Executive Overview
35 applications monitored · Last sync: Mar 8, 2026 07:14 EST
Portfolio Risk Score
64.2
↑ +3.1 from last quarter
Applications Monitored
35
◈ 8 critical · 14 high
SaaS Annual Spend
$4.7M
↓ $620K redundancy flagged
Open Risk Signals
18
↑ 5 critical unaddressed
Top Risk Applications
Highest composite risk score · Click row for details
| Application | Risk Tier | Control Score | Frameworks |
|---|---|---|---|
Okta SSO Identity & Access |
● Critical | NISTNYDFS | |
Veeva Vault Compliance |
● High | FFIEC | |
Workday HCM HR Technology |
● High | SOC2ISO | |
Salesforce CRM Sales & HR Ops |
● High | NISTSOC2 |
Portfolio Risk Score
64.2
Moderate–Elevated
0–40 Low
41–70 Mod
71+ High
Framework Coverage
Portfolio average
NIST CSF
67%
ISO 27001
81%
FFIEC
52%
NYDFS
44%
Application Inventory
35 applications · Vendor-agnostic · Read-only ingestion · Click any row to expand
| Application | Category | Business Owner | Risk Tier | Control Score | Frameworks | Annual Cost |
|---|
—
—
Risk Signals
18 open signals · 5 critical · Sorted by severity
Critical
5
Immediate action required
High
7
Review within 30 days
Medium
4
Monitor
Informational
2
No action required
Active Risk Signals
Framework-aligned · Read-only indicator aggregation
Okta SSO — MFA enforcement gap across 3 critical applications. Identity control score below threshold (47/100). NYDFS §500.12 compliance at risk.
Veeva Vault — Annual vendor attestation overdue by 47 days. FFIEC compliance coverage at 52%. Audit committee exposure elevated.
Workday HCM — SOC 2 Type II report expired Jan 31, 2026. Data residency confirmation pending for EU payroll module. GDPR exposure flagged.
Legacy CRM (×2 apps) — Duplicate CRM functionality with combined $340K spend. No clear business owner. Applications unreviewed for 18+ months.
Cloud Storage (×3 apps) — Three overlapping cloud storage vendors with no centralized data classification policy. Potential data residency and exfiltration risk.
Salesforce CRM — API integration with 4 downstream systems lacks formal data flow documentation. NIST CSF DE.AE-1 gap identified.
Collaboration Suite (×3 apps) — Overlapping functionality across Teams, Slack, and Webex. Combined spend: $210K. Rationalization recommended.
ServiceNow ITSM — Change management workflow not aligned to current ITIL v4 standard. 3 control gaps identified in incident logging module.
NIST CSF 2.0 Update Available — New crosswalk available for 14 applications. Portfolio alignment may improve from 67% → 74% with remapping.
DocuSign eSign — Vendor issued security advisory for enterprise tier. Patch available. No immediate threat — monitoring recommended.
Framework Alignment
NIST CSF · ISO 27001 · FFIEC · NYDFS · SOC 2 · Portfolio coverage
NIST CSF 2.0
67%
↑ 2.0 crosswalk pending
ISO 27001
81%
↑ Strongest alignment
FFIEC CAT
52%
↓ Requires attention
NYDFS §500
44%
↓ Lowest coverage
NIST CSF 2.0 Domain Coverage
Portfolio average across 35 applications
FFIEC CAT Domain Coverage
Financial sector regulatory alignment
Framework Coverage by Application
✓ Aligned ◒ Partial ✕ Gap
| Application | NIST CSF | ISO 27001 | FFIEC | NYDFS | SOC 2 |
|---|---|---|---|---|---|
| Okta SSO | ◒ Partial | ✓ Aligned | ◒ Partial | ✕ Gap | ✓ Aligned |
| Workday HCM | ✓ Aligned | ◒ Partial | ◒ Partial | ◒ Partial | ✕ Expired |
| Salesforce CRM | ◒ Partial | ✓ Aligned | ✓ Aligned | ◒ Partial | ✓ Aligned |
| Veeva Vault | ◒ Partial | ◒ Partial | ✕ Gap | ✕ Gap | ◒ Partial |
| ServiceNow ITSM | ✓ Aligned | ✓ Aligned | ✓ Aligned | ◒ Partial | ✓ Aligned |
| DocuSign eSign | ✓ Aligned | ✓ Aligned | ✓ Aligned | ✓ Aligned | ✓ Aligned |
| Splunk SIEM | ✓ Aligned | ✓ Aligned | ◒ Partial | ◒ Partial | ✓ Aligned |
Spend & Redundancy
$4.7M annualized SaaS portfolio · $620K redundancy identified
Total SaaS Spend
$4.7M
Annualized · 35 apps
Redundancy Flagged
$620K
↑ 7 applications
Low-Utilization Apps
9
◈ Under 40% active use
Optimization Potential
13%
↓ Est. $611K savings
Spend by Category
Annualized · Utilization-weighted
Redundancy Analysis
Overlapping capabilities · Consolidation candidates
CRM Overlap — Salesforce + 2 legacy CRM tools. Overlapping contact management and reporting. Consolidation saves est. $340K/yr.
Collaboration Stack — Teams, Slack, and Webex all active with overlapping use cases. Est. $210K/yr consolidation opportunity.
Cloud Storage (×3) — SharePoint, Box, and Dropbox Business running concurrently. No unified data classification policy. Est. $70K/yr savings.
Total Optimization Potential
$620,000 / yr
Across 9 applications in 3 redundancy clusters
Low-Utilization Applications
Under 40% active use · Rationalization candidates
| Application | Category | Annual Cost | Est. Utilization | Last Active Review | Recommendation |
|---|---|---|---|---|---|
| Legacy CRM A | CRM | $180K | 12% | 18 months ago | Decommission |
| Legacy CRM B | CRM | $160K | 18% | 14 months ago | Decommission |
| Webex Meetings | Collaboration | $95K | 31% | 6 months ago | Evaluate |
| Dropbox Business | Storage | $42K | 27% | 9 months ago | Evaluate |