Glossary

Glossary

This glossary provides definitions of common terms and concepts related to SaaS Security Posture Management. Understanding these terms will make it easier for navigating product documentation, setting up, and maintaining a secure SaaS environment.

App

A software program or set of programs designed to perform specific tasks for the user.

App Suite

A collection of related applications that work together within a SaaS ecosystem to deliver a suite of services, such as Google Workspace or Microsoft 365. Netskope SSPM evaluates the security posture of each app within the suite and the suite as a whole, ensuring that all components comply with security policies.

Custom Rule

A custom rule is a user-defined rule, distinct from the predefined rules provided by SSPM. Custom rules allow organizations to tailor their security controls to their unique operational needs.

Finding

An outcome of a rule evaluation identified in SSPM. Findings indicate whether the rule has passed or failed. A failed status signifies that the expected configuration was either not found or incorrectly configured on the SaaS instance, while a passed status indicates that the monitored SaaS instance complies with the required check.

Inventory

A comprehensive list of resources (3rd Party Apps, Configuration, Users, Groups, etc.) managed within the SSPM platform.

NGL (Netskope Governance Language)

A Netskope specific language used in SSPM to define queries and rules. NGL enables users to write custom rules and query filters.

Policy

A set of rules that defines acceptable behaviours, actions, and controls within a cloud environment.

Remediation

The process of correcting or mitigating security risks or policy violations.

Resource

Any entity within the environment that is being monitored.

Resource Type

It is a type of configuration or resource in the SaaS app. Various resource types can be used depending on the supported app suite. Use the DOM structure of the corresponding app to identify the Resource Types that can be used in SSPM. 

Rule Categories

Broad classifications used to organize security and compliance rules in SSPM based on their purpose or focus area.

Rule Template

A pre-configured rule framework that serves as a starting point for creating a specific rule. 

3rd Party Apps

A 3rd Party App is software developed by a company or individual other than the original platform creator. For instance, apps downloaded from an app store that are not made by the device manufacturer are considered 3rd Party Apps. These apps enhance device functionality, provide additional features, and integrate with existing services.

This glossary serves as a quick reference for key terms related to SaaS Security Posture Management. Familiarity with these concepts is vital for leveraging SSPM tools effectively and maintaining a secure SaaS environment.