Back to the blog

🥳 Nudge Security turns one year old today 🥳

To celebrate the first anniversary of our initial product launch, we're reflecting on our journey so far and announcing a special offer for new customers who sign up before the end of 2023.

We’re not quite sure how an entire year has passed already since we first launched the world’s first human-centric SaaS security and governance platform, but here we are. As they say, time flies when you’re building a new model of IT governance for the cloud-native world.

To celebrate the occasion, we’re reflecting on our first year, full of big discoveries, new friends and customers, and exciting product developments. We’re also launching a promotional offer for new customers: purchase Nudge Security before the end of 2023, and we’ll give you one month for free. To get started, launch your free trial or book a call with us.

😎 The coolest features we launched this year

If you subscribe to our changelog, you know that we release product enhancements and new features on a near-weekly basis. Building upon our unrivaled approach to SaaS discovery and inventory, we rolled out dozens of dashboards, workflows, playbooks, and nudges this past year to help streamline and automate SaaS security and governance.

Here are a few of our favorites:

  1. Our employee offboarding playbook eliminates 90% of the time it normally takes to offboard cloud and SaaS access. Along with steps like revoking OAuth grants and highlighting critical resource handoffs, the playbook orchestrates outreach to application owners, so you can be confident that data is transferred and licenses are reclaimed properly without having to chase down the right people at 4pm on a Friday afternoon. The coolest part, however, is the ability to automate password resets for accounts not managed by SSO, an otherwise manual and tedious process.
  2. Save time, money, and sanity by cleaning up forgotten accounts with our **cost optimization playbook.** Organizations looking to shrink their SaaS attack surface and their SaaS expenses can use this handy playbook to remove unnecessary SaaS access and reclaim licenses for abandoned accounts.
  3. Embrace generative AI while mitigating risks with our ability to discover, classify, and alert you to new AI accounts. With our AI playbook, you can automatically nudge an employee whenever they start to experiment with ChatGPT or other AI tools, asking them to review and accept your AI acceptable use policy.
  4. Our attack surface dashboard summarizes high-priority areas of risk within your SaaS estate, giving you a single dashboard to monitor your attack surface as it evolves. It includes insights into your publicly exposed SaaS assets, access to your corporate social media accounts, 3rd- and 4th-party supply chain data breaches, and SaaS applications that handle sensitive data like source code, PII, and financial assets.
  5. OAuth risk scoring + automated revocation give you control of all SaaS-to-SaaS access going on in your organization. Our OAuth dashboards show you what type of access third-party applications have to your data and surfaces risky and overly permissive grants. With a simple click, you can nudge the person who granted the OAuth token to ask if it’s still required, and you can revoke access for Google and Microsoft OAuth grants directly in Nudge Security.

💡 Our biggest A-ha! moments this year

Through a thousand conversations with IT and security leaders over the past year, we have gotten quite a bit smarter about the problems organizations are facing and how Nudge Security can help solve them. Here are some of our biggest discoveries this year:

⏰ SaaS estates are growing by the minute.

That’s not hyperbole. Data from our install base shows that a new SaaS asset is added every 20 minutes in a mid-sized organization of 1000 employees. Each new asset represents a new identity, third-party integration, or location where your corporate data resides. At this pace, it’s no longer tenable to manage and secure SaaS estates with spreadsheets or tools that require deep API integration with every SaaS provider.

To underscore the size and scope of this challenge, to date, Nudge Security has discovered nearly 32,000 unique SaaS applications in our customers’ environments, including 150 unique AI applications.

🙅‍♀️ When you try to block SaaS access, people revolt.

This seems intuitive and obvious. Increasingly, people want and expect technology autonomy at work, and nearly half of digital workers are willing to change jobs to get it.

Yet, before Nudge Security became available, IT and security leaders were limited in how they could approach SaaS security and governance, often resorting to the crude tool of allow / block lists at the network level.

We published academically rigorous research done in consultation with leading psychology researchers at Duke University that underscores what IT and security leaders have known instinctively for years: when you try to block access to SaaS tools, 67% of workers said they would look for a workaround. These traditional approaches only push IT further into the shadows. In contrast, 79% of participants in our experiment said they would respond to a nudge.

This seminal research, corroborated by similar research from Gartner, has guided our human-centered security design, helping our customers to move beyond “lock and block” approaches that stand in the way of enabling business growth.

Read the full research report here →

Finance and procurement teams ❤️ Nudge Security.

I’ll be honest, this one surprised us. We are a security company with strong security DNA across every area of our business. Yet, in the year of “efficient growth,” many of our customers have told us that Nudge Security is helping them to manage cloud spending, identify redundant and unnecessary SaaS applications that can be rationalized out of their estates, and find multiple tenants of SaaS applications to be consolidated into an enterprise license with more favorable contract terms. Our customers have even introduced the product to their colleagues in legal and finance to help support their use cases as well.

This groundswell of feedback led us to pursue new features, including our cost optimization playbook, which helps our customers to identify and remove abandoned and inactive SaaS accounts, helping to shrink the attack surface and SaaS spending.

Read more on 5 ways Nudge Security saves you money →

🤗 Our favorite customers

Customers are like children: even if you do have a favorite one, you should never admit it. 😉

Seriously though, we’ve been extremely fortunate to work with some of the most forward-thinking IT and security leaders this year as early customers and design partners.

Our customers share our desire for promoting transparency and trust in organizational security, like Jesse Kriss at Watershed, who told us: “It's important for me that the security team is not ‘the scary people who have all the information and who knows what they're even doing?’ Tools like Nudge Security that are designed to actually be transparent about what is being collected are really helpful. To me, that is a big piece of building and maintaining trust internally with the security team.”

Read the full case study on how Watershed uses Nudge Security for SaaS attack surface management →

Our customers also recognize the value of our approach in enabling, not constraining business growth, as A.J. Beard at Unify Consulting put it: “Nudge Security strikes the right balance and helps modern organizations like ours manage the tide of SaaS sprawl without constraining employees’ abilities to move the business forward.”

Read more testimonials and customer reviews →

🎂 Time to blow out this candle

The days may be long in the life of a startup, but the years are short. It’s been quite a special whirlwind for our team at Nudge Security, and we’d like to send out a BIG thank you to everyone who has been part of our first momentous year. Here’s to all that lies ahead!

Related posts

Report

Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors