SSPM Insights from Justin Lam, Analyst at 451 Research

Why every CISO needs to read this

SaaS usage isn’t just growing; it’s become the backbone of modern enterprises' operations, from development pipelines to business operations. As boundaries blur between IT, security, application owners, and business users, the SaaS attack surface explodes. That’s why Justin Lam’s two-part research series on SaaS Security Posture Management (SSPM) is essential reading for today’s CISOs. Lam not only diagnoses the complexity of today’s SaaS risks but also spells out the blueprint for securing them.

At Vorlon, we see these realities every day. We want to help security teams better anticipate and accommodate for new SaaS and service adoption, so that your security team can move together with greater cohesion with lines-of-business more proactively and effectively. 

At Vorlon, we believe security isn’t just about saying “yes” safely. It’s about helping teams unlock the full value of their tools. True enablement means knowing the outcome of secure adoption. For example, one customer used Vorlon to confidently integrate a new AI-driven marketing tool and flagged a risky token before launch. That’s the kind of insight that transforms security from gatekeeper to growth partner.

Our platform was purpose-built to address the very challenges and opportunities Justin highlights. Read on for the key lessons from Lam’s reports, real-world proof points from Vorlon customers, and a pragmatic checklist to help you turn insight into action.

SaaS is the new core infrastructure, and a new kind of risk multiplier

Justin Lam’s research spotlights how SaaS is now the foundation of enterprise IT, from CI/CD to databases and beyond. SaaS has been adopted in large volumes to drive massive productivity gains, and these trends will only accelerate as enterprises continue their GenAI transformations. Yet with this shift comes a sprawling web of connected apps, integrations, and shadow IT, turning every integration into a potential risk vector.

The security industry often swings too far in one direction. Sometimes we chase productivity without putting proper safeguards in place. Other times we apply rigid controls that stall progress. When reward and risk are out of balance, the entire enterprise becomes unstable.

We’ve seen AI copilots trigger workflows they were never meant to access. Business units sometimes connect unsanctioned apps that expose sensitive data. And when the response is to lock everything down, it creates a false sense of safety. That is not resilience. That is retreat.

Lam’s research highlights the need for a healthier posture. Security teams must anticipate how tools are adopted and provide real-time guardrails, not just react after something breaks.

Vorlon delivers comprehensive visibility across your entire SaaS ecosystem. This includes not just individual apps, but every integration, API, sensitive data flow, and in-house custom connection. That level of coverage is critical for preventing lateral movement from one SaaS app or service to another.

Closing the SaaS logging blind spot: bringing the invisible into focus

A standout finding in Lam’s reports: most SSPMs struggle with the “blind spot” created by inconsistent SaaS vendor logs and APIs. Our own research confirms this gap. Fifty percent of SaaS vendors require special support or fees to access their security logs (and most are still woefully incomplete). 

Vorlon’s proprietary DataMatrix™ technology, multi-source telemetry, and behavioral analytics fill these gaps, providing actionable visibility even when SaaS vendors fall short.

Unifying SaaS, DLP, and AI security

Lam notes that the lines between SSPM and DLP are blurring fast, as data flows become the new perimeter and non-human identities (AI agents, bots, service accounts) proliferate. Vorlon’s platform treats these as first-class citizens, offering seamless, adaptive DLP and mapping agentic activity to mitigate human and automated threats.

Solving the SaaS governance puzzle

Fragmented governance is a recurring theme in Lam’s research. Vorlon’s “Act fast. Act together.” approach empowers every stakeholder with shared insights and workflows. This is how organizations break down silos and reduce risk, fast.

“Vorlon has improved cross-functional collaboration, from IT and SecOps to application development. Shared insights enable us to identify risks and detect third-party threats faster. Vorlon has delivered organization-wide benefits.”

— Kelly Haydu, VP Information Security, CarGurus

Lam’s research, and our own experience, makes one thing clear. Security can no longer operate in isolation. CISOs must become bridge-builders, not border guards. That means sharing insights with app owners, building trust with compliance leaders, and co-owning outcomes with IT. Security can be the connective tissue that brings fragmented stakeholders into alignment.

Proactive, continuous risk profiling

Lam’s research underscores the importance of continuous risk profiling, not just point-in-time snapshots. Vorlon delivers continuous, real-time risk scoring for every app, secret, and identity (human or non-human) in your environment, so you’re always a step ahead.

Vorlon is how CISOs turn that insight into action, unifying SaaS and AI security, empowering every stakeholder, and staying ahead of the next risk. 

CISO checklist: How mature is your SaaS security?

SaaS security maturity depends on how well you align with the way your organization actually adopts and integrates new services. Lam’s research reminds us that security shouldn't be an afterthought. Instead, it should move in step with the business.

Use this checklist to evaluate whether your current strategy reflects that reality:

1. Do you have unified visibility across all SaaS apps, connected services, identities, and sensitive data flows?
   
   
2. Can you detect and investigate threats even when SaaS vendor logs are incomplete?
   
   
3. Are both human and non-human (AI, bots, service accounts) identities mapped and monitored?
   
   
4. Are you meeting your industry’s compliance requirements (HIPAA, SOX, PCI, GDPR) for SaaS?
   
   
5. Can every stakeholder in your SaaS security program access relevant insights and act fast in an appropriate way for each of their roles?
   
   
6. Do you have adaptive, agentless DLP for data flows in your SaaS ecosystem?
   
   
7. Is risk profiling continuous and near real-time, not just a static snapshot?
   
   

If you answered “no” to any of these, schedule a demo with Vorlon.

Webinar: No boundaries: Why AI and SaaS are now the same attack surface

Join Justin Lam and Vorlon’s CEO as they discuss the future of unified SaaS and AI security.
Register now

About Justin Lam

Justin Lam is a senior research analyst at S&P Global Market Intelligence, leading data security research within the Information Security channel since October 2021. At S&P Global Market Intelligence, Justin leverages his years of industry experience and his unique understanding of both how customers buy and why sellers sell to help investors, practitioners and entrepreneurs understand and contextualize industry trends. Prior to this role, Justin successfully served and advised numerous startups in information and data security in strategy, sales and partner-development roles. He has built worldwide partnership and sales programs from scratch and has been fortunate enough to earn several “Presidents Club” and “Quota Club” awards. Within these startups, Justin has held both technical and enterprise customer-facing roles, with assignments in engineering, product management, customer success, consulting, prospecting and closing. Justin has been part of five exits, including two IPOs. He has also seen the process evolution of data security adoption. Justin holds a Bachelor of Science degree from the Tepper School of Business at Carnegie Mellon University.

About the author

Elias Terman 
VP of Marketing at Vorlon