The Problem
“We’re a 100% totally distant firm in a really closely regulated business. As a background test firm, we cope with numerous PII. So security is extraordinarily essential to us,” says Chris Tuley, IT Specialist at KarmaCheck.
To shore up security, Chris and his IT staff started conducting quarterly audits of all SaaS companies in a spreadsheet—a guide, tedious course of that took one to 2 weeks for 2 workers to finish. As they continued to uncover extra shadow SaaS, they realized the looming problem of managing this mission, particularly given the corporate’s speedy tempo of development.
“We’ve numerous delicate information coming out and in of numerous the SaaS apps we use,” Chris explains. “We need to make sure that we’re offboarding folks securely and capturing each app that they’ve entry to. That was our largest driver.”
The Resolution
Although KarmaCheck evaluated quite a few attainable options, Nudge Safety shortly emerged because the winner. Key options like ease of entry evaluations, offboarding automation, and spend administration resonated strongly with the staff.
Nudge’s platform found 10x extra apps than KarmaCheck was monitoring through their guide course of, giving them an correct, full SaaS stock on Day One.
“Nudge Safety’s SaaS discovery strategy is likely one of the issues that basically wowed us,” says Chris. “The opposite instruments we checked out labored through browser extension and IdP integration, however weren’t as full or instant of their discovery as Nudge. A few the distributors used API integrations, however they solely had a restricted library of apps that they monitor or assist. We weren’t actually bought on that. That was an enormous draw back for us.”
In comparison with options, Nudge Safety supplied each sooner time to worth and extra complete visibility of KarmaCheck’s SaaS property.
As Chris explains, “Different suppliers anticipated us to manually configure dozens of particular person app integrations earlier than we may begin seeing worth, which is a lot of guide work. Once I signed up for a trial with Nudge, we have been up and operating inside an hour simply by connecting to our IdP. We have been seeing insights instantly. Then we will go into these deeper integrations afterwards—which is superior and useful, however that gives an additional layer, not a place to begin. By beginning with discovery first, Nudge offers a holistic 360 strategy.”
Key Advantages
SaaS spend discount
Nudge Safety robotically discovers and inventories as much as two years of SaaS spend information from invoices present in e-mail, together with PDF attachments. KarmaCheck’s IT division shortly teamed up with colleagues in Finance to search for alternatives to handle SaaS spend by eliminating SaaS overlap and unused seats.
“First we discovered SaaS companies that had actually costly per-seat license prices,” Chris recounts. “Then we nudged the entire customers for these companies to ask, ‘are you continue to utilizing this?’ Doing that alone was massively insightful as a result of so many individuals do not even notice that they’ve accounts. Possibly they bought entry once they onboarded as a result of they thought it was required for his or her function and have by no means touched it. We freed up fairly a little bit of SaaS financial savings from that outreach. After which we additionally discovered some overlapping SaaS companies that we have been capable of deduplicate.”
KarmaCheck’s Finance groups have been thrilled with the outcomes, in addition to the product expertise general. When Chris first launched these groups to Nudge, he remembers, it made an instantaneous influence. “Seeing the spend dashboard inside Nudge Safety has been actually eye-opening for lots of people, particularly while you take a look at an estimated price per person breakdown and what your anticipated future spend is. When it is all specified by a really clear and concise method like this, with charts by class or division, it’s extra impactful than simply seeing receipts come by.”
From the IT aspect, Chris’s staff has seen its personal set of advantages. “We used to get extra ad-hoc questions on renewal will increase coming into IT. Previous to Nudge, as a SaaS service administrator, I must sign up to every app, see what number of lively customers we now have, at what tier, go take a look at the billing, see how they cost per person, after which I’ve to go take a look at the earlier invoice and break it down and work out what modified. Having spend, renewal dates, price per person, and bill particulars multi functional place in Nudge makes life a lot easier. We don’t get as many reactive requests now.”
Streamlined compliance audits
As a background test firm that processes PII, KarmaCheck is topic to stringent compliance requirements. To satisfy the necessities for these audits, the KarmaCheck IT staff must carry out quarterly person entry evaluations for functions that course of delicate information.
Earlier than discovering Nudge, performing SOC 2 entry evaluations for 40 in-scope apps required over 100 hours of guide effort every quarter. Now, the identical entry evaluations that when took two workers 1-2 weeks could be accomplished by one worker in simply 1-3 days utilizing Nudge’s automated capabilities—whereas auditing greater than double the variety of in-scope apps.
“Nudge makes these audits considerably simpler and saves us tons of time,” says Chris. “Now I am ending the quarterly audits in a single to a few days on my own, as a substitute of 1 to 2 weeks with a colleague. I don’t must spend hours chasing down solutions anymore as a result of Nudge provides me prompt visibility of all the pieces in the environment.”
