Because SaaS applications now make up the vast majority of technology used by employees in most organizations, identity governance tasks must occur across myriad individual SaaS apps. This presents a huge challenge for centralized IT teams who are held ultimately responsible for managing and securing access to apps, but who cannot become experts in the nuances of native security settings and access controls for hundreds ( or thousands) of apps. And, even if they could, the sheer volume of homework would easily bury them.
Modern IT teams need a way to orchestrate and govern SaaS identity governance by involving application owners within the enterprise who are most familiar with how the tool is used and who needs what type of access.
Nudge Security is a security and governance SaaS solution that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to find out how it works.
1. Discover all the SaaS apps used by everyone in your organization
As the old saying goes, you can’t protect what you can’t see, so the first step in SaaS identity governance is to get a complete inventory of what technology is actually being used and by whom.
Nudge Security detects and classifies every SaaS app ever introduced by anyone in your organization and provides a vendor security profile for each app to give IT and security teams the context they need to vet new SaaS vendors. And after reviewing an app, they can assign a status like “Approved,” “Acceptable,” or “Unacceptable” to indicate whether use should be allowed. For any app deemed “unacceptable,” you can trigger automatic reminders in response to new accounts to redirect the user to a similar approved app or ask for context as to why you need to use that particular app.
2. Share a directory of approved apps with employees
In an ideal world, IT teams want to empower employees to adopt technologies that will improve productivity and keep the company secure and compliant. Unfortunately, employees often have no way of knowing which tools fit the company’s requirements as well as their own.
Nudge Security makes it easy to create and share an app directory with employees, so everyone in your organization can see a complete list of approved applications that meet the appropriate security and compliance standards. Employees can review the list by category and submit access requests that are addressed directly to the technical owner of each application, whether or not that person resides within central IT. This eliminates the need for IT to act as an “event relay” between users and app owners, while maintaining centralized visibility and governance.
3. Keep app owners updated
Have you ever felt like you’re on the world’s worst scavenger hunt when tracking down the right people in your organization to get context about a SaaS application or user account? You are not alone. This knowledge is often isolated and changes frequently. Nudge Security uses various methods to infer the likely “technical contact” (such as the first user) for each SaaS application detected in your environment and gives you the ability to periodically automate reminders to confirm app ownership.
With this technical contact detection process, Nudge Security automates emails or Slack messages to suspected technical contacts with a simple reminder asking them to validate that they are the correct technical contact or to update this information. No more email strings and Slack threads to figure it out. With Nudge Security, you can automate the process of updating this information as administrative responsibilities change.
4. Automate user access reviews
For companies subject to a variety of compliance standards such as SOC 2, HIPAA, PCI DSS and others, it is typically necessary to conduct periodic reviews of user access to affected systems to ensure that only those who need access actually have access . And, anyone who has had the pleasure of conducting user access reviews knows that it usually involves an assortment of spreadsheets with inconsistent and incomplete information and a lot of manual effort to track down who is using what.
Instead of this spreadsheet puzzle, with Nudge Security you can automate the process. First, you can group in-scope resources together and automate reminders to app users to see if they still need access. Then, Nudge Security collects the responses for you and routes the consolidated list of accounts to remove to the app owners. Finally, it collects responses from app owners to confirm they completed the removals and documents all actions taken in a .pdf report that you can share with reviewers.
5. Identify and clean up unused accounts
Meeting compliance requirements is a good reason to regularly review who needs access to what, but cost savings is another. Gartner research shows that 25% of SaaS services are underutilized or overutilized. No matter what the size of your organization, costs can add up quickly.
Nudge Security monitors the health of cloud and SaaS accounts across your entire organization, so you can easily locate and delete inactive and abandoned SaaS accounts. Plus, you’ll have up-to-date information at your fingertips in some very nice graphs, so you can track SaaS account statuses right alongside SaaS adoption trends.
While you can always discover unused accounts one app at a time from each application’s overview page, Nudge Security’s playbook for removing unused accounts lets you control multiple applications at once to reduce SaaS spread at scale.
6. Ensure complete outboard
Here’s a dirty little secret: Most employees have signed up for apps outside the purview of IT or even their department managers. With Nudge Security you can see Everything is fine account never registered by anyone using an email address associated with your organization. This includes domain registrations, social media accounts, developer accounts, and other assets that are often overlooked. You can also see if those apps are connected to other apps via OAuth grants, so you can minimize the chance of something breaking when an employee leaves your organization.
And, even better, with Nudge Security you can automate key IT offboarding steps like account suspension, password resets, OAuth grant revocation, and more. And you’ll start with a complete inventory of every account ever created for the departing employee so you can ensure all access is revoked.
Try Nudge Security for free
Our mission at Nudge Security is to help IT and security professionals around the world regain control over SaaS security and governance, minimizing manual work for themselves and friction for end users. Start a 14-day free trial now to see what it can do for you.