Harnessing SaaS Data to Automatically Mitigate Security Risks
DoControl

Harnessing SaaS Data to Automatically Mitigate Security Risks

DoControl is excited to release the NEW Security Workflows, providing IT and security teams with the ability to create SaaS data access control workflows based on conditional logic, within a no-code policy enforcement platform.

SaaS applications are pervasive across organizations of all sizes and types, throughout all industry verticals. As SaaS application adoption and utilization increases, so does the risk of cyber attacks, data exfiltration, and overexposure to critical business data. 


Today, the vast majority of organizations have many various security tools and technologies stitched together to establish a layered security posture – but many lack solutions that effectively secure their SaaS application environments deeper down the stack. SaaS applications and the sensitive data that resides in them, are one of the most critical data sources for an enterprise trying to align to the zero trust model – and one of the most complicated to solve for. Here’s a simple equation to consider:

10’s of SaaS apps X 1000’s of employees X 100K’s of files and assets = CHAOS


Security teams are becoming increasingly frustrated with the lack of visibility and control over all the identities, entities and various permission and data access models connecting to these business critical applications. 


Current solutions that are available in the market today lack: 


  1. The ability to use dynamic inputs that drive your policy logic;
  2. The operational simplicity to allow low TCO and quick time to resolution (i.e. inline solution, complicated and fixed policy management, scattered risk management, etc.);
  3. The flexibility required to address to most complicated use cases and security operations/IT logic;
  4. Attractive pricing models (i.e. expensive alternatives);
  5. Alert credibility – there are too many false positives out there, which lowers the efficacy of the SOC team;
  6. Effective policy coverage, which leads to unhandled and hidden risks – many vendors have a poor risk to remediation ratio


Each domain, group and identity carries a different level of risk which is dependent on the sensitivity of the data that is accessed and shared. Addressing this problem via a manual process or attempting to build a custom solution from the ground up is simply impossible for the modern business. Organization’s require a solution that provides consistent data access control policies that are flexible and fully customizable. They need to be granular enough to address a wide variety of use cases across all critical SaaS applications being utilized by the organization, and provide scalable risk reduction. 


Introducing DoControl’s Security Workflows 


With the launch of DoControl’s Security Workflows, we are helping close the security gap that faces every organization leveraging SaaS applications. IT and security teams are now able to create conditional-logic, data access control workflows on a no-code policy enforcement platform that delivers scalable risk reduction beyond the identity, device and network levels. In order for organization’s to get closer to achieving Zero Trust, they need to move security closer to what drives their business forward: SaaS applications. Leveraging Security Workflows is the first practical step in making this a reality.


Providing an optimal end-user experience is a key development focus area for our team as we continue to build and enhance the DoControl solution. We take it a step further with this release, providing operational simplicity and efficiencies to better serve our customers. We’ve released a catalogue of 100’s of playbooks (pre-established templates), which can be customized to specific application(s) or use cases. These playbooks can act as a “blueprint” which can be easily adjusted to align to support a wide range of security program requirements – and more importantly they streamline the creation of secure data access workflows down to a simple few clicks. 


The user interface is intuitive and easy to use. Our customers can solve for a wide range of use cases and view the exact actions, triggers, remediation steps and paths taken in a visual “drag-and-drop” canvas. Overtime, DoControl will intelligently recommend specific policies based on environmental factors and behavioral patterns that present high-levels of risk. And because we’re able to reference all the SaaS application metadata that the solution is subscribed to, we can drill deep down and harness each individual event to extract unprecedented insights. This is a technology gap that no other SaaS security company can effectively address the way Security Workflows can. We then leverage the insight to drive smarter decisions and as a result can support use cases from the most simple, to the most complex.


Let’s review three use case examples:


  1. Public Sharing of Personal Identifiable Information (PII)

There are a number of compliance regulations that require strong security controls around Personal Identifiable Information (PII). With Security Workflows, users can easily drag and drop the appropriate notifications and remediation actions to prevent PII from ever finding its way into the public domain. As shown in the image below, conditional workflows can be established, which trigger different outcomes depending on the events that take place.


  1. Departing Employees Sharing to Their Private Accounts


Today, it's not uncommon for departing employees to take important data and files as they had worked during their tenure. Some of those files are undoubtedly confidential – maybe not all –  but what is certain is that the majority of those files should have never left the organization. The DoControl platform integrates with HR applications such as BambooHR, which in the case of a departing employee, triggers a workflow to disallow critical SaaS application data and files from being distributed to the employee’s personal email addresses, or maybe other third parties.     


  1. Sharing Encryption Keys Over Communication Tools 


Encryption keys are considered a form of a privileged credential, and it’s not uncommon for them to be shared over communication tools such as Slack. Sharing keys and file extensions (i.e. .csr, .crt, .cer, .der, .ca-bundle, .p7b, .p7c, .p7s) are certainly not a best practice, and given the sensitivity of what they provide, they should never be haphazardly distributed over communication tools, and yet it continues to take place out of convenience. Similarly with previous use cases, specific conditions can be established, and given the sensitive nature of the files involved, the security team can be notified as well as pushing the event into a SIEM/SOAR solution, before automatically deleting the file from Slack channel.


Moving Security Closer to What Drives The Business Forward


Take back control, gain full visibility, bolster your Zero Trust Architecture and experience risk reduction that scales in line with SaaS utilization. We will present the use cases referenced in this blog, as well as many others including sensitive data sharing between 3rd and 4th parties, sharing from corporate to private accounts, and terminated employees with access to corporate data in our upcoming webinar. Register today.




Related Posts