We’ve released a new playbook to help you equip your employees to engage with AI tools safely. Using the playbook, you can find all the AI tools your employees are using and nudge them to review and accept your AI acceptable use policy. (Note that administrative privileges are required to view and run the playbook.)
With this new functionality you can:
Discover which AI tools are being used, and by whom.
Share your AI usage policy as soon as users create AI accounts.
Automate collection of policy acknowledgement and questions.
Guide your employees to use AI tools safely and securely.
We’ve released a new playbook to automate the process of removing abandoned accounts. Now, you can reduce unnecessary risks by minimizing your attack surface and eliminate wasted SaaS spend on unused accounts. Using the playbook, you can:
Choose a list of applications to audit all at once, including apps your users may have forgotten about.
Collect input from your workforce at scale to identify unused accounts.
Delegate the work of removing unused accounts to app owners.
Track your progress toward eliminating wasted spend and unnecessary risk.
When Nudge Security identifies abandoned accounts at your organization, you may need help from a user with administrative privileges for that app to delete them. To help you identify users with admin privileges, Nudge Security automatically designates a technical contact for each application, starting with the first user of that app. You can also reassign technical contacts manually as needed.
Now, Nudge Security has added the ability to nudge technical contacts to assist with deleting or suspending abandoned accounts and reclaiming unused licenses. The technical contact will receive a list of abandoned accounts and instructions to confirm once they have performed the appropriate actions. Once they confirm that the accounts have been removed, the account statuses will be updated automatically within Nudge Security.
Nudge Security has added new ways for you to identify and track whether your employees’ accounts are still active, enabling you to delete abandoned accounts, reclaim unused licenses, and clean up orphaned data.
Now, when you nudge users to ask if they’re still using an account, their answers will automatically apply account statuses within Nudge Security. In addition, for applications provisioned through SSO, Nudge Security will now automatically mark accounts as inactive after 90 days of inactivity.
To visualize this information, we’ve added a graph displaying account statues on each application’s overview page that can be changed manually or updated automatically in the following ways:
We’ve just released a new playbook that guides you through complete employee offboarding in alignment with Google and Microsoft best practices and automates common SaaS offboarding tasks, so you can transition employees securely and completely every time.
Now, you can:
Streamline employee lifecycle changes with a step-by-step playbook that gives you automated workflows and a single system of record for SaaS offboarding.
Set remaining employees up for success by transitioning access to critical resources and accounts.
Avoid business disruptions or surprise bills by making sure all of your departing employee’s SaaS accounts and integrations are disabled, deleted, or transitioned.
Secure corporate resources quickly and easily by revoking OAuth grants, disabling accounts, and resetting passwords directly within the Nudge Security platform.
We’ve just released the ability to revoke OAuth grants for Google Workspace and Microsoft 365 directly within Nudge Security. This new feature builds on the OAuth risk scores we delivered earlier this year by making it faster and easier to respond to risky OAuth grants. We’ve also added more context to our OAuth overviews to help you understand the permissions a grant has authorized. When Nudge Security shows you an OAuth grant with overly-permissive scopes, you can revoke it in just two clicks.
With this new functionality, you can:
Detect, investigate, and revoke risky OAuth grants without switching between different environments.
Easily clean up OAuth grants for departing employees during IT offboarding.
Swiftly quarantine a breached app in your SaaS supply chain by identifying and revoking active OAuth grants.
We’ve released a new view to show the history of all the nudges your organization has sent in one centralized page, making it easier for you to follow the messages you’re sending to employees. You can also see the nudge history for each individual application at your organization.
With this new view, you can:
See all the nudges that have been sent to your users, along with when, why, and who sent them
Find out whether users have seen your nudges yet
Track your users’ responses to queries, such as why they’ve signed up for a new application
See how long ago users were nudged so you can determine whether they need additional outreach
Today, we released a new OAuth risk scoring feature and improved the way we visualize and classify OAuth grants for easier management and risk prioritization. Additionally, you can now build custom notification rules based on flexible OAuth criteria, including setting an OAuth risk score threshold.
Here’s an interactive tour of the new and improved features:
Nudge Security customers can now subscribe to SaaS breach notifications.
When a data breach disclosure is discovered for a third- or fourth-party SaaS provider in your SaaS supply chain, Nudge Security will send you an email notification, alerting you to the potential impact of the breach. Here’s a recent example we sent to customers:
So, now whenever a SaaS data breach hits the headlines, you can quickly determine if your organization is in the blast radius.
To subscribe to breach notifications in the product, go to Settings and check “Receive breach notifications.”