Perspectives

The 2024 AI adoption curve and what it means for your business

What does the rapid pace of AI adoption mean for cybersecurity leaders as they grapple with AI security and governance?

7 Gartner reads on SaaS security & governance

Learn how top analysts are viewing the emerging SaaS security and governance space.

The three-body problem of SaaS security

Why the classic physics challenge might feel familiar to those operating within the “shared security model” for SaaS applications.

The hidden dangers of ChatGPT’s integrations with Google Drive and Microsoft OneDrive

While the convenience of integration can boost productivity, the cybersecurity risks can be significant.

SaaS adoption and the rise of non-human identities

Non-human identities have increased our attack surface—and with it, the management headache that defines the modern stack of business technology.

It’s time for a new SaaS shared responsibility model

With the rise in threat campaigns targeting SaaS instances, we need a shared responsibility model that includes employees as well as IT security teams.

Why a threat campaign targeting Snowflake customers isn’t exactly a special snowflake

An active threat campaign targeting Snowflake customers underscores an all-too-common attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.

Your OAuth risk investigation checklist

Four key areas to consider when you’re investigating an OAuth grant, and how Nudge Security can help.

How SaaS discovery is useful in a merger or acquisition

Five ways Nudge Security's patented SaaS discovery can help you gain the visibility you need, secure your newly expanded SaaS estate, and plan for the future.

Views from the top: CISO perspectives on the state of SaaS security

A look back at the highlights, themes, and insights from Nudge Security’s “Overshadowed” interview series.

Shifting the security paradigm: embracing the identity edge

A conversation about data and identity with Steve Zalewski, former CISO of Levi Strauss and a seasoned security advisor.

New job? 5 ways Nudge Security helps you build a foundation for success

A guide to winning friends and influence during your first 90 days in an InfoSec leadership role

This Google OAuth vulnerability allows former employees to retain SaaS access. Here’s what you need to know.

A newly disclosed Google OAuth vulnerability allows former employees to retain access to corporate resources like Slack and Zoom, even after suspending their corporate Google accounts. Here’s what it means for your SaaS security posture and how Nudge Security can help.

Predictions for SaaS security trends in 2024

While 2024 will undoubtedly throw some curveballs, one sure bet is that modern work will continue to happen across cloud and SaaS applications.

The risks and challenges of managing OAuth grants at scale

Managing a sprawling web of OAuth grants is an unmanaged risk most organizations are just beginning to understand. Here’s how we can help.

"Cybersecurity Awareness" doesn't cut it; it's time to focus on behavior

Instead of harping on awareness, it's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.

The dark side of SaaS GTM

How dark patterns in the go-to-market strategies of B2B SaaS companies are designed to work against IT and security—and what you can do about it.

OAuth grants: The hanging chads of suspended Google Workspace users

When offboarding users, don't let their their lingering OAuth grants don’t come back to haunt you.

What do you actually know about your sensitive data?

Why modern data governance requires a full inventory of SaaS apps and accounts in use at your organization.

Overshadowed Episode 6: Considering the human element in security

Nudge Security CEO Russ Spitler welcomes Ira Winkler, CISO of CYE Security, to discuss principles for designing a security program that engages employees.

Generative AI magnifies a crisis in enterprise IT & security

Why IT and security leaders need a new approach to securing and governing access to new cloud-delivered technologies.

Overshadowed Episode 5: Managing risk vs. friction in IT security

Nudge Security CEO Russ Spitler welcomes Malcolm Harkins to discuss the balance of risk vs. friction that must be considered when designing a security program.

How to investigate an OAuth grant for suspicious activity or overly permissive scopes

Learn best practices for assessing OAuth risks in your organization.

Overshadowed Episode 4: How Incident Response has changed in a SaaS-first world

Nudge Security CEO Russ Spitler welcomes Tony Simone to discuss how Incident Response has changed with widespread SaaS adoption and SaaS-to-SaaS integrations.

The dirty truth about offboarding automation

Thus far, IT automation has failed to address the hardest parts of employee offboarding. Here’s what IT and operations professionals need to know.

Overshadowed Episode 3: Navigating the challenges of SaaS sprawl

Nudge Security CEO Russ Spitler welcomes Kunal Anand to discuss the challenges IT and security practitioners face trying to secure their SaaS ecosystem.

Overshadowed Episode 2: The security risk that should be avoidable

Nudge Security CEO Russ Spitler welcomes Dave Anderson to discuss how IT offboarding has changed with the explosion of SaaS and cloud applications.

Avoid these 5 IT offboarding pitfalls for a smooth transition

In the age of SaaS, the old IT offboarding playbook of “disable AD account, forward email, recover and wipe device, and call it a day” is no longer enough.

How SaaS sprawl extends vulnerability management

The new management problem organizations must solve is safeguarding the modern mesh of SaaS and cloud accounts.

Your IT offboarding checklist for a SaaS-first world

Eight steps to ensure complete employee offboarding for SaaS and cloud accounts, including the OAuth grants, resources, and passwords you’re most likely forgetting.

Common misconceptions around single sign-on (SSO)

While SSO helps to streamline employee onboarding and offboarding efforts, it’s only one piece of the SaaS identity and access puzzle.

Masterminds & qubits: the future unfolds at RSA 2023

This year's RSA conference focused on new strategies, technologies, and collaborations to strengthen cybersecurity and protect orgs and individuals alike.

Overshadowed Episode 1: Rethinking the modern attack surface

Nudge Security CEO Russ Spitler welcomes Ed Amoroso to discuss how the modern attack surface has changed with the explosion of SaaS adoption.

The security risks of using groups for shared access to cloud and SaaS accounts

Why groups aren't the best option for shared SaaS access, and how Nudge Security helps you monitor your organization's groups and their privacy settings.

How much are rogue AWS accounts costing your organization?

Between wasted AWS credits, unexpected bills, and abuse, the potential cost of unmonitored AWS accounts can add up quickly.

Are the security risks of AI productivity tools worth the reward?

While AI tools like ChatGPT can be a boon for productivity, they also raise security and privacy concerns. What can IT and security teams do to minimize the risks?

Have we taken zero trust too far?

Why applying the concepts of zero trust broadly to employees is a dangerous mistake for cybersecurity programs.

The dangers of rogue AWS accounts

How can you effectively secure your company’s cloud accounts when you don’t know that they exist?

An action plan for improving workforce security decisions

Enterprise teams would be wise to begin implementing an action plan that will help guide employees toward making better cybersecurity decisions in their day-to-day work.

Does blocking access force SaaS into the shadows?

While blocking may make you feel more secure, the truth is that it’s likely incentivizing more risky behaviors.

The impact of user decisions on SaaS supply chain risk

When poor cybersecurity decisions are made by employees, the negative impact on the enterprise supply chain can be significant.

What is the impact of employee decisions on cyber risk?

With more access to technology and systems than ever before, it has become essential that employees make informed cybersecurity decisions.

Where does shadow IT come from?

Shadow IT is no longer a problem to solve—it’s a reality of modern work that must be accepted and redirected.

The challenge of SOC 2 certification in a remote world

A perfect storm of SaaS sprawl, shadow IT, and remote teams makes SOC 2 certification a particularly daunting task.

Why network monitoring can’t effectively detect SaaS sprawl

In a world of distributed teams, the tools of the past simply can’t find shadow IT.

Can technology be used to guide security decisions?

How advanced technology-based solutions can offer a practical solution to the challenge of optimizing security decision-making by employees.

Why mining expense reports won’t find Shadow IT

In a world of remote teams and freemium offers, the tools of the past can’t curb SaaS sprawl.

The one thing Nudge Security doesn’t do

Our product uses a powerful SaaS discovery method—but there’s one type of account it can’t find.

2022 year in review at Nudge Security

That’s a wrap on Year One at Nudge Security. Here’s a look back at the highlights of our first year.

The best solution for discovering SaaS sprawl

Network monitoring and expense report analysis simply don’t work. The perfect side-channel attack on Shadow IT? Your inbox.

To curb SaaS sprawl, CISOs should think like entrepreneurs

CISOs used to be advised to “think like a hacker.” Now, facing mounting risks associated with SaaS sprawl and shadow IT, CISOs must learn to think like SaaS entrepreneurs.

How does user discretion influence security?

Understanding how employee decisions affect cybersecurity posture is a critical first step in establishing a technology-based program that guides them toward making better choices.

Dynamic vendor assessments for a dynamic world

Our guide to adjusting vendor security assessments to match the pace and complexity of modern work.

Why the SSO tax needs to go

Single sign-on is a qualifying condition for any modern product—not a premium feature that warrants a price bump.

Staring at the car wreck of SBOM

For a clear picture of supply chain risk, the real bill of materials we need is the cumulative set of integrated software, SaaS, PaaS, and IaaS.

Does privacy put you to sleep? You’re not alone!

Conversations about privacy are complex, but they’re essential for creating safety, equity, and understanding.

Castra Q&A: SaaS threat detection and response

An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.

Signaling the rise of SaaS supply chain attacks

Recent data breaches at Signal, Twilio, MailChimp, and others underscore the imperative of securing the SaaS supply chain.

How can CISOs improve the employee experience?

As workers prioritize flexible work and learning opportunities, organizational leaders must focus on creating a positive employee experience.

What to do about the impending shadow supply chain

When data breaches make headlines, it’s often difficult to know whether or not your organization sits in the blast radius.