Consider the following scenario: Your company has been relying on SaaS applications both for convenience and for critical tasks for some time now, but you’re starting to hear about security risks that reliance on these cloud-based apps may pose. You begin to realize that much of your company’s sensitive information -- project, customer and operational data -- is shared on those apps and available to anyone internal or external with the right link. You’ve taken precautions to secure your perimeter, but the more you study the situation, the more concerned you grow with the amount of data residing beyond that perimeter.
You think about not only the sheer number of SaaS apps your company is utilizing, but also who has access to them. The list in your head quickly builds -- current employees, contractors, external partners, customers, vendors and anyone else who’s not “current” but may have been any of these in the past. Even the public might be able to find information you don’t want shared externally because sharing links providing access are still alive and out there. And when it dawns on you that you really have no idea of the size of the exposure and you don’t know how you can remediate the vulnerability, you start to sweat.
If this scenario feels a little too familiar, we can offer you a towel to mop your brow...
and then suggest a call to us. We’re DoControl, and we can help you cover your SaaS.
DoControl provides both the visibility you need to assess your security status and the tools to automate remediation of identified vulnerabilities. DoControl integrates with the most popular SaaS applications to compile straightforward metrics that quantify your areas of risk. The platform delivers a set of easy-to-use remediation tools and recommends security policies to quickly and continually protect your enterprise.
DoControl updates you almost instantly on how your company is using the most popular SaaS applications, such as Salesforce, Microsoft Teams, Google Drive, Slack, Github and dozens more. Once installed, DoControl provides end-to-end visibility of all users, external collaborators and domains, and assets that are being shared.
DoControl then generates a simple set of KPIs you can use to focus your remediation efforts for maximum results in the quickest time and measure the progress you’re making in containing your exposure. These KPIs include:
With KPIs in hand, you and your team can start executing rapid remediations. Say you see that two of the identified external collaborators are no longer part of your business strategy and have no ongoing need for access. All the links still open to them can be shut down.
Besides the percentages, you can see the specifics, such as the names of the external files that are shared publicly that shouldn’t be. DoControl helps you zero in on each file and shut off unwarranted access. As you make progress on these fronts, you’ll want to make sure that you’re keeping the numbers down by executing security policies that stop unwanted sharing to begin with. For example, you can create auto expiration dates for public or external sharing to ensure the data only is visible for a limited period of time.
These manual, point-in-time steps are important, but security requires ongoing vigilance and shared knowledge among all employees about how to minimize vulnerabilities without overreaching and impinging on legitimate business activities. Automation is essential to constructing, scaling and maintaining security policies across all your vital SaaS subscriptions so that you can better manage security risk while your workers and external collaborators remain productive.
Automation extends to the communication IT and security teams generate with employees, as well. DoControl is integrated with Slack and Teams, using bots to inform team members of potential issues they may want to address when a data source is shared that perhaps shouldn’t be, such as sharing with private accounts or mass sharing.
With ongoing vigilance and refinements, the KPIs will highlight ongoing movement toward a more manageable security posture. And because DoControl is both comprehensive and easy to use, you can on one hand enable your teams to be their most productive while on the other safeguard your enterprise from unnecessary security exposure all without breaking a sweat.
This stat comes from the industry report we published earlier this year: The Immense Risk of Unmanaged SaaS Data Access. It’s a great read. We recommend you check it out.
We are excited to announce our expansion of DoControl’s integrated technology partnership program to include Datadog. As a leading platform provider for monitoring and security for cloud applications, the integration with Datadog allows security operations teams to have a more holistic view of risk across the mission-critical Software as a Service (SaaS) applications being leveraged to enable business enablement and productivity.
The last time the RSA Conference was a live, in-person event was right before the world as we knew it came to a screeching halt. Every technology vendor did their best to rollout “virtual” events which were in no way comparable to the real thing. Everyone – including all of us here at DoControl – was missing the “human connection.” As a vendor that was “born out of the pandemic,” we were very excited to (for the first time!) meet face-to-face with prospects, customers, peers, partners and more to talk about all things Software as a Service (SaaS) data security.
When it comes to addressing insider risk, security starts within. Protecting sensitive company data from exfiltration and misuse requires a combination of the right people, process, and technology. Managing insider risk and preventing threats to the business is not achieved with any of these pillars individually. Modern businesses require technology that prevents and detects unauthorized access to critical assets; processes to support automated data access remediation; and people that are educated about – and watchful of – potentially risky activity who can course-correct during potentially risky activity. Modern organizations need all three pillars interconnected in order to protect their most critical assets.