View the Demo Video for Insider Risk Management
Cutover interconnects teams and technologies through collaborative automation, enabling businesses to successfully manage their technology resilience, cloud migration, and release strategies. The Cutover platform provides a guided path through IT complexity with dynamic, automated runbook technology.
The hundreds or thousands of applications businesses operate are the central nervous system of their business, they never stop and constantly evolve. Cutover enables the ability to implement, recover, migrate, release, and maintain applications so businesses can move fast and stay resilient.
Like many modern businesses today, Cutover has embraced the speed and flexibility that coincides with adopting SaaS applications, such as Google Drive and Slack, to help drive business enablement. As a SOC 2 Type 2 and ISO27001 certified organization, Cutover was keen to ensure internal and external data flow remained transparent. This visibility allows for the implementation of consistent policy enforcement, as well as the timely remediation of any non-compliance. For a growing company, Cutover’s was focused on facilitating and promoting expansion securely. A selection of Cutover’s employees had the ability to share data with external collaborators and vendors via Google Drive in order to drive business. With business relationships regularly changing, it can be challenging to regularly review these access points and amend manually, something which is not scalable for a growing organization like Cutover.
While many SaaS applications have an element of data analysis and reporting, the lack of automation makes it very time consuming to sift through hundreds of data entries. Additionally, many systems lack the alerting capabilities to ensure a prompt response to an event that falls into non-compliance. Cutover needed a centralized tool that could aggregate data assets from across all different sources, providing a foundation of preventative controls to protect data within their business-critical SaaS applications.
DoControl provided Cutover with a solid foundation to start understanding all of their SaaS applications, users, collaborators, and data assets through its SaaS asset management capabilities. DoControl was able to consolidate the data scattered across multiple disparate SaaS applications and compile an accurate inventory that provided complete visibility, allowing for more effective data access security policies.
“With DoControl in place, we are now able to enforce consistent data access control policies over the applications that are the cornerstone of our business’ success.” – Mustafa Shabaa, Information Security Analyst, Cutover
Using DoControl’s automated security workflows was Cutover’s next step in building out a robust security plan for their SaaS applications, as it allowed the IT team to set dynamic policies that auto-expire access to data assets after a predetermined period of time. This enabled the team to limit the growth in externally shared data access by disallowing indefinite access. Cutover was enabled to remediate the access to lists of users or to an entire domain once that business relationship had come to an end, saving valuable time and resources and giving them the confidence that they have reduced the risk of unauthorized data exposure.
The DoControl solution provided continuous monitoring across all of their SaaS applications, including the auditing capabilities that would monitor data exposure for the period prior to employees leaving the company. In addition, Cutover leveraged an HTTP utility within the DoControl Platform that enabled Security Workflows to trigger their Runbooks automatically, which was a requirement for their business.
DoControl is now an integral component of Cutover’s security environment. Cutover now benefits from having a single, centralized location where they can implement security policies around data access and sharing that are consistent across all their SaaS applications, as opposed to managing each one individually. Based on best practices and policies provided by DoControl, the IT team was enabled to create granular policies for different users and groups within the organization. This enabled them to collaborate internally and externally while reducing the risk of unauthorized data exposure, data exfiltration, or a major security breach.
Cutover’s IT team now has the visibility to feel confident in knowing who is accessing specific sensitive company data, how they’re utilizing it, and who they’ve shared access with both internally and externally. The team can now take a risk-based approach to audit reviews by easily pulling event activity audit logs to perform security checks that present higher levels of risk. Through the automated workflows provided by the DoControl solution, Cutover have automatically mitigated data access security risks at scale and enabled their IT team to focus on other strategic projects.
This stat comes from the industry report we published earlier this year: The SaaS Security Threat Landscape Report. It’s a great read. We recommend you check it out.
