Perspectives from Nudge Security, transforming SaaS security for today's highly distributed organizations.
Why the classic physics challenge might feel familiar to those operating within the “shared security model” for SaaS applications.
Why the classic physics challenge might feel familiar to those operating within the “shared security model” for SaaS applications.
While the convenience of integration can boost productivity, the cybersecurity risks can be significant.
While the convenience of integration can boost productivity, the cybersecurity risks can be significant.
Non-human identities have increased our attack surface—and with it, the management headache that defines the modern stack of business technology.
Non-human identities have increased our attack surface—and with it, the management headache that defines the modern stack of business technology.
With the rise in threat campaigns targeting SaaS instances, we need a shared responsibility model that includes employees as well as IT security teams.
With the rise in threat campaigns targeting SaaS instances, we need a shared responsibility model that includes employees as well as IT security teams.
An active threat campaign targeting Snowflake customers underscores an all-too-common attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.
An active threat campaign targeting Snowflake customers underscores an all-too-common attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.
Four key areas to consider when you’re investigating an OAuth grant, and how Nudge Security can help.
Four key areas to consider when you’re investigating an OAuth grant, and how Nudge Security can help.
Five ways Nudge Security's patented SaaS discovery can help you gain the visibility you need, secure your newly expanded SaaS estate, and plan for the future.
Five ways Nudge Security's patented SaaS discovery can help you gain the visibility you need, secure your newly expanded SaaS estate, and plan for the future.
A look back at the highlights, themes, and insights from Nudge Security’s “Overshadowed” interview series.
A look back at the highlights, themes, and insights from Nudge Security’s “Overshadowed” interview series.
A conversation about data and identity with Steve Zalewski, former CISO of Levi Strauss and a seasoned security advisor.
A conversation about data and identity with Steve Zalewski, former CISO of Levi Strauss and a seasoned security advisor.
A guide to winning friends and influence during your first 90 days in an InfoSec leadership role
A guide to winning friends and influence during your first 90 days in an InfoSec leadership role
A newly disclosed Google OAuth vulnerability allows former employees to retain access to corporate resources like Slack and Zoom, even after suspending their corporate Google accounts. Here’s what it means for your SaaS security posture and how Nudge Security can help.
A newly disclosed Google OAuth vulnerability allows former employees to retain access to corporate resources like Slack and Zoom, even after suspending their corporate Google accounts. Here’s what it means for your SaaS security posture and how Nudge Security can help.
While 2024 will undoubtedly throw some curveballs, one sure bet is that modern work will continue to happen across cloud and SaaS applications.
While 2024 will undoubtedly throw some curveballs, one sure bet is that modern work will continue to happen across cloud and SaaS applications.
Managing a sprawling web of OAuth grants is an unmanaged risk most organizations are just beginning to understand. Here’s how we can help.
Managing a sprawling web of OAuth grants is an unmanaged risk most organizations are just beginning to understand. Here’s how we can help.
Instead of harping on awareness, it's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.
Instead of harping on awareness, it's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.
How dark patterns in the go-to-market strategies of B2B SaaS companies are designed to work against IT and security—and what you can do about it.
How dark patterns in the go-to-market strategies of B2B SaaS companies are designed to work against IT and security—and what you can do about it.
When offboarding users, don't let their their lingering OAuth grants don’t come back to haunt you.
When offboarding users, don't let their their lingering OAuth grants don’t come back to haunt you.
Why modern data governance requires a full inventory of SaaS apps and accounts in use at your organization.
Why modern data governance requires a full inventory of SaaS apps and accounts in use at your organization.
Nudge Security CEO Russ Spitler welcomes Ira Winkler, CISO of CYE Security, to discuss principles for designing a security program that engages employees.
Nudge Security CEO Russ Spitler welcomes Ira Winkler, CISO of CYE Security, to discuss principles for designing a security program that engages employees.
Why IT and security leaders need a new approach to securing and governing access to new cloud-delivered technologies.
Why IT and security leaders need a new approach to securing and governing access to new cloud-delivered technologies.
Nudge Security CEO Russ Spitler welcomes Malcolm Harkins to discuss the balance of risk vs. friction that must be considered when designing a security program.
