View the Demo Video for Insider Risk Management
BigPanda helps organizations take a giant step towards Autonomous IT Operations by turning IT noise into insights and manual tasks into automated actions. BigPanda helps IT Operations teams deliver a superior level of digital service and application performance, and in the process, dramatically accelerate innovation. Many Fortune 500 enterprises rely on BigPanda to prevent outages, reduce costs, and give their teams time back for digital transformation.
BigPanda’s IT team was concerned about the volume of sensitive files that remained accessible to both internal and external users, even after an employee had been successfully off-boarded. The team was lacking the insight and the full context and awareness of potential risks that would surface upon an employee’s departure from the organization. Despite leveraging an Identity Provider (IdP) to provision and de-provision permissions to their SaaS users, the security team had no easy way to comprehensively review all data access and the sharing of sensitive files and data performed by that individual. This had the potential to lead to data exposure or the accidental (or maliciously intentional) release of confidential data.
The broader challenge for the security team was the ability to enforce security policies and have better visibility across all different SaaS applications throughout their environment, without preventing business enablement through the collaboration and sharing of business critical files. As the organization’s employee count continued to grow and SaaS application adoption increased, the sheer number of access and sharing events within each individual application grew exponentially to the point where it became an impossible task for the security team to keep up. Within the hundreds of thousands of events occurring throughout their SaaS application estate, it was also nearly impossible to elevate the events that presented material risk to the business, versus standard behaviors and events that were part of the normal course of business.
The DoControl solution provided BigPanda the ability to enforce security policies at scale around data access via automated workflows, thereby reducing the workload on their security team to monitor and remediate access to assets across their SaaS applications. The solution they required had to be able to allow approved events to occur, based on predefined security policies, to streamline the process for the security team, enabling them to focus on significant events that took place outside of organizational policy.
There is so much activity, so many files, so many events, it’s an impossible task to keep up with all of this. The challenge is to gain visibility and enforcement across all our different SaaS applications to better manage the risk effectively. I need to be a business enabler, and not a roadblock for the organization to collaborate and continue to drive business.
Through DoControl’s SaaS asset management capabilities BigPanda now has the reporting to audit individual employees’ event activity logs across all of their SaaS applications, which was critical for ensuring departing employees were unable to take proprietary data with them. The audit log reports also enabled the security team to identify high-risk employees, which informed the organization’s best practices for collaboration to help to foster business enablement while mitigating the risk of a data breach.
One of the security team’s KPI’s at BigPanda was to continue to drive business enablement through SaaS application utilization, in a way that drove business growth while simultaneously minimizing the risk of data exfiltration or a data breach. After implementing DoControl, BigPanda had full visibility across users, assets, collaborators, and SaaS applications for any given point-in-time.
By leveraging DoControl’s granular reports that removed events involving approved collaborators and vendors outside their organization, they were able to significantly reduce the number of events to monitor and focus on events that presented a higher level of risk.
Moreover, the security team was now enabled to utilize automated workflows that created flexible data access security policies allowing employees to continue to collaborate internally, as well as with external vendors, which they had no insight or control over prior to DoControl.
Today, BigPanda is now able to mitigate the risk of sensitive files from leaving the confines of the corporate security team, and dramatically reduce the risk of a cyber breach.
This stat comes from the industry report we published earlier this year: The SaaS Security Threat Landscape Report. It’s a great read. We recommend you check it out.