The staff has even earned kudos from auditors.
Proactive IT administration
As an IT chief, Chris significantly appreciates Nudge Safety’s automated worker offboarding playbook, visibility of shadow SaaS accounts, and just-in-time nudge interventions.
“One of many largest advantages has been perception into what individuals are utilizing by OAuth or username and password signup. We’re then capable of attain out to them with Nudge to get clarification on the use or instantly shut down the accounts if essential. We even have auto-triggers that ship notifications to our customers when discovering new companies shifting ahead. These remind them of our insurance policies, ask them to submit a ticket for assessment, and many others.”
Most of all, although, he values the alternatives it surfaces for his staff to be proactive.
“Lots of people consider IT as firefighters: We go and put the fireplace out after which we’re performed. In actuality, you need to be proactive and remove as many issues as attainable beforehand so the fires do not occur as usually. Having a instrument like Nudge is foundational in that effort as a result of it catches so many points and helps remediate so lots of them previous to changing into an issue.”
One characteristic that significantly stands out got here as a shock to Chris.
“Each morning after I come into work, I test the app well being characteristic on the primary overview dashboard to see if any of the instruments in our stack are having outages or points. That is simply such a easy factor, however I’ve by no means had a instrument that has it multi functional place. It is so essential. I maintain that outage data behind my thoughts all through the day as I am answering assist desk tickets so I have already got context if somebody is having issues with a instrument.”
SaaS security posture administration
Chris additionally finds worth within the linked apps provided by Nudge which offer deeper insights into person roles, app configuration, integrations and different app-specific security particulars.
“The security posture findings name out essential threat elements, whether or not meaning a gaggle e-mail account signing up for companies or particular customers which have the very best threat accounts. Nudge helps present us the place to focus our remediation efforts.”
To date, Chris and his staff are utilizing linked apps to watch and proactively enhance the security posture of core enterprise apps like Slack, Notion, Zoom, and GitHub. Given the enterprise crucial data saved and shared through these functions, the security posture administration capabilities supplied by Nudge provides the KarmaCheck larger peace of thoughts understanding that they are staying on prime of security finest practices for these functions.
“These apps are our lifeblood. They’re how we talk, they’ve all types of information flowing by them, they’re filled with proprietary details about how we run our firm—all the pieces. Connecting them to Nudge provides that perception that we have issues configured appropriately, that there aren’t any gaps that we’re lacking so far as our customers.”
As Nudge continues to increase its library of linked apps, the KarmaCheck staff plans to take benefit. Chris says, “We’ll join any service that we use to Nudge for that further little bit of security to make it possible for we do not have something misconfigured. That is our enterprise information and it is also our clients’ information which might be housed in these instruments, so we’ll do all the pieces we presumably can to verify they’re as protected as attainable.”
Attack floor administration
For KarmaCheck’s security staff, Nudge Safety’s assault floor dashboard has supplied new frontier of visibility.
“Our security officer completely misplaced his thoughts over the assault floor part. He stated, ‘I’ve had this earlier than however I’ve had it unfold out over 12 completely different instruments. Having it multi functional pane of glass that I can see it and always monitor it, however then additionally seize it in order that I can then share it with auditors or inside stakeholders is a game-changer for me.’”
This degree of visibility permits for fast motion and remediation, without having to chase down extra particulars or context.
Third-party threat & AI governance
The security staff has additionally benefitted from the hundreds of security profiles Nudge provides to speed up vendor threat assessments.
Chris reviews, “Our security staff loves the options for reviewing risk vectors, breach information, and having the ability to get a single view of all out there security, certification, and app stack information when doing potential vendor evaluations.”
Specifically, Nudge has helped KarmaCheck’s security officer handle an inflow of security assessment requests ensuing from the push for companies to reap the benefits of new AI instruments and their potential productiveness advantages.
“With AI being all the fashion proper now, it looks like each staff desires to include AI one way or the other,” Chris explains. “Our security officer has been inundated with requests to assessment new AI instruments. Earlier than, he needed to search for each instrument’s compliance certifications and different security data manually. Now it’s all proper there in Nudge, which saves him a lot time. He can screenshot the security profile and add it to his file for reporting.”
In abstract
Total, Nudge Safety has been capable of complement KarmaCheck’s security ethos by offering unparalleled visibility whereas empowering KarmaCheck workers and making them a part of the answer.
“It isn’t about Massive Brother or something like that,” says Chris. “It is concerning the security and security of our folks—in order that our clients can have the security they deserve, in order that we will function confidently as an organization and empower our staff to do the most effective job. We’re not attempting to limit anybody from having enjoyable or being progressive. In extremely regulated industries, there are complicated legal guidelines and guidelines to guard person information. We have got to be as safe as attainable. Having a instrument like Nudge makes it a lot simpler to try this.”
