min read
Apr 2, 2021

Automated Data Access Control for SaaS Application Security at Scale

The rise of software-as-a-service (SaaS) applications has been a boom to companies small and large. Gartner notes that spending on SaaS solutions is projected to rise from just over $100 billion in 2019 to more than $138 billion by 2022. SaaS pay-as-you-grow pricing models have allowed enterprises to flex as needed and pivot quickly to meet new business demands without making large capital investments. This may involve scaling rapidly, tapping third-party service providers, distributing workflows across geographic regions, enabling bring-your-own-device (BYOD) policies, or any combination of these and other familiar operational strategies.

The challenging part of all this SaaS agility falls on the chief information security officer (CISO)/security team and/or the chief technology officer/IT team tasked with protecting the company’s networks and assets from security breaches. To them, the flexibility of SaaS is a whole lot of unmanageable access that leaves many open doors to data exfiltration. Storing data in SaaS applications means you’re storing data outside of your organization’s perimeter, leaving protection of the data entirely dependent on the security measures the SaaS providers has implemented. For the SaaS customer, that’s a boatload of risk.

Many companies use identity providers like Okta to create users and permissions. Then they rely on VPN or more modern zero trust solutions to secure remote connections. After that, the employee is in and has access to the library of SaaS apps included in the specific security policy that has been assigned to the given worker. 

Here’s where the security challenges start to branch out. Workers with access share extensively, both externally and publicly, to drive business enablement with external partners. They may also share with their own private accounts. External collaborators may do that, as well. Over time, vendor contracts expire and employees leave the company… but does their access to corporate systems stop? Maybe. Maybe not. 

Weighing Business Enablement Against Corporate Security 

In the typical company, getting a handle on unmanaged access leads CISOs and IT organizations to pit security against worker productivity. To protect corporate assets, leadership may choose unpalatable endpoint hardening solutions that severely limit end-user freedom to access applications and data, frustrating workers who rely on a broad range of applications in order to fulfill their job responsibilities. Endpoint hardening can even be configured to prohibit all external sharing, which significantly harms business enablement and adds a ton of friction for end users who simply want to do their job and get things done.

To favor business enablement, liberal security policies make it extremely difficult and labor-consuming to track who has access to what, especially for companies trying to do it manually. Reviewing permissions with spreadsheets every month, writing scripts to check for outdated permissions, tracking which employees have left the company are time-intensive activities that require constant attention, and, most concerning, distract the team managing corporate security from addressing immediate threats across other security verticals (endpoint, infrastructure, mobile, corporate, etc.). Add in managing access for vendors who are no longer under contract and monitoring employees granting access to corporate assets from their personal accounts, and security teams are in an untenable position.

The New Balance: Automated Data Access Controls

Fortunately, DoControl has the answer. DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation. We take a unique, customer-focused approach to the challenge of labor-intensive security risk management and data exfiltration prevention in popular SaaS applications. 

By replacing manual work with automation, DoControl reduces the overload of work and complexity that Security and IT teams have to deal with every day. What’s more, DoControl involves all employees as part of the security equation to drive business enablement and encourage a collaborative and frictionless security culture.

Three main components comprise the DoControl solution:

  • SaaS asset management: Map SaaS users, external collaborators, third-party applications, and assets (documents, files, repositories, etc.) and consolidate all into a unified inventory that is always up to date.
  • Automated, no-code security workflows: Create powerful and automated workflows to enforce security policies consistently across SaaS applications that in most cases don’t offer such features even on enterprise plans.
  • Self-service remediation path for end-users: Never reach out to end-users directly ever again. DoBot (DoControl Slack/Teams Bot) will reach out to employees to resolve common, daily SaaS security issues, such as public sharing, external sharing with private accounts, mass sharing, and more.

Visibility and automation are the keys to managing your company’s SaaS applications data access. Face it -- your company needs its SaaS applications. There’s no way around them. If you’re going to have a lot of data residing outside of your security perimeter, you need a partner dedicated to reducing that risk and making it operationally feasible. DoControl covers your SaaS.


Adam Gavish is the Co-Founder and Chief Executive Officer of DoControl. Adam brings 15  years of experience in product management, software engineering, and network security. Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy of Security & Privacy products serving Fortune 500 customers. Before Google, Adam was a Senior Technical Product Manager at Amazon, where he launched customer-obsessed products improving the payment experience for 300M customers globally. Before Amazon, Adam was a Software Engineer in two successfully acquired startups, eXelate for $200M and Skyfence for $60M.

Adam is a lifetime information geek, breaking down business and technical problems into components to generate long-term learning. He loves running outdoors, playing with LEGOs with his son, and watching a good movie with his wife.

Adam holds a B.S. in Computer Science from the Academic College of Tel-Aviv Yafo and an MBA from the Johnson Graduate School of Management at Cornell University.

Get updates to your inbox

Our latest tips, insights, and news