The most common reason people seek out Nudge Security is that they want to know what tools their employees are using. What’s out there? Who’s using what, and why?
And of course, there’s magic in seeing that question answered in real time when you sign up for a Nudge Security trial. But the real magic comes once our customers start implementing SaaS security best practices.
Security and IT teams are usually spread thin, which means it’s critical to focus on the highest-impact projects. Nudge Security offers automation and orchestration capabilities to make SaaS security best practices as easy and efficient as possible to implement—but we wanted to make it even easier to understand how you can maximize your impact and track your progress.
We recently introduced a new dashboard to help you measure key metrics that form the backbone of SaaS security posture management. We want to make it dead-simple for you to visualize the progress you’re making toward your goals, prioritize the highest-impact work, and share results.
With Nudge Security’s new dashboard, you can:
You can find the new dashboard in the “Progress” tab at the top of your screen when you log in. Within that view, you can toggle between different report types (donut chart or graph), see progress over different time ranges, and hit a button for a print-ready version for easy sharing.
Take a closer look at the dashboard in our interactive demo below. Next, we’ll get into why each of those metrics is important—and how Nudge Security helps you improve them.
The first dashboard metric looks at how many of the SaaS applications your employees are using have been designated as either Approved or Acceptable. You can view it as a donut chart to see a breakdown of statuses (pictured below), or a graph showing your progress over time (pictured in the interactive walkthrough above).
Tracking the approval statuses of your organization’s apps can help you understand the overall state of your organization’s SaaS governance program. These approval statuses provide a clear indication of whether your employees are using secure, vetted options—or whether you need to intervene to make sure they do so going forward.
Over time, you can visualize your progress toward ensuring that all of your organization’s SaaS apps are safe and secure. Here are some of the ways Nudge Security can help you get there:
1. Quickly assign approval statuses to your existing applications.
First, you can clean up approval statuses for existing applications by bulk-editing their statuses. For apps that require additional review, you can speed up that process with the security context Nudge Security provides for each app in your environment.
2. Streamline app onboarding with automation.
Nudge Security helps you onboard apps efficiently so you can easily keep approval statuses up to date. Whenever a new app is introduced to your organization, you can send an automated nudge to collect additional context, such as how the app will be used and what kinds of data it will store. This information helps you flag apps that may require deeper review, so you can focus your attention on the apps that need it most. You can also use notifications to alert your team any time a new app is introduced, helping your team stay ahead of SaaS sprawl.
3. Reinforce your policies with nudges.
Once you’ve assigned statuses to approved applications, you can create an App Directory to point employees towards sanctioned choices. And when users sidestep the directory and strike out on their own, Nudge Security makes it easy for you to reinforce safe SaaS usage with automated nudges. For example, if someone creates a dating app with their corporate email, you can automatically nudge them to delete it. If they sign up for Dropbox when your organization already pays for Box, you can automatically nudge them to use your preferred provider or request an exception.
In a world of user-led SaaS adoption, consolidating technology ownership under central IT isn’t always practical—or even realistic. It’s increasingly common for employees in areas like sales operations, marketing support, and DevOps to administer tools related to their functions.
Still, overseeing SaaS identity governance falls to IT and security teams, which means you need to identify who can help with admin tasks like managing access, cleaning up abandoned accounts, or onboarding an app to SSO. That’s why our dashboard tracks how many of your organization’s applications have a confirmed technical contact within Nudge Security.
We consider identifying a “technical contact” for each application a SaaS security best practice because it enables you to establish a scalable SaaS security and governance program with a human in the loop to help with SaaS administration. Nudge Security makes it easy to both identify the right technical contact and enlist their help with SaaS administration.
1. Keep technical contacts up to date.
By default, Nudge Security assigns every app a technical contact based on the first user of an application (that individual typically invites other users and has administrative privileges within the app). You can update or confirm that technical contact from the App Overview page, or by bulk-editing multiple apps at once. If you’re not sure, you can send a nudge to verify or update an app’s technical contact.
2. Delegate admin tasks at scale.
Using nudges, you can quickly enlist technical contacts to help with a variety of app administration tasks that they’re best equipped to handle. For example, you can nudge a technical contact to delete abandoned accounts, respond to access requests that employees submit through Nudge Security’s App Directory, or clean up accounts during employee offboarding.
“While we do have an access request process, the team that handles requests doesn’t always have admin access to the SaaS app itself, so they often end up forwarding requests to the right technical contacts. Nudge Security cuts out the middleman, so to speak, by connecting employees directly to the right SaaS admin, while still maintaining oversight of the entire access management process. This saves us valuable time and resources.” —Marcus Södervall, Head of Security at Stravito
Forgotten or unused SaaS accounts can provide bad actors with a stepping stone to corporate data—and inflate your organization’s SaaS costs due to unused licenses. Eliminating these orphaned accounts is a SaaS security best practice for minimizing both risk and cost. To help you avoid these risks, our dashboard tracks how many of your organization’s accounts have Inactive or Abandoned statuses.
Nudge Security provides automated methods for updating account statuses and cleaning up unused access, making it easy to keep on top of this metric and optimize SaaS security posture management for your organization:
1. Automatically identify inactive SSO-enabled accounts.
Nudge Security updates account statuses automatically based on whether SSO-enabled accounts have been active within the last 90 days. For apps outside of SSO, you can send a nudge asking users if they still need access, which will automatically update account statuses based on each user’s response.
2. Clean up abandoned and forgotten accounts at scale.
Nudge Security includes an automated playbook to help you identify and remove abandoned SaaS accounts. First, the playbook nudges your users asking whether they still need access. For each app with accounts that users no longer need, the playbook nudges the technical contact with instructions to revoke access, clean up lingering data, and reclaim unused licenses. You can also send either of these nudges directly from an individual App Overview.
How many of us have left a job only to realize we still have access to sensitive corporate accounts months or even years later? IT and security teams often don’t know that certain accounts exist at all, making it impossible to factor them into an offboarding process or SaaS security checklist. Unfortunately, those lingering accounts can enable unauthorized access to your corporate resources.
Complete employee offboarding is a critical component of SaaS security posture management, which is why our dashboard highlights when you have active SaaS accounts associated with inactive users and tracks your progress as you clean them up.
Nudge Security enables comprehensive employee offboarding, showing you everything a departing user has access to and accelerating SaaS offboarding with automation.
1. Identify the full scope of SaaS access to offboard.
Nudge Security’s patented discovery method automatically finds all of your employee’s cloud and SaaS access, including the accounts you didn’t know existed, giving you a strong foundation for comprehensive offboarding.
2. Automate the hardest parts of employee offboarding.
Our employee offboarding playbook helps you eliminate 90 percent of the tedious, repetitive tasks associated with offboarding. The playbook follows best practices for SaaS offboarding from Google and Microsoft and includes automated steps like revoking OAuth grants, revoking SSO access, and cleaning up accounts outside of SSO.
For many organizations, SSO is a foundational aspect of SaaS access management. Unfortunately, it can be difficult to track your organization’s progress toward complete SSO onboarding. First, you need full visibility of your organization’s SaaS to understand what still needs to be onboarded, and then you need to rule out vendors that either don’t offer SSO at all or charge the SSO tax.
Our dashboard tracks your SSO onboarding progress based on which apps in use at your organization actually support SSO, giving you a realistic look at how far you have to go.
1. Identify and prioritize apps that support SSO.
Nudge Security discovers all the applications your employees are using, including shadow IT, and shows you whether or not they support SSO. By clicking “Not yet onboarded” within the dashboard, you can see a complete list of the apps in your environment that support SSO and have not been onboarded, giving you a clear starting point to prioritize your next steps.
2. Streamline SSO onboarding.
To help you onboard apps to SSO efficiently, Nudge Security offers playbooks for SSO onboarding for Azure AD and Okta. Each playbook allows you to filter based on whether an app supports SSO as well as by category, so you can prioritize apps that may contain more sensitive information.
OAuth risks have made headlines recently, including the Google OAuth vulnerability, disclosed in December 2023, and Midnight Blizzard’s attack on Microsoft, disclosed in January 2024. As bad actors continue to abuse OAuth grants in the wild, it’s important for organizations to keep an eye on OAuth risks for SaaS security posture management.
As a SaaS security best practice, our dashboard tracks high-risk Google and Microsoft OAuth grants your users have created for applications you’ve designated as Unapproved.
Nudge Security helps you manage OAuth risks at scale in a variety of ways, giving you both oversight and control over the access your employees grant to outside applications:
1. Be alerted to high-risk OAuth grants.
Nudge Security inventories your organization’s grants and assigns OAuth risk scores to help you surface grants with dangerous or overly-permissive scopes that could be misused. Using notification rules, you can be alerted automatically any time an app creates a high-risk grant, helping you stay on top of changes that could affect your security posture.
2. Revoke risky or unused OAuth grants automatically.
Nudge Security enables you to revoke Microsoft and Google OAuth grants in just two clicks, either one at a time or in bulk. If you’d like to prune unused grants without risking disruption, you can nudge your employees to ask if they still need access. If they say no, the grants will be revoked automatically.
Find out how else Nudge Security can help you leverage SaaS security best practices and level up your organization’s SaaS security posture management.