Rewriting SaaS Security: Why Data, Identity, and AI Require a New Approach

Home Blog Industry Trends Rewriting SaaS Security: Why Data, Identity, and AI Require a New Approach

What is DoControl Doing?

DoControl is a SaaS data security, identity, and posture management platform that helps organizations reduce SaaS risk at scale through automation, visibility, and user engagement.

Our core capabilities:

Unified SaaS Asset Inventory – Full visibility into files, users, groups, third-party apps, and permissions.
SaaS Posture Management (SPM / Misconfigurations) – Continuous monitoring and remediation of insecure SaaS configurations (e.g., MFA enforcement, external sharing defaults, service account permissions).
Data Loss Prevention & Behavioral Analytics – Detect oversharing, sensitive data leaks, and anomalous user or service behavior, tuned with IdP/EDR/HRIS signals to cut false positives
Automated Remediation Workflows – Event-driven and bulk actions to remediate exposures quickly across apps.
End-User Engagement – Slack/Teams/Google Chat bots that gather contex, reach out to the user, and enable user-driven self remediation.
OAuth & SaaS-to-SaaS Governance – Discover, assess, and revoke risky integrations and tokens across SaaS ecosystems (Google Workspace, Microsoft 365, Salesforce, GitHub).
Identity Threat Detection & Response (ITDR) – Detect and mitigate compromised accounts, abnormal authentications, and suspicious access patterns.
AI Risk Guardrails – Monitor and control SaaS integrations with AI assistants and connectors (e.g., preventing sensitive data from being exposed to third-party AI tools).

Main Market Gaps — What’s Not Working Now

CASB

CASBs (Netskope, Microsoft Defender for Cloud Apps, etc.) provide inline and API-based capabilities, but struggle with:

Non-flexible, rigid policies that can’t adapt to diverse SaaS permission models.
Complex and messy UX, making policies hard to tune and maintain.
Limited remediation scale in API-mode: bulk cleanups across millions of SaaS assets are operationally impractical.

SSPM

Vendors like Adaptive Shield, Reco.ai, Suridata, Valence, Grip Security, and even Microsoft’s SSPM modules cover misconfigurations, compliance, and OAuth governance. But:

Mostly focus on static configuration checks, not continuous event-driven monitoring that reflects the true dynamics and flexibility of SaaS.
They lack automated remediation of data exposures and identity threats, leaving this work to be manual (if done at all) which wastes time, money, and resources.
End-user engagement is rarely built-in, leaving approvals or checks from security teams as bottlenecks.

Data Exposure & Operational Drag

Today’s teams often rely on:

CSV exports and manual audits to find exposure.
Scripts and brittle API calls throttled by SaaS rate-limits.
Disjointed workflows across SIEM, SOAR, and IT ticketing systems.
Slow incident resolution, where fixing thousands of risky shares or app grants can take weeks.

Emerging AI Risks in SaaS

AI assistants and connectors (e.g., GPT integrations, Slack bots, Salesforce copilots) can pull sensitive data into third-party models.
Shadow AI usage often bypasses corporate controls.
Misconfigured or over-permissioned AI connectors can act as data exfiltration vectors.

OAuth Breaches — Example: Salesloft/Drift → Salesforce

Recent OAuth token theft incidents highlight how attackers exploit SaaS integrations instead of the core apps. Weak MFA, over-permissioned tokens, and lack of monitoring enabled attackers to harvest Salesforce data through connected apps.

How Security Teams Operate Today — and What Needs to Change

Status Quo:

CASB for traffic inspection and DLP.
SSPM for configuration posture and OAuth inventory.
SIEM/SOAR/EDR for detections.
Manual scripts and IT tickets for cleanup.

Required Changes:

Unified SaaS asset and permissions visibility – Treat every file, user, token, and app integration as a governed asset.
Automated OAuth and connector governance – Discover, score, and revoke SaaS-to-SaaS apps continuously.
Event-driven remediation – Replace batch pulls and tickets with workflows that act instantly on new exposures.
User-in-the-loop security – Engage employees in Slack for context and remediation.
Identity-first detection – Combine authentication, business context, behavior, and configuration signals to detect compromised accounts or insider threat faster.
Shadow AI governance – Track data flowing into AI integrations and enforce guardrails.

Why Security Teams Should Adopt DoControl

DoControl provides the automation, coverage, and context missing from today’s SaaS security stack.

Differentiators:

SPM + Data + Identity in one platform: Covers misconfigurations, oversharing, OAuth risks, and ITDR ALL together in a centralized view.
Context‑aware DLP and behavioral analytics - NLP/RegEx plus identity/HR/EDR context reduces false positives and helps catch insider‑risk patterns early.
Event-Driven Detection: Monitors SaaS activity streams for anomalies (e.g., suspicious user-agents, mass downloads, API/report abuse).
Bulk and Continuous Remediation: From historical exposure cleanup to real-time guardrails.
End-User Engagement: Slack/Teams bots for context gathering and self-remediation.
AI Risk Controls: Govern AI connectors and prevent sensitive data leaks to untrusted models.
Salesloft/Drift-style Breach Prevention:
- Detect unusual API/report activity in Salesforce via workflows utilizing Event Monitoring logs.
- Identify shadow apps connectors like Salesloft/Drift with excessive permissions. Automate token revocations and user offboarding.
- Flag SaaS misconfigurations (weak MFA, over-permissioned service accounts).

Final Thoughts

The SaaS security market in 2025 is fragmented, with legacy solutions like CASBs, SSPMs, and outdated DLPs failing to provide the comprehensive coverage and adaptability modern organizations require.

Companies no longer need point tools that fit into rigid boxes - they need a unified, innovative solution that closes gaps, scales with their growth, and delivers flexible governance, prevention, and remediation.

DoControl is that solution: built with our customers’ evolving challenges in mind, driving innovation, and redefining the industry standards when it comes to SaaS security.

Want to Learn More?

See a demo - click here
Get a FREE Google Workspace Risk Assessment - click here
See our product in action - click here

Omri Weinberg

Co-Founder and CEO

Omri Weinberg is the Co-Founder and Chief Executive Officer of DoControl. Omri brings 13 years of experience in sales, business development, marketing, and operations. Prior to founding DoControl, Omri was a General Manager USA at SafeDK, where he led customer acquisition, sales strategy, and US operations. There he helped grow the company from $5K to $2M ARR in two years resulting in a successful acquisition by AppLovin. Before SafeDK, Omri was a Senior Vice President of Performance Marketing at Matomy Media Group, where he led 60 full-time employees to acquire thousands of new customers globally, and grow sales to $80M. Before Matomy, Omri Co-Founded GETONIC, a marketplace for digital goods, raising $500K from The Time VC.

Omri grew up contributing and co-managing a low-tech manufacturing family business, where he led financials, sales, business development, and operations between 2002 and 2007. Omri’s biggest passions are traveling the world, playing tennis, and hanging out with friends. In between, Omri spends every minute with his two babies and wife. His goal is to one day study architecture design.

Omri holds a B.A in Business Administration majoring in marketing and communication from the Interdisciplinary Center Herzliya.

‍