Glossary

Two-factor authentication (2FA) requires a user to prove their identity in two different ways before accessing an account. For example, a password used together with a code sent to your phone.

An application developed by a business that is not the same manufacturer as the device on which the app is used. For example, a meeting app such as Zoom used on a mobile phone.

DoControl exposes an application programming interface (API) enabling you to interact and retrieve data from your integrated apps programmatically. The API is based on the GraphQL query language.

A programmable method to define or restrict user access. Generated by an API, an access key can be defined by role or other parameters to ensure that allowed access is situation-specific and legitimate.

DoControl steps you can use when defining your workflows: Wait - A timeout action to be used with a subsequent action. Notify - Inform a user or group of users about an event. Decide - Send a message to the approver, asking to either approve or reject the user's action, or decide between several options. The workflow branches out according to the approver's decision. Flow control - Control the flow of execution based on input from conditional actions, and create different paths in your workflow. Remediate - Implement SaaS-specific actions to mitigate potentially damaging data exposure or reduce risk. Query - Investigate the contents of inventory items, such as users, assets, groups or domains. Utilities - Implement an outgoing action to send HTTP requests using API keys to other systems.

A Microsoft application, Active Directory serves as a gatekeeper to ensure users are matched with the correct level of access permissions appropriate for their defined profiles.

A user who triggered the event that generated the alert. Actors can be internal (within your organization) or external (outside your organization).

A calculated alert that is distributed after a user performs multiple actions, such as sending numerous assets to a personal Gmail account, or publicly sharing large quantities of assets.

Automatic notification that is generated after a triggering event occurs. This event can indicate anomalous user behavior across one of your organization’s SaaS apps.

Type of alert based on the event that triggered it. Alert categories include: External sharing - These alert types indicate excess permission privileges that were granted to external users outside your organization. Public sharing - These alerts indicate company assets that were publicly shared; for example, a Google Drive asset becoming public. Downloading assets - These alerts indicate an anomalous number of file downloads over a short period of time; for example, an internal user who is about to be terminated downloads assets. SSPM - These alert types indicate security risks in SaaS applications; for example, if a user disables the organization’s MFA requirement. Malicious domain - These alerts indicate assets that were shared with or by a suspicious or malicious domain. Leaving employee - These alerts are triggered for terminated or leaving employees.

An indication of how risky the alerted event is. This parameter is fully customizable. Severity levels include: Low - Unusual user activity, such as accessing inactive files or when a user shares files extensively. Medium - Anomalous user activity considered to be risky, such as allocating public access to assets. High - The highest severity level. Anomalous user activity that's considered highly risky, such as sharing sensitive files externally or with private emails.

Stage of the alert in the investigation process, such as new, in progress, suppressed, or resolved.

A workflow that is triggered by a specific alert in order to close the remediation loop faster and ensure better risk coverage.

File or recording on your organization's SaaS platform.

A detailed record describing tasks performed by DoControl. The audit log is auto-generated for every executed workflow action.

A quick action that’s applied to multiple assets or users. Bulk actions help to expedite the remediation process when multiple assets are affected.

A cloud access security broker (CASB) is a service that is positioned between cloud services users, providers, and devices. It aims to enforce security measures based on a set of policies. Due to the way it operates, a CASB cannot offer comprehensive cybersecurity measures for more complex third party applications.

Cloud security posture management (CSPM) focuses on securing the posture management of the assets and resources that comprise cloud infrastructure.

An alert that is processed after multiple events occur, as in the case of aggregated alerts.

A subset of an event that triggers a workflow. A condition can include an input value, a comparator, and an input value to check against.

DoControl scans on-demand any content in Google Drive by leveraging search terms across Google APIs. An example of a content scan is a list of keywords containing financial details, or a GDPR request with names or emails to be forgotten. Scanned data is not persistent, and DoControl doesn’t store any data.

Data loss prevention (DLP) includes processes, policies, and software to keep data safe from unauthorized access, destruction, and theft. It also applies to preventing employees from sharing sensitive content outside the organization network.

A data breach occurs when a cyber intruder penetrates the security system of an organization and accesses sensitive information.

