Since the dawn of man, security tools and technologies have always been perceived by the business as an obstacle. Instead of creating a more secure working environment, they often create frustration for most all users working within it. It goes without saying that every organization does what it can to be in the best position possible to mitigate the risk of a cyber breach or attack. But in doing so can create a tightrope walk of trying to move the business forward in a secure way. Walking that line is slow, and one slip could be detrimental to the business.
How do we solve for this? In today’s world where “identity” is the new perimeter, it's important to consider the business context model. Each identity carries different levels of risk. Users have access to multiple accounts, systems, and applications – which carry their own separate levels of risk. Understanding the identities that play a significant role in various business processes, as well as the relevant scope of the work involved as part of each role is required. Having the business context of every user is what helps bring you closer to enabling productivity in a secure way.
Software as a Service (SaaS) applications are one of the most commonly adopted solutions to drive business productivity. DoControl is focused on providing secure access to an organization’s most sensitive data and files throughout their SaaS estate. Business context is a bidirectional feed within the DoControl platform. We ingest the information from existing solutions such as identity providers (IdP) and HR applications (i.e. Bamboo HR and Workday). We then onboard critical apps and leverage the metadata as sources (via JSON), which is then queried and exposed for security teams to create secure data access control workflows.
Anytime a SaaS event is triggered, the corresponding workflow that’s been established initiates automatically (i.e. preventing encryption keys from being uploaded in a Slack channel, or blocking sensitive files from being accessible via a public link). So the business context for each identity and asset is a continual exchange both inbound and outbound. In turn this creates more effective data access control policies, as well as improving the return on investment for those existing solutions (i.e. IdP and HR apps).
Adopting the business context model enables security teams to assign the appropriate data access security policies based on risk. For example, it’s a normal business practice for the legal department to work with outside counsel, which might involve sharing data that contains sensitive information such as legal contracts. A product manager is far less likely to share any sensitive data externally, especially in the same cadence with external third parties when compared to the legal department.
So different policies should be applied to the different personas as dictated by the IdP, and the business context that is collected and tracked helps drive policies that create a secure and productive working environment. Overtime, the DoControl solution will intelligently recommend specific policies based on this context, enabling security teams to fine tune their workflows that make the most sense for the business.
As mentioned above, DoControl connects to HR applications to automatically sync groups, employees, and employee termination statuses. The business context here is leveraged to enrich DoControl's security workflows and similarly with the IdP example from above, the security workflows can be more accurately applied to the groups that pose differing levels of risks. A common use case that is adopted by the majority of our customers is employee departures.
Departing employees shouldn’t mean departing sensitive data and files. I think it's safe to say that at one point in time, everyone is guilty of taking files with them on their way out. In the event of an employment status change within the HR application, security teams can establish policy that automatically revokes access to highly sensitive applications and/or data, as well as prevent files from being distributed to personal email addresses.
Everything we’ve discussed thus far is completely automated. DoControl also provides self-service capabilities for security teams to take immediate (manual) action, again based on the business context that we expose. One example is within the DoControl console, we provide full visibility into every identity and asset, and track every interaction. Security teams can review the activity trail, and immediately change file ownership or file status (i.e. public to private).
Another example is leveraging a Slack Bot that reminds individual actors of external or public sharing events, so that they can make a judgment call and decide whether the sharing link is still relevant or not. From there, DoControl remediates on behalf of the end-user and the security team. The way we leverage the business context also provides operational efficiencies for the security team, this way they don’t have to get involved in every menial task such as following up with specific users to see if a project they’re working on with an outside consultancy still needs access to data. We can automate what needs to be automated, and provide the self-service capabilities to take immediate action.
By tapping into the metadata of business-critical SaaS applications, DoControl is able to identify important data context and then wrap secure data access policies around it, as well as take immediate action via self-service capabilities. This enables security teams to focus on the most critical issues related to SaaS data and file overexposure. Let us uncover your risk exposure by requesting a free assessment, if you’re not ready then take a look at our data report to benchmark your organization with the other modern businesses leveraging SaaS.