Goal

Available on Day 1

What’s next?

Reduce your SaaS attack surface and manage SaaS supply chain risks.

✅ SaaS attack surface mapping
✅ SaaS supply chain mapping for each app
✅ 3rd and 4th party SaaS supply chain breaches
✅ Dashboard showing
​AI use in your supply chain

• Familiarize yourself with your SaaS attack surface and the steps you can take to manage it. Learn more →
• Audit your cloud estate and enroll rogue AWS accounts in central governance. Learn more →
• Respond to breach alerts affecting third- and fourth-party apps in your supply chain.
• Opt in to receive weekly email summary and data breach notifications (Settings > Profile).
​

Monitor your SaaS security posture.

✅ Regular security posture checks for your IdP (Google Workspace or Microsoft 365)
✅ Remediation workflows for each security posture finding
​

• Regularly review and resolve SaaS security posture findings, including identity risks, misconfigurations, and integration risks. Learn more →
• Configure connected apps for additional security posture findings (Apps > Connected Apps).
​Learn more →
• Consider sending security posture findings to your SIEM or SOAR tool with Nudge Security’s API. Learn more →
• Consider using Tines to send security posture findings to Jira.
​Learn more →
• For a deeper dive into SSPM, watch the webcast on SaaS security posture management.

Manage app-to-app integration risks.

✅ Inventory of OAuth grants and other app-to-app integrations

• Review your app-to-app integration inventory, focusing on high OAuth risk scores and risk insights.
• Review app-to-app integrations associated with your connected apps. Learn more →
• Audit OAuth use and manage OAuth risks at scale by revoking risky or unused access. Learn more →
• Establish a process for investigating permissive or high-risk grants. Learn more →
• For more context, watch the webcast on deciphering OAuth risks.

Establish a process for onboarding new apps securely.

✅ Security profiles for each app in your inventory, pus thousands of additional SaaS vendors

Weave Nudge into your ongoing processes for evaluating new app vendors. For example:
• Create a rule to be alerted to new app signups (Notifications > Rules).
• Perform third-party vendor reviews with our security profiles. Learn more →
• Identify what types of data new apps will process by nudging technical owners. Learn more →
​
• Track legal and security review statuses by updating fields within Nudge Security, or sync them with an outside system automatically using our API.