About Samsung Next
Samsung Next champions the boldest and most ambitious founders who are creating a better future. Next helps Samsung shape the future by identifying the technologies, trends, and ideas that matter. The team invests broadly in the technology areas of AI, blockchain, fintech, healthtech, infrastructure, and mediatech, but invests opportunistically in founders.
DoControl Reduces Samsung Next's SaaS Exposure Risk
Samsung Next leverages Google Drive, Slack, and many other critical SaaS applications to drive business enablement through seamless collaboration. As a leading venture capital firm, Samsung NextNEXT employees collaborate with hundreds if not thousands of external collaborators, prospects, vendors, customers, and partners.
Samsung Next’s IT team was challenged with a significant amount of data sharing and suspicious activity posed by internal and external users. As a result, they were spending 10 to 20 hours per week ensuring that unauthorized individuals could not access critical data points.
Samsung Next’s second biggest struggle was with the fact that getting visibility into what was being shared was not enough to actually solve the problem —- without the right process and technology in place, information can be shared indefinitely. Existing security tools did not solve for remediating these threats at scale, which left the IT team with a lot of manual work that prevented them from focusing on more strategic and impactful work.
The IT team did not have the ability to understand why certain data points were being shared externally, or even publicly. Getting the business context from individuals internally was both labor-intensive, and also involved unnecessary friction from the internal parties involved.
Foundational SaaS Application Data Access Controls
The DoControl solution ingests metadata from Samsung Next’s business critical applications, integrates via APIs, and provides full awareness of every entity that has access to sensitive data. The solution is completely event-based, and allows for the normalization of data to identify anomalies that occur with Samsung Next’s environment, so they can take manual action or automate the remediation of high risk activity.
Moreover, the IT team leverages DoControl’s DoBot (Slack Bot) to retrieve the business context from end users at scale, with no manual effort required. For example, if an employee were to share confidential payroll information within Google Drive, an automated notification would be generated indicating that a user had shared a file with sensitive data. The team can then review the alert details and take the appropriate action of removing permissions or creating a new policy to prevent further sharing of that specific file. Notifications that involve events that are not classified as high risk could also be sent directly to the user to resolve the issue, without ever having to involve the IT team whatsoever.
With so many data movements on SaaS applications, DoControl makes it easy for us to really control who has access to what data point - all with minimal effort required.
Wilson Chean, System Administrator, Samsung Next
With DoControl, Samsung Next’s SaaS-hosted data is no longer exposed indefinitely. Each time a user shares information externally, DoControl’s security workflows become activated based on pre-defined policies, which are easy to configure and deploy. This helps lower the risk of a cybersecurity breach and provides Samsung Next’s IT team the confidence that data exfiltration is significantly mitigated at scale.
The DoControl Impact
The DoControl solution has enabled Samsung Next’s SaaS data to be automatically monitored and protected against malicious activity, ensuring that no unauthorized user has access to sensitive company data. The lightweight solution was deployed without the need for any agents and with no impact to the end-user experience. All access reviews are now performed seamlessly using the DoControl platform, providing a deep audit trail of end user access activity that supports various audit requirements. Moreover, the IT team is now better equipped to effectively investigate SaaS data leakage events that present material risk to the business, as well as focus their attention on more mission critical tasks.