A rapidly-growing startup with increasing security needs, Stravito is a cloud-first organization. This structure supports collaboration and productivity, but also creates challenges related to effectively tracking and managing the apps and services the company’s 100 employees use. Like many other modern, cloud-first organizations, Stravito needed to gain visibility into employee apps and accounts, enhance general cloud security measures, and create a repeatable process for ongoing compliance requirements. For these reasons, Stravito’s Head of Security Marcus Södervall was on the hunt for a solution to help mature the company’s SaaS security program.
When Marcus deployed Stravito’s trial of Nudge Security, his first order of business was to achieve full visibility of apps currently in use across the company. What he discovered came as a surprise, but was quite typical for new Nudge Security users.
“We had a spreadsheet of official apps and services, but that was about 70 or 80 apps,” he says. “I thought that we’d have 150-160 apps in total. Then we started using Nudge, and that was not the reality. I think we were at about 500 different apps.”
With that visibility, Marcus was able to start taking action. He configured automatic alerts to notify his team of certain activities, and he set up automatic nudges for newly introduced apps to get clarification of use. And he used Nudge Security to ensure that departing employees were offboarded securely and completely. “The offboarding playbook adds certainty to the offboarding process and I like that. It closes potential risks for us,” says Marcus. “It's especially easy to disable OAuth grants. Since we're using Google Workspace, that's just a click of a button.”
Overall, Marcus appreciates how well Nudge Security fits into Stravito’s broader security work. “Nudge Security fills a unique and valuable role within Stravito’s security program,” says Marcus. “It complements the rest of our security stack by giving us the visibility and automation we need to manage SaaS security at scale.”
Stravito has embraced Nudge Security’s “nudging” feature to realize true SaaS governance at scale. Marcus configured a standard nudge that’s triggered every time an employee creates a new account with a SaaS application to gather clarification of use. Not only does this provide helpful information to his team, but it also sends a friendly message to employees that their actions do have security implications, and prudence is important and appreciated. “It works quite well,” Marcus reports. “It's so easy when you get the Slack notification to just click an answer and then it's over and done. You don't need to think twice about it.”
Meanwhile, employees appreciate the engagement as well. “I’ve only had positive feedback about nudges,” says Marcus. “There’s no one that really dislikes them. Overall, most of them are just amazed about it.”
“The product itself is so easy to use.”
Though the team at Stravito did their best to maintain visibility and control over their SaaS estate, they were simply unable to keep up with their workforce’s pace of adoption. With Nudge Security, they were able to quickly identify opportunities to rationalize their team’s SaaS usage. By identifying and managing unused licenses, Marcus reported saving around 700 euros per year.
And, Marcus adds, “Nudge is a cost-effective way of approaching compliance.”
Stravito is ISO 27001 certified, which means that access reviews must be conducted regularly, with documentation created for auditors. Nudge Security’s IT compliance features, including a purpose-built playbook for automating access reviews, will vastly simplify this process moving forward.
“Nudge Security will for sure help us with our compliance,” says Marcus. “And it will also help us with our internal supply-chain reviews—our internal due diligence of tools that we are utilizing.”
Every time a new tool is adopted, Marcus and his team at Stravito aim to confirm that the application meets their security standards. That’s not easy when new tools are adopted on the fly—or when you don’t know which tools are in use.
With Nudge Security, Stravito can easily see the full inventory of apps in use, and even dig right into SaaS vendor security profiles for a complete picture of security details, SaaS supply chain data, breach histories, and more.
“It simplifies the onboarding process for new applications, because we don't need to start digging around,” says Marcus. “We just have it at hand in Nudge, and that's really nice.”
Before Nudge Security, Stravito approached employee offboarding like many other organizations: They cut off access to email, shut down known accounts, and reminded managers and admins to remove the departing employee from the apps they manage. Now, Stravito is able to use Nudge Security’s playbook for IT offboarding to ensure complete offboarding while automating 90% of the manual tasks associated.
“We’ve decreased our attack surface by gaining a better offboarding process,” says Marcus. “Now, we are able to offboard employees from a lot more applications than we were previously. That's a key step, that we don't have user accounts laying around just waiting for an attack. We're feeling more secure—we're feeling more safe.”
Meanwhile, Stravito’s employee onboarding process has improved as well, especially with the help of Nudge Security’s app directory. "The app directory simplifies our access management process in a way that's just amazing,” says Marcus. “It provides an easy overview for our employees, shows them what applications are approved, and makes it easy for them to request access.”
“Nudge Security is probably the best solution on the market I've seen for catching all the unknowns.”
