Founded in 2018, Liquidity Group is a pioneering technology firm that has become the industry's fastest growing lender to mid-market, late-stage companies by automating the entire debt lending cycle
Liquidity Group leveraged Software as a Service (SaaS) applications such as Google Drive, Slack, and many others to enable both internal and external users to drive business enablement through collaboration and communication. While these applications are foundational in helping enable their workforce to be productive, their security was challenged by the amount of sensitive data being generated and shared within their business-critical SaaS applications. The team was concerned with the lack of visibility into how each individual user was interacting with SaaS application data and files. Without a full inventory and strong insight into their environment, it was difficult for Liquidity Group to effectively quantify their SaaS data risk.
There was a crucial need to automate the remediation of data overexposure, in order for the business to scale while maintaining a strong security posture. The team also wanted the ability to monitor and control high-risk users and events within their SaaS estate. As their business grew, the number of identities (i.e. external collaborators, customers, prospects, vendors, and partners) increased, obtaining unmanageable access to the data within their core SaaS stack. There were thousands of SaaS events taking place on a daily basis, throughout all the disparate applications being leveraged; creating a scalable problem in trying to identify activities that introduced risk to the business. The security team needed the ability to extract the business-context in order to differentiate standard business practices versus malicious or anomalous activity.
The DoControl solution was able to provide visibility, monitoring and risk remediation throughout Liquidity Group’s business-critical SaaS applications. DoControl ran an initial query to identify the amount of data that was publicly accessible, external collaborators who had access, private domains that had access to their data, and more. The team was able to quickly identify the most exposed domains, highest risk users, and provide foundational controls to automatically remediate their risk exposure within their SaaS ecosystem. The DoControl No-Code SaaS Security Platform enabled their security team to create granular data access control policies that met the security requirements of their business. The team can easily define workflows that were API-powered and event driven that automatically triggered during high-risk events.
The DoControl solution provided Liquidity Group with strong visibility and asset management throughout their SaaS environment. They now had full insight into every individual (both internal users and external collaborators) and SaaS events taking place within their ecosystem. The business-context of what was taking place with their environment was now fully exposed, providing a baseline understanding of their SaaS data risk. Alerts could then be customized and configured to elevate the events and activities that were relevant to their business. Through self-service remediation, the security team could now take immediate action on high risk activities such as revoking access or changing ownership over sensitive files.
“The DoControl solution allowed our business to be as agile as possible, without compromising security within our SaaS estate. Our security team could create the necessary data access control policies that worked for our business.” - Ze'ev Oren, Chief Information Security Officer (CISO)
Two specific critical use cases that Liquidy Group was trying to achieve with DoControl were managing insider threats, and protecting third-party vendor access. With DoControl, their security team was able to trigger workflows that would automatically monitor departing employees' activities. By integrating their HR application into the DoControl platform, as soon as an employment status change became triggered (i.e. resignation or termination) in the app, the security team was able monitor the employees activity, and help prevent data exfiltration via sharing sensitive data to their private email account. For third party access, secure workflows such as providing file sharing to a third party for a predetermined amount of time for a specific project, and then revoking access automatically prevented sensitive data from being overexposed and accessed from anywhere, and at any time.
The DoControl solution has enabled Liquidity Group’s SaaS data to be automatically monitored and protected against malicious activity, ensuring that no unauthorized user has access to sensitive company data. As a completely agentless solution, with no software installation necessary, DoControl was implemented quickly and provided immediate time to value. Access reviews were now performed from a centralized location, providing a deep audit trail of end user access activity throughout all the disparate applications being utilized. Liquidity Group’s security team can now securely and effectively manage access for every identity, application, and asset being leveraged to drive their business forward.
This stat comes from the industry report we published earlier this year: The SaaS Security Threat Landscape Report. It’s a great read. We recommend you check it out.
