In the fast-paced world of startups, ensuring robust security while scaling operations is a daunting challenge. Stravito, a cloud-first organisation experiencing rapid growth, found itself in this exact predicament. The company needed to secure its expanding array of software-as-a-service (SaaS) applications and maintain compliance with stringent security standards. Marcus Södervall, Stravito’s Head of Security, spearheaded the initiative to enhance the company’s SaaS security framework. With the deployment of Nudge Security, Stravito achieved remarkable progress, cutting costs and boosting employee engagement in the process.
Stravito’s initial challenge was common among rapidly growing startups: managing and securing a sprawling array of cloud-based applications. With around 100 employees, the company needed to keep track of various apps and services used across the organisation, a task that became increasingly complex as the company expanded. The need for visibility into employee apps and accounts, enhancing cloud security measures, and creating a repeatable compliance process were paramount.
Marcus Södervall was keenly aware of these challenges and began searching for a solution to mature Stravito’s SaaS security program. Upon deploying a trial of Nudge Security, Marcus’s primary goal was to achieve full visibility of the apps currently in use across the company. The results were startling. Stravito had a spreadsheet listing about 70 to 80 official apps and services. Marcus initially estimated that the total number of apps might be around 150 to 160. However, the reality was far different. The Nudge Security deployment revealed nearly 500 different apps in use, highlighting a significant gap in Stravito’s app management and security oversight.
Armed with this newfound visibility, Marcus and his team could take decisive action. They configured automatic alerts to notify the security team of specific activities and set up automatic nudges for newly introduced apps to clarify their use. One critical feature of Nudge Security that Marcus appreciated was the offboarding playbook. This tool ensured that departing employees were offboarded securely and completely, closing potential security risks. The ability to easily disable OAuth grants through Google Workspace was a particularly valuable feature, simplifying the offboarding process with just a click.
Nudge Security‘s integration into Stravito’s broader security program proved to be highly effective. The tool provided the visibility and automation needed to manage SaaS security at scale, complementing the rest of Stravito’s security stack. Marcus emphasised that Nudge Security filled a unique and valuable role within their security program, enabling effective SaaS governance across the organisation.
One of the immediate benefits of Nudge Security was the historical visibility it provided into Stravito’s entire SaaS footprint. This comprehensive view allowed the team to identify and manage unused licences, resulting in significant cost savings. Marcus reported saving around 700 to 800 euros annually from unnecessary SaaS licences, a substantial reduction in operational expenses.
Stravito also leveraged Nudge Security to streamline access reviews for compliance requirements. Being ISO 27001 certified, the company needed to conduct regular access reviews and document these processes for auditors. Nudge Security’s IT compliance features, including a purpose-built playbook for automating access reviews, simplified this process considerably. Marcus noted that Nudge Security would greatly assist with both compliance and internal supply-chain reviews, ensuring due diligence for the tools used within the organisation.
The onboarding process for new vendors also saw significant improvements. Before adopting Nudge Security, Marcus and his team faced challenges in confirming that new tools met Stravito’s security standards, especially when tools were adopted on the fly. With Nudge Security, they could easily access a full inventory of apps in use and delve into SaaS vendor security profiles, including security details, SaaS supply chain data, and breach histories. This transparency simplified the onboarding process for new applications, eliminating the need for extensive research and providing immediate access to crucial information.
In addition to these benefits, Nudge Security transformed Stravito’s approach to SaaS lifecycle management, from onboarding to offboarding employees. Previously, Stravito’s offboarding process involved cutting off email access, shutting down known accounts, and reminding managers and admins to remove the departing employee from the apps they managed. Now, with Nudge Security’s IT offboarding playbook, the process is much more thorough and automated. Marcus highlighted that this improved offboarding process significantly reduced their attack surface by ensuring complete removal of user accounts from a multitude of applications, enhancing overall security.
The employee onboarding process also saw improvements, particularly with the help of Nudge Security’s app directory. This feature simplified access management by providing an easy overview of approved applications and facilitating access requests. Marcus praised the app directory for its user-friendly interface, which made it easier for employees to understand the security implications of their actions and comply with the company’s security protocols.
Stravito’s success with Nudge Security is a testament to the tool’s effectiveness in managing SaaS security at scale. The company’s experience underscores the importance of visibility and automation in modern security programs. By gaining comprehensive insight into their SaaS ecosystem, Stravito was able to address previously unknown security gaps, streamline compliance processes, and reduce costs. The positive feedback from employees regarding the “nudges” further highlighted the tool’s ability to engage users in the security process, fostering a culture of security awareness within the organisation.
Looking ahead, Stravito’s experience with Nudge Security offers valuable lessons for other cloud-first organisations facing similar challenges. The need for comprehensive visibility into SaaS applications, effective offboarding processes, and streamlined compliance reviews are critical components of a robust security program. Nudge Security’s unique approach to SaaS governance, with its emphasis on visibility, automation, and user engagement, provides a model for other companies aiming to enhance their security posture while supporting rapid growth.
As Stravito continues to expand, the lessons learned from their journey with Nudge Security will undoubtedly inform their ongoing security strategy. The ability to adapt and scale security measures in tandem with business growth is essential in today’s fast-paced digital landscape. Stravito’s proactive approach to SaaS security, coupled with the innovative solutions provided by Nudge Security, sets a high standard for cloud-first organisations striving to maintain security and compliance in an ever-evolving threat landscape.
Click here, to know more about Ticketmaster data breach allegation: hackers claim exposure of 560 million user details and payment information.
