Private/internal repositories limit package access to authorised clients and users, without sharing packages to the world. If you need internal software distribution mechanics, or if you want to support license-based software distribution, then private repositories facilitates these.
Malware scanning on every package at the point of upload helps to ensure that your ecosystem is free from malware and other potentially unsafe constructs. Watch this space for additional vulnerability management.
Single Sign-On / SAML
Management and on-boarding of users for your team can be problematic, especially when working at scale. With SSO you'll be able to link Cloudsmith to an external authentication service, for automatic provisioning of users. In other words, you can user your existing directory services to manage your Cloudsmith organisation.