A workflow action step that sends a message to the approver, asking to either approve or reject the user's action (approval step), or decide between several options (decision step). The workflow branches out according to the approver's decision.

An approach that integrates security from the beginning of the development cycle, in order to create rapid, agile workflows that shorten the development cycle while yielding high-quality software.

A network of computers and devices that are controlled by one set authority, and labeled with a domain name. DoControl categorizes these domain types: Internal - Domains managed by your organization. External - Domains with external users who have access to assets in your organization, such as free email providers or external company emails. By default, external domains are not considered trusted. Trusted - A subset of internal and external domains considered safe for sharing.

DoControl’s default email format can be customized with your company brand, and used in workflows for all Approval, Decision, and Notify email actions.

A real-time user action in an integrated SaaS app. User actions include creating, viewing, editing, downloading, uploading, sharing a file, and more. An event can trigger a specific DoControl alert, or a defined workflow.

A user outside the organization who has access to a company asset. DoControl can remove the sharing permissions of external collaborators from an asset, without affecting the access of internal collaborators or asset owners.

A workflow action step that controls the execution flow based on input from conditional actions, and creates different paths in your workflow: Conditional - Define a logic with two subsequent true and false actions. Array filter - Create a subset with all elements that meet a defined condition. If no elements pass the condition, an empty array is returned. End workflow - End the workflow execution with success or failure status.

General Data Protection Regulation (GDPR) is a set of governing rules in Europe that enables consumers to control their personal information. It prescribes specific guidelines for how businesses can handle consumer data, and includes severe fines for organizations that don’t comply.

A set of internal or external users either imported from your organization’s integrated SaaS apps, or created in DoControl.

An identity provider (IdP) is an entity that manages user identities and issues credentials.

Your organization’s asset types and user activity across your SaaS estate. DoControl has full visibility of your SaaS inventory, including users, OAuth apps, shadow apps, assets, groups, domains and IPs, and their metadata.

DoControl provides several out-of-the-box keyword lists for scanning. These lists are customizable, and can be included or excluded when defining workflows. Encryption key file - A set of file extensions that indicate a file has been encrypted. Ransomware encryption file - Common ransomware file extensions. Private email domains - A set of private, non-corporate email domains. Sensitive keyword list - A set of words indicating PII (personally identifiable information) or company proprietary information.

Multi-factor authentication (MFA) requires at least two layers of proof of identity to ensure appropriate access for customers seeking data or use of applications.

A domain that was created for the purpose of promoting scams, phishing, spam, attacks, and frauds. By sharing assets with an infected URL, your organization's data could be exposed to ransomware, viruses, trojans, or other types of malware that compromise your network. DoControl leverages VirusTotal to determine whether a domain is malicious or not.

A workflow action step that informs a user or group of users about an event via one of these channels: email, Slack or webhook.

The Open Authorization (OAuth) protocol enables application-to- application connectivity in SaaS environments, for example, logging into a website using your Google account. If the tokens involved in the authentication process become compromised, the risk of a supply-chain based attack increases significantly.

Provides a birds-eye-view of the main exposures and security risks in your organization, so you can better understand your security posture over time, as well as trends and immediate actions required to remediate potential data loss.

Personally identifiable information (PII) is any information associated with a person’s identity and can be used to profile an individual. Examples include name, address, email address, and cell phone number. Cyber attackers seek this type of data in data breaches in order to steal identities or sell the information on the dark web. By defining DoControl workflows to scan for PII, you can prevent sharing of such information.

A workflow query action, a PII scan detects the probability that a file includes predefined labels,, such as credit card details and social insurance numbers.

An employee’s personal email, that usually originates from a free email account, such as Gmail or Yahoo. Personal sharing occurs when employees give themselves access to organizational assets and data through their personal email accounts. This opens the door to exfiltration during and even after their employment.

A predefined template that helps you create a workflow. Playbooks are displayed in categories according to event type, such as encryption key sharing and external collaborator sharing.

An unauthorized, non-business contact that usually originates from a free email account, such as gmail or yahoo, and could be an attempt to exfiltrate data. These email platforms as a rule do not require multi-factor authentication (MFA), which makes them the weak link in any chain of enterprise security solutions.

A domain that's shared with everyone, and carries the highest risk of potential data exposure.

