FAQ

Hopefully our website has answered most of your questions about Nudge Security. If not, here are some common questions we field about our product.

How does the free trial work? 

It’s super simple to get started with our 14-day free trial. Use your work email address to sign up and start discovering cloud and SaaS accounts within your own individual account. You can invite your team or your entire organization. It takes about two minutes to connect Nudge Security to your Google Workspace or Microsoft 365 account.

There’s no credit card required to get started and no pushy sales tactics either.

What does Nudge Security cost?

Check out our pricing here.

What access to Google Workspace does Nudge Security require?

Connecting Nudge Security to your own Google Workspace account is as simple as any other OAuth grant process. To connect it for your entire organization, you’ll need super admin rights to provide domain-wide delegation. Nudge Security requires read-only access. We do not permanently store emails, no human ever has access, and our access is less invasive than a spam filter.

What access to Microsoft 365 does Nudge Security require?

Connecting Nudge Security to your own Microsoft 365 account is as simple as any other OAuth grant process. To connect it for your entire organization, you’ll need an admin account for Azure Active Directory. Nudge Security requires read-only access. We do not permanently store emails, no human ever has access, and our access is less invasive than a spam filter.

Does Nudge Security read my email?

Please, we barely read our own email. Nudge Security uses API search queries that exclusively look for patterns of machine-generated emails (think: no-reply@nudgesecurity.com). We never look at outbound mail or messages between addresses in the same domain. Also, we keep a complete audit log of every email our robots scan, and, if you have a Microsoft 365 E5 license, you can verify this audit log on your side as well. 

To learn more about how we limit and safeguard our access to your email account, visit our Trust & Security page.

What about SaaS accounts created with a personal email address? 

We get this question a lot! Because Nudge Security does not monitor employees’ every move (creepy!), we do not directly detect SaaS accounts created with a personal email address. We call these “shadow root account”), however, there are a few things that help:

1. Many (not all) business-oriented SaaS providers disallow signups from free email accounts (think @gmail.com or @yahoo.com.)

2. Even if the first user is unknown, we often see secondary users invited to collaborate using their corporate email addresses.

3. People tend to use a personal email address at work if they’ve been blocked or prohibited from using a corporate address. Nudge Security works to remove such barriers so employees can adopt SaaS tools at work openly and securely.

Does Nudge Security block new or unsanctioned SaaS use?

Listen, we didn’t set out to build another security technology that sits between your employees and their work. Besides, tools that block access to SaaS applications didn’t solve shadow IT problems, they just pushed SaaS usage deeper into the shadows.

Nudge Security does not block or limit access to SaaS applications. Instead, we make it easy and automated for you to reach out to employees as soon as they start playing around with new SaaS tools, so you can guide them towards sound security decisions, whether that’s to enable security settings, use an alternative application, or even delete the account. As research shows, security nudges lead to better security outcomes than blockades.

What’s the difference between Nudge Security and a CASB?

Unlike a CASB or SASE solution, Nudge Security does not touch the corporate network or endpoints. It does not require your employees to be on a VPN or corporate network to work, nor does it require you to do an enterprise roll-out of an agent. It just works no matter what device the employee is using or where they are using it from. 

Nudge Security takes a different approach to SaaS security—one that puts employees at the center of their own SaaS adoption and use. We use a lightweight, non-disruptive  method to detect new SaaS accounts and help IT security teams to automate outreach to employees, nudging them to use an alternative application, enable MFA, or provide additional context about their SaaS use.

What’s the difference between Nudge Security and a SaaS security posture management (SSPM) or SaaS management platform (SPM)?

Most SaaS security and SaaS management platforms require that you already know which applications are in use in your organization. Nudge Security starts with SaaS discovery, so you can work to secure your entire SaaS estate, not just the vendors that procurement knows about. Some solutions do provide some pseudo-discovery capabilities, often relying on expense reports (hello? freemium apps?) or integration with a CASB or network monitoring tool. If you already have an SSPM or SPM solution that you like, Nudge Security is a great complementary service.

The other main delta is that SSPM and SPM tools often work by connecting directly with the SaaS applications they govern and often boast the number of integrations they support: 5, 20, a whopping 20. Yet,  there are some 20,000 SaaS companies on the market today and rising. It’s a sisyphean approach to solving the SaaS security problem. Nudge Security takes a different approach, one that focuses on securing the long tail of SaaS applications by first engaging employees in basic security hygiene tasks like enabling MFA.

See what you're missing.

Let’s stay in touch.

Sign up for product updates, resources, and news. We promise we'll never send you spam. Or boring emails. Ever.