BigPanda

 Case Study

Company
BigPanda
Industry
Technology
Featured DoControl Champion
William White
CSO

About BigPanda

BigPanda helps organizations take a giant step towards Autonomous IT Operations by turning IT noise into insights and manual tasks into automated actions. BigPanda helps IT Operations teams deliver a superior level of digital service and application performance, and in the process, dramatically accelerate innovation. Many Fortune 500 enterprises rely on BigPanda to prevent outages, reduce costs, and give their teams time back for digital transformation.

BigPanda Bolsters Security through Deep Data Access Controls with DoControl

BigPanda’s IT team was concerned about the volume of sensitive files that remained accessible to both internal and external users, even after an employee had been successfully off-boarded. The team was lacking the insight and the full context and awareness of potential risks that would surface upon an employee’s departure from the organization. Despite leveraging an Identity Provider (IdP) to provision and de-provision permissions to their SaaS users, the security team had no easy way to comprehensively review all data access and the sharing of sensitive files and data performed by that individual. This had the potential to lead to data exposure or the accidental (or maliciously intentional) release of confidential data.

The broader challenge for the security team was the ability to enforce security policies and have better visibility  across all different SaaS applications throughout their environment, without preventing business enablement through the collaboration and sharing of business critical files. As the organization’s employee count continued to grow and SaaS application adoption increased, the sheer number of access and sharing events within each individual application grew exponentially to the point where it  became an impossible task for the security team to keep up. Within the hundreds of thousands of events occurring throughout their SaaS application estate, it was also nearly impossible to elevate the events that presented material risk to the business, versus standard behaviors and events that were part of the normal course of business.

Scalable Security Policies that Reduce Risk and Deliver Operational Efficiency

The DoControl solution provided BigPanda the ability to enforce security policies at scale around data access via automated workflows, thereby reducing the workload on their security team to monitor and remediate access to assets across their SaaS applications. The solution they required had to be able to allow approved events to occur, based on predefined security policies, to streamline the process for the security team, enabling them to focus on significant events that took place outside of organizational policy.

There is so much activity, so many files, so many events, it’s an impossible task to keep up with all of this. The challenge is to gain visibility and enforcement across all our different SaaS applications to better manage the risk effectively. I need to be a business enabler, and not a roadblock for the organization to collaborate and continue to drive business.
William White, CSO, BigPanda

Through DoControl’s SaaS asset management capabilities BigPanda now has the reporting to audit individual employees’ event activity logs across all of their SaaS applications, which was critical for ensuring departing employees were unable to take proprietary data with them. The audit log reports also enabled the security team to identify high-risk employees, which informed the organization’s best practices for collaboration to help to foster business enablement while mitigating the risk of a data breach.

The DoControl Impact

One of the security team’s KPI’s at BigPanda was to continue to drive business enablement through SaaS application utilization, in a way that drove business growth while simultaneously minimizing the risk of data exfiltration or a data breach. After implementing DoControl, BigPanda  had full visibility across users, assets, collaborators, and SaaS applications for any given point-in-time.

By leveraging DoControl’s granular reports that removed events involving approved collaborators and vendors outside their organization, they were able to significantly reduce the number of events to monitor and focus on events that presented a higher level of risk.

Moreover, the security team was now enabled to utilize automated workflows that created flexible data access security policies allowing employees to continue to collaborate internally, as well as with external vendors, which they had no insight or control over prior to DoControl.

Today, BigPanda is now able to mitigate the risk of sensitive files from leaving the confines of the corporate security team, and dramatically reduce the risk of a cyber breach.

Key Benefits

  • Centralized the enforcement of data access control policies across all SaaS applications
  • improved visibility across all users and identities both internal and external
  • Detailed reporting to audit individual employee event activity logs
  • Improved operational efficiencies to enable the business while reducing risk

DoControl’s 2023 SaaS Security Threat Landscape Report Finds 50% of Enterprises and 75% of Mid-market Organizations Have Exposed Public SaaS Assets

This stat comes from the industry report we published earlier this year: The SaaS Security Threat Landscape Report. It’s a great read. We recommend you check it out.

DoControl-CTA demo image

Automated data access controls to improve security and operational efficiency with ease of use

See a live demo