As technology adoption has shifted to be employee-led, IT and security teams are contending with an ever-expanding SaaS attack surface. At the same time, they are often spread thin, meaning they need ways to quickly identify and prioritize the highest-impact projects.
Nudge Security discovers all SaaS apps ever introduced by anyone in your organization and offers automation and orchestration capabilities to make it easy to implement SaaS security best practices. Additionally, a new dashboard helps you measure key metrics that form the backbone of SaaS security posture management.
Read on to see how you can use Nudge Security to assess SaaS security, prioritize your efforts, and visualize the progress you’re making toward your goals.
Are your employees using approved applications?
The first metric summarizes how many of the SaaS applications your employees are using have been designated as either Approved or Acceptable. Tracking the approval statuses of your organization’s apps can help you understand the overall state of your SaaS governance efforts.
Track approved SaaS usage
With Nudge Security, you can assign statuses to approved applications and share an App Directory to point employees towards sanctioned choices. If users sidestep the directory and introduce other apps, you can automate “nudges” to point them to approved alternatives.
Is there a designated technical contact for each application?
In a world of user-led SaaS adoption, consolidating technology ownership under central IT isn’t always practical—or even realistic. Still, overseeing SaaS identity governance falls to IT and security teams, which means they need to maintain an up-to-date list of who can help with day-to-day SaaS admin tasks.
Orchestrate SaaS governance via technical contacts
By default, Nudge Security assigns every app a technical contact based on the first user of an application. And, you can periodically “nudge” the presumed technical contact to ask them to verify if they are the right person, or designate a new technical contact.
Do you have abandoned or inactive accounts?
Forgotten or unused SaaS accounts can provide bad actors with a stepping stone to corporate data—and inflate your organization’s SaaS costs. To help you avoid these risks, the dashboard tracks how many of your organization’s accounts have Inactive or Abandoned statuses.
Curb SaaS sprawl by deactivating unused accounts
Nudge Security updates account statuses automatically based on whether SSO-enabled accounts have been active within the last 90 days. For apps outside of SSO, you can send a nudge asking users if they still need access, and automatically nudge the technical contact for each app to revoke access (and reclaim licenses) for any accounts that are no longer needed.
Do former employees have lingering access?
How many of us have left a job only to realize we still have access to sensitive corporate accounts months or even years later? Unfortunately, those lingering accounts can enable unauthorized access to your corporate resources.
Complete IT offboarding is a critical component of SaaS security posture management, which is why the dashboard highlights when you have active SaaS accounts associated with inactive users.
Ensure complete IT offboarding
Additionally, Nudge Security automates many of the tedious, repetitive tasks associated with IT offboarding like revoking OAuth grants, revoking SSO access, and resetting passwords for accounts outside of SSO.
Are your apps fully onboarded to SSO?
While SSO is a SaaS security best practice, it can be difficult to track progress toward enrolling apps in SSO. The dashboard tracks your SSO onboarding progress based on which apps in use at your organization actually support SSO, giving you a realistic look at how far you have to go.
Track and prioritize SSO deployment efforts
And, Nudge Security includes playbooks to automate the manual tasks required to orchestrate SSO onboarding into Azure AD and Okta. Each playbook allows you to filter apps based on whether it supports SSO, as well as by app category, so you can prioritize apps that contain sensitive information.
Are OAuth grants jeopardizing security?
OAuth grants have made headlines recently as bad actors are finding ways to exploit them to gain access to valuable data. To help surface OAuth risks, the dashboard tracks high-risk Google and Microsoft OAuth grants that have been created for applications you’ve designated as Unapproved.
Identify and mitigate OAuth risks
Nudge Security discovers and inventories your organization’s OAuth grants and assigns risk scores to help surface grants with dangerous or overly-permissive scopes. Additionally, it enables you to revoke Microsoft and Google OAuth grants in just two clicks. And, you can nudge your employees to ask if they still need a particular OAuth grant and automatically revoke it if it’s no longer needed.
Start improving SaaS security today
Nudge Security gives IT and security teams complete visibility of every SaaS asset ever created in their orgs, and real-time alerts as new accounts are created. With this visibility, you can eliminate shadow IT, secure rogue accounts, minimize the SaaS attack surface, and automate tedious tasks, all without impeding the pace of work.
Start a free 14-day trial here.