Nudge Security CEO Russ Spitler welcomes Malcolm Harkins to discuss the balance of risk vs. friction that must be considered when designing a security program.
Learn best practices for assessing OAuth risks in your organization.
Learn best practices for assessing OAuth risks in your organization.
Nudge Security CEO Russ Spitler welcomes Tony Simone to discuss how Incident Response has changed with widespread SaaS adoption and SaaS-to-SaaS integrations.
Nudge Security CEO Russ Spitler welcomes Tony Simone to discuss how Incident Response has changed with widespread SaaS adoption and SaaS-to-SaaS integrations.
Thus far, IT automation has failed to address the hardest parts of employee offboarding. Here’s what IT and operations professionals need to know.
Thus far, IT automation has failed to address the hardest parts of employee offboarding. Here’s what IT and operations professionals need to know.
Nudge Security CEO Russ Spitler welcomes Kunal Anand to discuss the challenges IT and security practitioners face trying to secure their SaaS ecosystem.
Nudge Security CEO Russ Spitler welcomes Kunal Anand to discuss the challenges IT and security practitioners face trying to secure their SaaS ecosystem.
Nudge Security CEO Russ Spitler welcomes Dave Anderson to discuss how IT offboarding has changed with the explosion of SaaS and cloud applications.
Nudge Security CEO Russ Spitler welcomes Dave Anderson to discuss how IT offboarding has changed with the explosion of SaaS and cloud applications.
In the age of SaaS, the old IT offboarding playbook of “disable AD account, forward email, recover and wipe device, and call it a day” is no longer enough.
In the age of SaaS, the old IT offboarding playbook of “disable AD account, forward email, recover and wipe device, and call it a day” is no longer enough.
The new management problem organizations must solve is safeguarding the modern mesh of SaaS and cloud accounts.
The new management problem organizations must solve is safeguarding the modern mesh of SaaS and cloud accounts.
Eight steps to ensure complete employee offboarding for SaaS and cloud accounts, including the OAuth grants, resources, and passwords you’re most likely forgetting.
Eight steps to ensure complete employee offboarding for SaaS and cloud accounts, including the OAuth grants, resources, and passwords you’re most likely forgetting.
While SSO helps to streamline employee onboarding and offboarding efforts, it’s only one piece of the SaaS identity and access puzzle.
While SSO helps to streamline employee onboarding and offboarding efforts, it’s only one piece of the SaaS identity and access puzzle.
This year's RSA conference focused on new strategies, technologies, and collaborations to strengthen cybersecurity and protect orgs and individuals alike.
This year's RSA conference focused on new strategies, technologies, and collaborations to strengthen cybersecurity and protect orgs and individuals alike.
Nudge Security CEO Russ Spitler welcomes Ed Amoroso to discuss how the modern attack surface has changed with the explosion of SaaS adoption.
Nudge Security CEO Russ Spitler welcomes Ed Amoroso to discuss how the modern attack surface has changed with the explosion of SaaS adoption.
Why groups aren't the best option for shared SaaS access, and how Nudge Security helps you monitor your organization's groups and their privacy settings.
Why groups aren't the best option for shared SaaS access, and how Nudge Security helps you monitor your organization's groups and their privacy settings.
Between wasted AWS credits, unexpected bills, and abuse, the potential cost of unmonitored AWS accounts can add up quickly.
Between wasted AWS credits, unexpected bills, and abuse, the potential cost of unmonitored AWS accounts can add up quickly.
While AI tools like ChatGPT can be a boon for productivity, they also raise security and privacy concerns. What can IT and security teams do to minimize the risks?
While AI tools like ChatGPT can be a boon for productivity, they also raise security and privacy concerns. What can IT and security teams do to minimize the risks?
Why applying the concepts of zero trust broadly to employees is a dangerous mistake for cybersecurity programs.
Why applying the concepts of zero trust broadly to employees is a dangerous mistake for cybersecurity programs.
How can you effectively secure your company’s cloud accounts when you don’t know that they exist?
How can you effectively secure your company’s cloud accounts when you don’t know that they exist?
Enterprise teams would be wise to begin implementing an action plan that will help guide employees toward making better cybersecurity decisions in their day-to-day work.