A workflow action step that investigates the contents of inventory items, such as users, assets, groups or domains. DoControl can run these query actions: PII file scan - Scans text-based files for personally identifiable information. Regex scan - Scans text-based files for regular expression patterns and strings. Get file metadata - Returns all the metadata of a file in Google Drive. Get files by hash - Retrieves a list of Google Drive asset IDs by a matching file hash value.

On-demand remediation action that you can manually apply to your SaaS app inventory outside a workflow. You can also apply quick actions in bulk to multiple assets.

An alert that is distributed immediately after an event occurs.

Regex (regular expression) is a string or pattern sequence of symbols and characters that is searched for in documents. With the Regex scan query action, you can find customized patterns that are specific to your organization, such as customer data and sensitive company information.

A DoControl method to prevent unnecessary or potentially damaging data exposure via automated workflows or quick actions. Remediation actions are specific for each SaaS app and include: Remove public sharing - Removes public sharing from an asset, so people with a link can no longer access the asset without authentication. Remove collaborator - Removes collaborator access from an asset for one or more collaborators. When an asset exists in a parent folder, collaborator access is removed from all assets in the folder. Delete file - Deletes an asset from the specific SaaS app. Change asset owner - Changes the owner for a Google Drive asset in My Drive. Remove sharing links - Removes sharing links from an asset. Remove OAuth app - Removes an OAuth app from Azure Active Directory. Change recording visibility - Changes the sharing status of a Zoom recording from public to internal or non-shareable.

The potential damage or data loss that might occur as a result of the triggered event.

Security assertion markup language (SAML) is a standardized way to authenticate a user's identity for external applications and services. When logging into DoControl, you can choose any identity provider that supports SAML 2.0.

A security information and event management (SIEM) solution can display consolidated DoControl alerts in its collection board after configuring a connector.

Single sign-on (SSO) allows users to login to multiple applications and services with a single authentication.

SaaS security posture management (SSPM) is a suite of solutions that automate security for SaaS applications. SSPM discovers, protects, and monitors third-party SaaS applications and platforms.

Software as a service (SaaS) is a usage model where software is hosted in the cloud by a third party and accessed on demand via subscription.

A collaborative approach that combines security and IT teams to eliminate silos and fortify cross-functional workflows, resulting in more secure platforms and computing environments.

An API key that’s stored with AWS Key Management Service (KMS). You can create secret keys to safely use in HTTP action workflows.

Classified or confidential information, including PII, that must be protected to mitigate damage to companies or individuals. With the recent rise in data breaches, government regulations mandate that companies are accountable for safeguarding sensitive data. DoControl can detect sensitive data via keyword lists in automated workflows.

Software, applications, devices, and other technologies that are deployed without the knowledge or authorization of the IT team. DoControl’s Shadow App module performs discovery, control, and automated remediation for shadow app risks.

Recipient of an asset. A target can be one of these types: Internal - If the target is part of the organization. External - If the target is outside the organization. Public - If the asset was publicly shared. Download - If the asset was downloaded.

A SaaS event, alert, or quick action that initiated a workflow into motion.

A single SaaS event or multiple events that trigger each alert or workflow in DoControl.

An IP range that indicates a legitimate network. IPs outside this range are considered to be non-trusted. DoControl manages trusted organization IPs in CIDR format.

All internal and external individuals who can access, share, and manipulate data stored in your organization’s integrated SaaS apps.

A workflow action step that sends HTTP requests using API keys to other systems. You can integrate DoControl with popular apps, such as Jira, Datadog, and VirusTotal using predefined HTTP request actions for specific use cases.

A timeout action to be used with a subsequent action in a workflow. For example, when a file is shared with an external user, wait 30 days and then remove sharing.

Enables you to send real-time notifications to other apps in your organization, whenever a specific event happens as defined in a workflow. Having information in real time is essential to addressing the security and compliance requirements of your organization.

An automated process that monitors, controls and remediates data access in your SaaS applications, based on your organization's security policies. DoControl workflows are flexible and granular enough to detect almost any malicious or anomalous behavior a user is doing in a specific app.

A security policy that assumes any device or user could be malicious and requires proper authentication before allowing access to data or services.