How advanced technology-based solutions can offer a practical solution to the challenge of optimizing security decision-making by employees.
This is the second article in a five-part series from TAG Cyber focused on how positive influences on employee behavior can improve cyber risk posture. Read the other articles here.
Nudge Security emerged in October 22 after a period of stealth development under the direction of co-founders Jaime Blasco and Russ Spitler, former technology leaders at AT&T Alien Labs. Seed funding for the company was provided by Ballistic Ventures, which is comprised of an iconic group of cybersecurity luminaries including Roger Thornton, Barmak Meftah, Jake Seid, Ted Schlein, and Kevin Mandia.
The basic concept driving the Nudge Security offering is that employee behavior can be influenced toward improved security decision-making using a supportive technology platform. Chief amongst the goals for the platform design is the decision to ensure non-disruption of worker productivity by focusing on empowerment rather than the usual security approach of blocking, denying, and mitigating user requests.
Cybersecurity solutions for many years focused on preventing bad things from happening. More modern solutions have begun to find that shifting emphasis toward enabling good things to happen can achieve better results. This idea of empowering users, including employees, contractors, and third parties, to make good decisions is the fundamental basis for the Nudge Security platform.
The insight that drives the Nudge Security solution is that as employees interact with cloud and SaaS services, their decisions can be carefully (and properly) monitored to determine whether risk is being introduced inappropriately. By ingesting such data and communicating with the user in a non-intrusive manner, the overall decision-making process is guided toward meaningful improvement.
The general platform operation for Nudge Security is depicted in the diagram below. The primary actors in the protection ecosystem are the employees (which is shorthand for both employed staff, consultants, and other individuals with direct access to corporate resources) and the administrators of the Nudge Security platform (which is also presumed to be done by employees or other empowered staff with privileged access).
The operation is straightforward—namely, as employees interact with cloud and SaaS services such as AWS, Office 365, Salesforce, Azure, Github, Google Workspace, Slack, and Google Cloud, email notifications are regularly woven into their workflow. The Nudge Security platform ingests employee engagement and responses safely and uses this as the basis for guiding behavior.
A front-end dashboard is available to both employees and administrators to configure settings and manage accounts. A back-end system, accessible by administrators, generates email messages to employees to provide recommended guidance, training, or other information based on the observed user behavior. This is where employees gain valuable insights about their decisions—and it is presumably where they will develop better habits.
Start your free, full-featured 14-day trial of Nudge Security today.
The surge of new AI tools introduces challenges for IT and security teams. Here’s how Nudge Security can help.
This year's RSA conference focused on new strategies, technologies, and collaborations to strengthen cybersecurity and protect orgs and individuals alike.