There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process.
But this trend has also increased the attack surface—and with it, the security and governance headaches that are still viewed as 100% the responsibility of IT and security teams. IT security leaders need scalable solutions for SaaS discovery and managing this ever-expanding attack surface.
At the same time, their finance counterparts are seeking to cut technology spend (rather than salaries or headcount)—especially the low-hanging fruit of underutilized or over-deployed SaaS licenses, which Gartner estimates to be about 25% of all SaaS subscriptions.
But, the key question is – where can you reduce your SaaS attack surface (and spend) without impacting productivity? That’s the crux of effective SaaS governance, and where Nudge Security is an indispensable tool.
As the old saying goes, you can’t secure what you can’t see, so the first step to manage SaaS security is to get a full inventory of what technology is actually being used, and by whom.
Nudge Security discovers and categorizes all SaaS apps ever introduced by anyone in the organization within minutes of starting a free trial. For each app discovered, you’ll see who the first user was, a list of all users, authentication methods and more, so you can easily (and quickly) understand how entrenched a particular app is, and if security best practices like MFA and SSO are in place.
It’s one thing to know that your organization uses three different project management suites, but before you can reduce SaaS sprawl by trimming apps or licenses, you need to understand who is using which platform and for what purpose.
Nudge Security makes this easy. For each app used in your organization, you can see a Venn diagram illustrating user overlap across similar apps, and you can click into the diagram to see the list of overlapping users across each combination of apps. The bigger the circle, the more accounts exist for that application. With this info, you can better understand which tools are heavily used and likely essential to productivity, and which would be candidates to be phased out.
Additionally, with Nudge Security, you can send prompts to users via Slack or email (called “nudges” of course) to ask if they are still using a particular app in order to understand which accounts are actually needed without circulating a bunch of spreadsheets.
In addition to app popularity with your workforce, the relative security of SaaS providers should be an important factor in determining where you can trim your SaaS estate. Nudge Security can also help here by providing a vendor security profile for every SaaS provider used in your org, as well as others you may want to research. This information makes it faster and easier to complete vendor risk assessments.
The vendor profile shows details on the provider’s security program, MFA methods, SSO availability, breach history, and more so you can compare similar vendors and ensure that the organization chooses providers that meet your security and compliance requirements.
Nudge security also makes it easy to add spend data for each app so you can gain an understanding of the relative cost of similar options and look for opportunities to reduce SaaS spend. While finance or procurements systems may have SaaS spend data, they lack the context on usage and security. Nudge Security brings together usage, spend and security data all in one place so you can assess and prioritize consolidation opportunities more easily.
Just like when you clean your closet, it can be hard to keep your SaaS estate tidy. With Nudge Security, you can publish a directory of approved apps to your workforce so they can easily find and request access to the tools they need.
Additionally, you can trigger alerts to notify you when new apps are introduced and automatically request details from the user to understand why the app is needed and how it will be used. When new apps are introduced, you can also nudge users to suggest a similar, approved app or provide justification for why they need to use a different application.
In many organizations, the approach to SaaS governance is silo’d, with finance reacting to one set of data, IT security looking at another, and everyone guessing about what’s actually being used the most. With Nudge security, you can ensure that risk, cost and productivity are all part of the equation when assessing and planning for technology consolidation.
Start a 14-day trial today at www.nudgesecurity.com/getting-started
