A fundamental aspect of complying with standards, such as ISO27001 and SOC 2, is to provide an overview of applications utilized within the organization and user permissions. gridX’s Security Team Lead, Alei Salem, had started working on that overview in typical bootstrap fashion: by compiling a massive spreadsheet. He wasn’t very far into this exercise when he realized it simply wouldn’t work. Not only would the spreadsheet simply be too massive to manage with a rapidly growing number of staff, but it would also require constant care and feeding (and relentless chasing of app admins) to keep it even close to accurate. Modern work moves fast, and a spreadsheet simply can’t keep up. He knew he needed a less manual, more scalable approach.
When Alei joined gridX as a Team Lead in Security, one of the highest priorities was to figure out what SaaS tools were already in use at the company. He needed to fully understand the organization’s external attack surface, including the full extent of its SaaS footprint. That level of understanding, of course, begins with visibility.
Nudge Security was an easy decision for gridX, first and foremost, because its patented approach to full SaaS discovery immediately solved their most pressing challenge. But what made it a no-brainer was the product’s reasonable and transparent pricing, plus a particularly supportive customer onboarding experience. “The willingness to listen to any sort of feature requests during the trial period was really impressive,” remembers Alei. “There are a lot of platforms where they just give you access and that's it.”
Within minutes of deployment, Nudge Security was able to discover gridX’s entire SaaS attack surface: managed and unmanaged accounts, users, OAuth connections, resources, and more. Alei and his team were finally able to get the full picture of who has access to what, and how. Which accounts were accessed by SSO and which had MFA enabled were no longer burning questions, but easy answers.
“Nudge Security gives us visibility of our attack surface and alerts us when an app we’re using has been breached,” says Alei. “We’re able to investigate what happened and who’s using it, whether that’s the CTO or an intern, and so on. Getting that information in a timely manner can definitely help us reduce that blast radius as much as we can.”
gridX employees are also now able to maintain their own pace of work by consulting the organization’s app directory in their own Nudge Security dashboard for a full inventory of the company’s approved and acceptable apps, as well as those in review. This allows new employees to get up to speed even quicker, while empowering existing employees to answer their own questions immediately.
Beyond access requests for approved applications, Alei has seen employees reduce their usage of personal and inessential accounts at work since implementing Nudge Security. “After introducing Nudge Security’s app directory and giving more context on what apps are approved and what are not, users started already adjusting their access and deleting unnecessary accounts.”
“It all starts with just switching on the lights, so to speak. Where are you exactly? Nudge Security is definitely one of the tools that helped us do that.”
With compliance certifications like ISO 27001 and SOC 2 looming, Alei and his team can now ditch the spreadsheet of user access and permissions in favor of a real-time source of truth. Because Nudge Security discovers and categorizes cloud and SaaS assets in scope of SOC 2 and orchestrates access reviews across SaaS owners, preparing for a SOC 2 compliance audit is as simple as running a purpose-built SOC 2 access review playbook.
Meanwhile, when Alei is notified of new applications introduced, he can quickly conduct just-in-time vendor assessments, with details like data locality, legal jurisdiction, certifications, breach history, and more available right in his Nudge Security dashboard.
Offboarding departing employees isn’t a task anyone looks forward to—especially when each employee manages their own mysterious constellation of apps, accounts, workspaces, and OAuth grants. Hunting it all down can feel like the world’s worst scavenger hunt. But now, when employees depart or change roles at gridX, the IT team can ensure the process is efficient and complete with Nudge Security’s employee offboarding playbook.
Again, the massive spreadsheet has been replaced by a real-time source of truth, and the gridX team can offboard employees with ease—and confidence that nothing has been overlooked.
As Alei explains, “Nudge Security’s automated offboarding playbook is pretty important and interesting for our IT team. Now we can make sure we offboard employees thoroughly without taking time away from other priorities.”
“Nudge Security has been a massive upgrade. It’s a great spreadsheet killer.”