Enterprise teams would be wise to begin implementing an action plan that will help guide employees toward making better cybersecurity decisions in their day-to-day work.
While blocking may make you feel more secure, the truth is that it’s likely incentivizing more risky behaviors.
While blocking may make you feel more secure, the truth is that it’s likely incentivizing more risky behaviors.
When poor cybersecurity decisions are made by employees, the negative impact on the enterprise supply chain can be significant.
When poor cybersecurity decisions are made by employees, the negative impact on the enterprise supply chain can be significant.
With more access to technology and systems than ever before, it has become essential that employees make informed cybersecurity decisions.
With more access to technology and systems than ever before, it has become essential that employees make informed cybersecurity decisions.
Shadow IT is no longer a problem to solve—it’s a reality of modern work that must be accepted and redirected.
Shadow IT is no longer a problem to solve—it’s a reality of modern work that must be accepted and redirected.
A perfect storm of SaaS sprawl, shadow IT, and remote teams makes SOC 2 certification a particularly daunting task.
A perfect storm of SaaS sprawl, shadow IT, and remote teams makes SOC 2 certification a particularly daunting task.
In a world of distributed teams, the tools of the past simply can’t find shadow IT.
In a world of distributed teams, the tools of the past simply can’t find shadow IT.
How advanced technology-based solutions can offer a practical solution to the challenge of optimizing security decision-making by employees.
How advanced technology-based solutions can offer a practical solution to the challenge of optimizing security decision-making by employees.
In a world of remote teams and freemium offers, the tools of the past can’t curb SaaS sprawl.
In a world of remote teams and freemium offers, the tools of the past can’t curb SaaS sprawl.
Our product uses a powerful SaaS discovery method—but there’s one type of account it can’t find.
Our product uses a powerful SaaS discovery method—but there’s one type of account it can’t find.
That’s a wrap on Year One at Nudge Security. Here’s a look back at the highlights of our first year.
That’s a wrap on Year One at Nudge Security. Here’s a look back at the highlights of our first year.
Network monitoring and expense report analysis simply don’t work. The perfect side-channel attack on Shadow IT? Your inbox.
Network monitoring and expense report analysis simply don’t work. The perfect side-channel attack on Shadow IT? Your inbox.
CISOs used to be advised to “think like a hacker.” Now, facing mounting risks associated with SaaS sprawl and shadow IT, CISOs must learn to think like SaaS entrepreneurs.
CISOs used to be advised to “think like a hacker.” Now, facing mounting risks associated with SaaS sprawl and shadow IT, CISOs must learn to think like SaaS entrepreneurs.
Understanding how employee decisions affect cybersecurity posture is a critical first step in establishing a technology-based program that guides them toward making better choices.
Understanding how employee decisions affect cybersecurity posture is a critical first step in establishing a technology-based program that guides them toward making better choices.
Our guide to adjusting vendor security assessments to match the pace and complexity of modern work.
Our guide to adjusting vendor security assessments to match the pace and complexity of modern work.
Single sign-on is a qualifying condition for any modern product—not a premium feature that warrants a price bump.
Single sign-on is a qualifying condition for any modern product—not a premium feature that warrants a price bump.
For a clear picture of supply chain risk, the real bill of materials we need is the cumulative set of integrated software, SaaS, PaaS, and IaaS.
For a clear picture of supply chain risk, the real bill of materials we need is the cumulative set of integrated software, SaaS, PaaS, and IaaS.
Conversations about privacy are complex, but they’re essential for creating safety, equity, and understanding.
Conversations about privacy are complex, but they’re essential for creating safety, equity, and understanding.
An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.
An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.
Recent data breaches at Signal, Twilio, MailChimp, and others underscore the imperative of securing the SaaS supply chain.
Recent data breaches at Signal, Twilio, MailChimp, and others underscore the imperative of securing the SaaS supply chain.
As workers prioritize flexible work and learning opportunities, organizational leaders must focus on creating a positive employee experience.
As workers prioritize flexible work and learning opportunities, organizational leaders must focus on creating a positive employee experience.
When data breaches make headlines, it’s often difficult to know whether or not your organization sits in the blast radius.
When data breaches make headlines, it’s often difficult to know whether or not your organization sits in the blast radius.