.png){kind=small}
Like many modern organizations, our customer moves quickly – creating and sharing high volumes of data and files to drive business growth. This pace introduced new security and governance challenges.
Our customer was using a previous vendor in the space that lacked the ability to accurately show them all their data, and provide them with scalable remediation. This led them to seek out a stronger alternative. With the support of our partners at SADA, we were able to reconnect and deliver the comprehensive governance and remediation capabilities they required.
The Security Challenges Our Customer Faced
1) Protecting Sensitive Data in Google Workspace
While working with their previous vendor, many risks were able to slip through the cracks - DoControl uncovered more than 4.9 million potential risky events that had not been addressed or remediated. Our customer knew they needed stronger safeguards to protect the sensitive information living in Google Workspace.
With high volumes of files being created and shared every day, collaboration in SaaS remained constant. They needed confidence that their data would remain protected no matter how quickly teams worked or how often files were exchanged.
2) Visibility and Control Over Who Has Access to What
Secondly, our customer also required greater visibility into who could access what data – and how it was being used. For a financial services company handling sensitive financial records and customer information, it was critical to understand both internal and external sharing activity.
Our customer had more than 172,500 assets shared externally, highlighting both the speed of the business and the potential risk of sensitive information being exposed without the right safeguards in place.
They needed to know who was accessing which files, whether they were employees or third-parties, what those people were doing with the data, when those files were accessed, and how that information was being circulated.
3) Implementing Retention Policies
Our customer recognized the importance of enforcing specific retention policies for certain files to ensure that sensitive data was not left unnecessarily exposed, and also built in mechanisms to delete stale data to manage with Google spend.
With thousands of files being created, shared, and often left forgotten about and untouched, they needed clear policies that would automatically remediate and set time limits for when specific assets should be revoked, unshared, or deleted.
By doing so, our customer could reduce the risk of lingering access to stale or outdated files, and maintain stronger governance over their most sensitive information.
4) Tailored Policies Around Classified Data
Our customer did the heavy lifting of classifying all their data through Google Workspace, but they needed to ensure that files containing classified, labeled, or otherwise sensitive information were not overexposed or misused.
As a financial services organization, protecting this type of data was critical, but they required the flexibility to define policies according to their own specific parameters.
By building tailored sharing policies around their classified data within Google Workspace, our customer would gain the ability to control how sensitive assets were shared, reduce the risk of accidental exposure, and enforce governance aligned to their business needs.
Knowing the risks they faced and what they wanted to accomplish, our customer came to DoControl.
How DoControl Partnered with Our FinTech Customer to Solve These Problems
Problem 1: Data Access Governance
Handling sensitive data is inherently part of the financial services industry. As a result, our customer needed a way to track who had access to what data, how it was being used, and where it was moving.
Without this visibility, they faced elevated risks of unauthorized access and potential exposure.
How DoControl Solved This Problem
DoControl delivers real-time visibility into every asset, every user, and every action across Google Workspace.
By applying contextual risk scoring, DoControl is able to determine whether access aligns with an employee’s role and responsibilities, monitor how data is being used, flag when information is being shared or moved in ways that poses risk, and automatically remediate risks, permissions, or exposures the second they happened.
Problem 2: Data Retention Enforcement Policy
Our customer faced the risk of sensitive files being left exposed indefinitely, creating unnecessary vulnerabilities for the business. With thousands of assets being created, shared, and often forgotten, they needed a more disciplined approach to governance.
Clear policies were required to automatically remediate files that had not been touched for extended periods of time and to set defined limits for when specific assets should be revoked, unshared, or deleted. Without this, stale or unused files could linger in the environment and increase the likelihood of sensitive data being exfiltrated or accessed by the wrong people.
How DoControl Solved This Problem
Using DoControl’s proprietary ‘Last Viewed’ feature, they were able to identify files that had not been touched in the last six months to a year. DoControl enabled our customer to implement tailored retention policies that automatically remediated sensitive files based on usage and activity. This included:
→ Historically remediating assets that have not been modified for more than 1.5 years.
→ Implementing a new policy that external shares to personal emails or untrusted domains require approval from security, the end user, or the manager and expire after 1.5 years.
→ Historically remediating assets that have not been viewed within the last 6 months.
→ Scheduling an automated process to bulk remediate ongoing assets that have not been viewed within the last 6 months.
Problem 3: Risky Classified Data Sharing
Our customer faced significant risk from the potential overexposure of classified and sensitive data. Sensitive files that were tagged with internal Google labels were at risk of being overshared or left accessible to the wrong parties.
Without the ability to enforce clear policies around these specifically classified files, the organization risked accidental exposure of financial records, customer information, and other critical assets.
How DoControl Solved This Problem
DoControl enabled our customer to enforce the strong governance, tailored policies, and customized rules they needed to prevent oversharing of sensitive, labeled data. This included:
→ Filtering the DoControl inventory to identify ALL assets tagged with sensitive Google labels
→ Running bulk remediations on subsets of those assets to eliminate external-facing exposures
→ Setting specific time bounds for classified and risky assets to ensure temporary access did not become permanent exposure
→ Establishing tailored, granular policies designed around different sensitivity levels and labels to fit their unique needs
Problem 4: Ongoing Scalable Remediation to Manage Exposure
With more than 3,500 users and growing, manually resolving security risks – including historical cleanup and proactive monitoring across accounts and files – became increasingly time-consuming and unsustainable.
Without a way to take action at scale, our customer had no way to eliminate previous exposures and sensitive data that had been historically shared externally, applications that had posed risks, or users that still had legacy access.
How DoControl Solved This Problem:
DoControl streamlined scalable, ongoing, and repeatable remediation through customizable workflows and bulk actions, enabling our customer to resolve risks quickly and consistently.
In just the last 90 days, they executed more than 300,000 workflows, and completed nearly 57,000 bulk remediations.
Bulk remediation allowed them to eliminate historical issues in a single action, while custom workflows automated policies across multiple scenarios to deliver continuous, context-aware security.
Using workflows further maximized productivity by involving security teams or managers only when additional context or decision-making was required – enabling security controls to work 24/7 without causing roadblocks in day to day operations.
"With DoControl, we’ve been able to remediate risks at scale while tailoring actions to specific scenarios and users, like retention policies, stale assets, or sensitive labels. The flexibility and granularity of the platform give us a level of control we simply didn’t have before – turning remediation from a reactive, manual process into a proactive, automated, tailored process that keeps our data secure without slowing the business down."
– CIO of our Customer
Summary & Key Results
Leveraging DoControl’s capabilities, our customer strengthened its controls around its Google Workspace environment and significantly improved its security posture:
→ $1,548,000 in total cost security program savings
→ $612,400 saved in remediation efforts and clean up
→ 300,400 workflows executed within the last 90 days, saving 2,800 hours of manual work
By combining proactive risk detection with powerful automation, DoControl empowers our customer to achieve complete visibility and control over sensitive data in Google Workspace, eliminate risks tied to shadow applications, maintain compliance through consistent configurations, and remediate exposures – past, present, and future.
