Earlier this year, we announced our mission to secure modern organizations through the power of the modern workforce, along with a $7 million seed round led by Ballistic Ventures. We launched an early access program and have been engaged with security, compliance, and IT operations leaders to break down the big problem statements related to securing modern work. We’ve been working hard to build a product that tackles these problems at scale, and today, we are excited to announce general availability with a free 14-day trial.
Before we go any further, we want to acknowledge everyone who took part in our early access by listening to our pitch (and challenging us on it), making introductions, and providing feedback on prototypes and early versions of the product. Your participation has produced a wellspring of “Eureka!” moments for us these past few months. A special thanks goes to our early adopter customers whose confidence and trust in us is what really moves us forward.
All right—let’s talk product.
What is Nudge Security?
Nudge Security is a SaaS security platform that discovers SaaS assets as they are created across distributed organizations, maps digital supply chain risk, and automates SaaS security tasks, with a unique focus on automatically nudging employees to take steps to adopt and use SaaS securely. A product built for modern work, Nudge Security gives security teams immediate visibility of shadow IT and the controls they need to curb SaaS sprawl risks by working with employees, not against them.
It takes just a few minutes to set up and start discovering all of your cloud and SaaS assets, with zero network changes, endpoint agents, or browser extensions to deploy.
Keep reading to learn more about how the product works, OR cut to the chase and start a free trial now (to be honest, it’s pretty intuitive…).
First, we make the unknowns known.
You can’t secure what you can’t see. In our past experiences of building threat detection products, we weren’t satisfied with the status quo of SaaS discovery methods, which often require a heavy lift and leave blindspots, especially in modern, distributed organizations:
Network-based methods have low-fidelity visibility, with no historical context.
Endpoint-based methods assume that all work happens on managed devices, which the recent Uber breach proved untrue once again.
SaaS management tools require integration with a handful of known enterprise SaaS, which doesn’t actually help you discover or secure the longtail of unknown apps.
Finally, mining expense reports is a manual process with unactionable results and misses all the freemium SaaS.
Our goal is to eliminate such blindspots by providing continuous and historical SaaS asset discovery regardless of employees’ locations or devices. Our approach to discovery has zero reliance on network infrastructure, SaaS integrations, endpoint agents, or browser extensions. Instead, we use a simple one-time connection to Google Workspace or Microsoft 365. That’s it.
From there, Nudge Security can tell you within minutes what cloud and SaaS accounts have been created in your organization as well as first and privileged users, company domains and resources created within accounts, cloud infrastructure, and OAuth grants given to other third-party apps. Nudge Security can notify you as new SaaS assets are created along with other security-relevant events, such as password resets or disabling MFA, which can be early warning signs of an attacker taking over an account.
Next, we map your SaaS supply chain risk.
As employee-led IT adoption and low/no-code integration becomes more of the rule than the exception, SaaS complexity increases, making it harder to stay on top of an always-changing external attack surface and supply chain. Third-party risk assessments are often conducted at a point in time during procurement, which can quickly become outdated. Yet, a recent surge of SaaS supply chain attacks underscores just how critical it is to know the full extent of your SaaS risk posture at all times.
That’s why Nudge Security gathers insights about the security, risk, and compliance programs for every cloud and SaaS provider used in your organizations. This helps our customers to streamline SaaS vendor audits as new tools are introduced. In addition, we also provide insights into the SaaS providers that your SaaS providers use to run their services. With this information, you can determine quickly if your organization is in the potential blast radius of a third-, fourth- or fifth-party data breach.
Finally, we enlist your workforce to secure SaaS at scale.
Securing the modern attack surface is no longer something a small group of cybersecurity experts can do alone. The modern workforce is working from too many locations, on too many devices, across too many SaaS applications. In such highly distributed environments, it’s no longer feasible to separate the “good internet” from the “bad internet” and expect everyone to follow suit. There are 20,000+ SaaS companies on the market today, and the business can’t afford to wait for security to green light each one for use. Anyway, your employees will find creative workarounds to access the tools they need for work without delay.
The best way to tackle SaaS security at scale is by engaging your workforce in making better security decisions and taking simple steps to secure cloud and SaaS accounts as they introduce them. That’s exactly what security nudges are designed to do.
You can use use security nudges to automate outreach to employees for multiple use cases: ask them to clarify the use of a new SaaS app; instruct them to enable MFA; suggest an alternative application; verify that access is still needed; initiate an SSO enrollment process; remove or delete non-work-related accounts, and more.
Not only do security nudges reduce the burden on IT, security, compliance teams, but they also give your employees the opportunity to practice good security habits in practical, real-world scenarios—not just during hypothetical training sessions.
Ultimately, we want to make security folks’ lives a bit easier.
We’ve worked in the cybersecurity industry for a while now, and our industry experience has taught us that the last thing security practitioners need is another tool that just spits out a to-do list. The security talent shortage persists, and organizations are chronically stretched thin. For us, a first principle is to solve real problems for real people, real simply. While discovering shadow IT is key, it only solves half the problem.
That’s why we built and will continue to build playbooks in the platform that guide users through simple, step-by-step workflows for common SaaS security tasks. You can run playbooks on demand or set them up to run programmatically as new SaaS is introduced.
Want to find all of those rogue and forgotten AWS accounts and nudge your developers to enroll them into AWS Organizations? Do it in four clicks. Want to automatically kick off SSO enrollment anytime an employee introduces a SaaS app not already in Okta? Set it up and watch it work.
In addition to playbooks, we’ve built Nudge Security to an open platform. We’ve moved far beyond the vendor promise of “a single pane of glass to rule them all” to a modern approach that allows you to make Nudge Security part of your security mesh architecture.
Finally, we built Nudge Security to deliver immediate and obvious value. Setup takes a few minutes. Results start populating almost immediately. There are no sales hoops to jump through first. No credit cards up front. No “free pro services for the first three months of fine-tuning” nonsense.
Simply connect it, go make a sandwich, and then see what you’ve been missing.