IT Governance | Breaking Cybersecurity News | The Hacker News

There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it's incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface—and with it, the security and governance headaches that are still viewed as 100% the responsibility of IT and security teams. IT security leaders need scalable solutions for SaaS discovery and managing this ever-expanding attack surface. At the same time, their finance counterparts are seeking to cut technology spend (rather than salaries or headcount)—especially the low-hanging fruit of underutilized or over-deployed SaaS licenses, which Gartner estimates to be about  25% of all SaaS subscriptions . But, the key question is - where can you reduce your SaaS attack surface (and spend) without impactin

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials. Given this reality, IT security leaders need practical and effective  SaaS security solutions  designed to discover and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowing the full scope of SaaS apps in use is the foundation of a modern IT governance program. Without an understanding of your entire SaaS footprint, you cannot say with confidence where your corporate IP is stored (Did someone sync their desktop to Dropbox?), you cannot make assumptions about your customer data (Did s

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.