Can technology be used to guide security decisions?

How advanced technology-based solutions can offer a practical solution to the challenge of optimizing security decision-making by employees.

January 6, 2023

This is the second article in a five-part series from TAG Cyber focused on how positive influences on employee behavior can improve cyber risk posture. Read the other articles here.

Nudge Security emerged in October 22 after a period of stealth development under the direction of co-founders Jaime Blasco and Russ Spitler, former technology leaders at AT&T Alien Labs. Seed funding for the company was provided by Ballistic Ventures, which is comprised of an iconic group of cybersecurity luminaries including Roger Thornton, Barmak Meftah, Jake Seid, Ted Schlein, and Kevin Mandia.

The basic concept driving the Nudge Security offering is that employee behavior can be influenced toward improved security decision-making using a supportive technology platform. Chief amongst the goals for the platform design is the decision to ensure non-disruption of worker productivity by focusing on empowerment rather than the usual security approach of blocking, denying, and mitigating user requests.

Using Nudge Security to empower the workforce

Cybersecurity solutions for many years focused on preventing bad things from happening. More modern solutions have begun to find that shifting emphasis toward enabling good things to happen can achieve better results. This idea of empowering users, including employees, contractors, and third parties, to make good decisions is the fundamental basis for the Nudge Security platform.

The insight that drives the Nudge Security solution is that as employees interact with cloud and SaaS services, their decisions can be carefully (and properly) monitored to determine whether risk is being introduced inappropriately. By ingesting such data and communicating with the user in a non-intrusive manner, the overall decision-making process is guided toward meaningful improvement.

Nudge Security platform-assisted security architecture

The general platform operation for Nudge Security is depicted in the diagram below. The primary actors in the protection ecosystem are the employees (which is shorthand for both employed staff, consultants, and other individuals with direct access to corporate resources) and the administrators of the Nudge Security platform (which is also presumed to be done by employees or other empowered staff with privileged access). 

DiagramDescription automatically generated
Nudge Security Architecture

The operation is straightforward—namely, as employees interact with cloud and SaaS services such as AWS, Office 365, Salesforce, Azure, Github, Google Workspace, Slack, and Google Cloud, email notifications are regularly woven into their workflow. The Nudge Security platform ingests employee engagement and responses safely and uses this as the basis for guiding behavior.

A front-end dashboard is available to both employees and administrators to configure settings and manage accounts. A back-end system, accessible by administrators, generates email messages to employees to provide recommended guidance, training, or other information based on the observed user behavior. This is where employees gain valuable insights about their decisions—and it is presumably where they will develop better habits. 

Start your free, full-featured 14-day trial of Nudge Security today.

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors