Sign up to save your podcasts
Or
Share Analyst Chat #288: From Shadow SaaS to Shadow AI - Closing the Unowned Security Gap
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Analyst Chat #288: From Shadow SaaS to Shadow AI - Closing the Unowned Security Gap
Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere.
In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility.
In this conversation, we explore:
✅ What SSPM actually means (and why the “PM” might be limiting)
✅ How Shadow IT evolved into Shadow SaaS and Shadow AI
✅ The intersection of identity and cybersecurity in SaaS environments
✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift
✅ Why continuous monitoring beats periodic audits
✅ CASB vs SSPM vs CNAPP — where the lines blur
✅ The growing governance challenge in AI-powered SaaS
✅ Why SaaS security can’t be ignored anymore
If your organization uses SaaS (spoiler: it does), this discussion is not optional.
View all episodes
By KuppingerCole AnalystsShadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere.
In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility.
In this conversation, we explore:
✅ What SSPM actually means (and why the “PM” might be limiting)
✅ How Shadow IT evolved into Shadow SaaS and Shadow AI
✅ The intersection of identity and cybersecurity in SaaS environments
✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift
✅ Why continuous monitoring beats periodic audits
✅ CASB vs SSPM vs CNAPP — where the lines blur
✅ The growing governance challenge in AI-powered SaaS
✅ Why SaaS security can’t be ignored anymore
If your organization uses SaaS (spoiler: it does), this discussion is not optional.