the challenge of managing data entitlements. SaaS applications often allow for easy external sharing of documents, boards and repositories. While this does create that sense of collaboration, it also creates a vulnerability.

Security teams lack comprehensive visibility into external sharing activities. This makes it difficult to detect whether data is being shared inadvertently or maliciously and can lead to sensitive information falling into the wrong hands, potentially causing financial and reputational damage.

To secure emerging SaaS attack surfaces, Adaptive Shield extended the capabilities of its SaaS Security Posture Management, or SSPM, unified platform to cover complex permissions and shared data.

Adaptive Shield is an SSPM platform that integrated with over 150 applications and fully automated security management at depth throughout the increasingly complex SaaS app stack.

The first of the new capabilities, the Permission Inventory feature, gives customers deep visibility into permission structures at the SaaS stack level through an automated approach. Core capabilities include permissions consolidation from multiple areas within the application, normalization of permissions across multiple tenants and applications and centralized discovery of roles and aggregated permissions.

The Data Inventory feature enables customers to prevent data leakage. Key among the benefits:

  • Identify all publicly shared data from SaaS apps such as Microsoft OneDrive, Google Drive and more, and determine which needs to be further protected.
  • Find outlived data or those no longer being used and revoke.
  • Recognize which resources are shared externally and sort by user, date, department and former employees.
  • Receive alerts to suspicious connections from external domains.

“SaaS security impacts the entire organization, affecting security teams, auditors and app owners,” said Maor Bin, CEO and co-founder of Adaptive Shield. “Our platform consolidates and unifies all threat prevention and detection efforts, allowing enterprises to safely rely on both out-of-the-box and homegrown SaaS applications.”



Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

The Next SOC Shift Is Here: Autonomous Identity Response for MSPs

By: Erik Linask    7/8/2026

Blackpoint Cyber's new AI SOC Agent for Identity Threat Detection and Response gives MSPs an autonomous, human-guided way to contain high-confidence c…

Read More

Identity Is the New Perimeter and MSPs Are on the Front Line

By: Erik Linask    7/8/2026

Barracuda's acquisition of Evo Security expands BarracudaONE with MSP-focused IAM and PAM capabilities, highlighting how identity resilience is becomi…

Read More

MSPs: The Network Is No Longer Someone Else's Problem

By: Erik Linask    6/30/2026

Reinvent's new MyCloud SecureLink offering gives MSPs and resellers a partner-ready way to deliver managed SD-WAN, network security, and resilient con…

Read More

Why the Fastest-Growing MSPs Are Saying "No" More Often

By: Special Guest    6/30/2026

The fastest-growing MSPs in the U.S. are boosting margins, reducing cyber risk, and scaling more sustainably by adopting stricter customer qualificati…

Read More

The AI ROI Problem Was Never About the Model; It's About Integration

By: Erik Linask    6/24/2026

Xurrent's new built-in iPaaS is designed to help AI agents move from recommendation to execution by connecting ITSM workflows directly to systems like…

Read More