Why finance and procurement teams love Nudge Security

Nudge Security is a win-win for organizations seeking to consolidate cloud and SaaS technology stacks to reduce risk AND save costs.

At a time when economic conditions call for “efficient growth,” IT security leaders are facing extra scrutiny over security budgets (as if it wasn’t already difficult enough). This is especially true when it comes to new investments in emerging security technologies. According to Scale Venture Partners, security budgets for emerging security solutions grew less in 2023 (18% increase) as compared to 2022 (27% increase).

Despite this, IT security teams are contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged, as well as the growing risk of identity-based threats. According to a recent report from CrowdStrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials.

Asked to do more with less, IT security leaders need efficient solutions for discovering and managing this emerging SaaS attack surface. At the same time, their finance and IT operations counterparts are seeking to cut technology spend (rather than salaries or headcount)—especially the low-hanging fruit of underutilized or over-deployed SaaS licenses, which Gartner estimates to be about 25% of all SaaS subscriptions.

This challenge presents the rare opportunity for IT security leaders to present their colleagues with the ultimate twofer solution in Nudge Security. Our SaaS security platform’s ability to discover all shadow cloud and SaaS use not only helps to surface risks and compliance issues, but our customers tell us that it also supports their efforts to consolidate SaaS portfolios and reduce costs. This makes Nudge Security a potentially cost-neutral or even cost-positive security solution.

Here are some ways in which IT security leaders can position the value of Nudge Security for their finance, operations, and procurement teams in order to expedite approval processes while flexing some business acumen.

First, let’s talk bottom line.

Justifying the investment in any new security solution can be a complex exercise full of nuance and rabbit holes of risk quantification. (Personally, it’s one of the reasons I loathe marketing ROI calculators.) Still, finance folks like hard numbers. So, let’s start with some simple back-of-the-napkin math. Obviously, YMMV.

Using reference data from Gartner, the average organization spends $1,169 per employee annually on SaaS subscriptions (login required.) As mentioned above, Gartner estimates that 25% of all SaaS licenses are underutilized or over-deployed. The math here is pretty simple. Reducing wasted SaaS spend would save roughly $292 per employee annually. The cost of Nudge Security per employee is between $36 and $54 annually, which would yield a conservative 5.4x ROI.

(Ready to get started? Learn how to identify inactive and abandoned SaaS accounts with Nudge Security. →)

Rudimentary? Sure. But, even without factoring in potential cost savings related to risk reduction or the value of time saved through efficient and automated IT and compliance processes, you can see how Nudge Security has the potential to pay for itself and then some.

For a deeper dive, check out our blog post: “5 ways Nudge Security saves you money

Note: At the time of writing, Nudge Security is priced at $3 per mailbox. A general rule of thumb is to estimate 1.5 mailboxes per employee, which may vary depending on your organization’s use of shared mailboxes.

Look beyond the expense reports.

By now, many organizations have cobbled together a method (or multiple methods) for finding and managing their growing estates of cloud and SaaS assets, whether that’s mining expense reports at the end of the month, scouring DNS records, or circulating a spreadsheet asking developers to add any new AWS accounts they’ve spun up recently. Some organizations have gone a step further to automate these tasks with purpose-built tools. IT may have invested in an IT help desk or ticketing system to capture new SaaS access requests. Finance and procurement may have purchased one of those fancy SaaS contract management tools. GRC has its own tools for scoping cloud and SaaS assets and conducting access reviews, while the security team continues to “fine-tune” that expensive CASB they bought years ago.

And yet, rarely do we encounter an organization that has a complete, single source of truth for all cloud and SaaS assets across the organization: paid and freemium, sanctioned and unsanctioned, on network and off network, and with deep visibility into application business owners, SaaS usage, adoption trends, and risk insights. (There’s something deeply ironic about a sprawl of SaaS tools used in silos to address SaaS sprawl.)

IT security teams turn to Nudge Security for our patented approach to cloud and SaaS discovery. And for certain, we built Nudge Security with a security-first mindset. (It’s in our DNA.) But, what we’ve learned by engaging with our customers’ finance, procurement, and operations teams is that Nudge Security is also helping them to see around blind spots in their programs and toolsets.

For example, a SaaS spend management platform that connects to an expense management system can spit out dollar signs on what you’re currently spending on SaaS licenses. But, it likely can’t see the free trials and freemium tools that are spreading like wildfire across your organization, embedding themselves into critical business processes, and blindsiding you when the enterprise sales representative comes knocking.

I won’t claim that Nudge Security is the “one SaaS platform to rule them all” (someday, maybe), but we do help our customers make a compelling case for SaaS management platform consolidation (or optimization) with our unrivaled approach to SaaS discovery and alignment to modern business-led and employee-led SaaS adoption trends.

Do more with less (stress).

Every technology investment consideration raises questions about the time and resources required to deploy, administer, and manage it. Administrative overhead can stall investments, especially in new, emerging technologies. Even worse, technology investments made without sufficient administrative and operational resources often end up as shelf-ware.

IT and security leaders increasingly measure the success of their programs on the basis of increased efficiency and resource optimization, so any new technology investment should reduce manual and administrative work, not add to it. This is especially important for already over-extended IT and security teams, for whom the phrases “do more with less” and “year of efficiency” can invoke a certain rectal-clenching anxiety. These functions have notoriously high burnout rates—and they’re also notoriously difficult and expensive to recruit and hire.

This is where Nudge Security really shines. The platform radically reduces the time spent on finding, securing, and managing cloud and SaaS applications. For example, it eliminates 90% of manual IT effort in employee offboarding. Deployment takes just a few minutes and gives IT security teams a full inventory of cloud and SaaS assets (historical, current, and continuous) starting on Day One without any fine tuning, agent installations, or network configuration changes required.

Nudge Security is designed to align to the current realities of highly decentralized, business-led and employee-led SaaS adoption. It gives governance teams across IT, security, compliance, finance, operations, and procurement centralized and collaborative oversight of the organization’s modern digital assets while also orchestrating and automating a distributed administrative workload across application business owners, business technologists, and other non-IT “citizen admins.” This truly enables small technology governance teams to do more with less.

Ready to start reducing SaaS risk and costs? Get started with Nudge Security with 14-day, zero commitment free trial.

Related posts

Report

Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors