Nudge Security unveils SSPM capabilities to strengthen SaaS security
Nudge Security unveiled new SSPM (SaaS security posture management) capabilities for its SaaS security and governance platform. This enhancement creates the industry’s most comprehensive solution of its kind, combining SaaS discovery, security posture management, spend management, third-party risk, and identity governance in a single, self-service offering that deploys in minutes.
As digital identities become prime targets for cyber threats, organizations are prioritizing efforts to strengthen and monitor identity infrastructure. Nudge Security’s SSPM capabilities enable IT and security teams to quickly identify and address identity risks and misconfigurations in their Google Workspace and Microsoft 365 environments, as part of the platform’s comprehensive SaaS security and governance capabilities.
“SSPM is crucial for any organization’s SaaS security strategy, but it’s only one piece of the puzzle,” said Russell Spitler, CEO of Nudge Security. “While most SSPM solution providers begin and end with API integrations into a handful of known SaaS applications, Nudge Security tackles the broader SaaS security problem. We begin by discovering an organization’s entire SaaS ecosystem—applications, identities, and integrations—on Day One, and then provide critical risk insights and automation workflows that enable our customers to prioritize, plan, and execute their SaaS security and governance program end to end.”
Nudge Security’s new SSPM capabilities continually monitor technical controls for Google Workspace and Microsoft 365 against a set of common misconfigurations and security risks included in CIS security benchmarks, enabling customers to:
- Surface identity risks like delegated email access, inactive privileged accounts, email forwarding outside of the organization, and other evidence of excessive or insecure access.
- Detect SaaS-to-SaaS integration risks, including unused OAuth grants with privileged access, active integrations associated with inactive users, and unapproved grants with risky scopes.
- Address critical misconfigurations such as high-risk or unrestricted groups, missing SSO or MFA, suspicious email audit rules, and domains without full DMARC configuration and enforcement.
- Prioritize findings based on risk severity
- Resolve issues efficiently with nudge workflows that guide the right stakeholders through remediation tasks.