Glossary

Two-factor authentication (2FA) requires a user to prove their identity in two different ways before accessing an account. For example, a password used together with a code sent to your phone.

An application developed by a business that is not the same manufacturer as the device on which the app is used. For example, a meeting app such as Zoom used on a mobile phone.

DoControl exposes an application programming interface (API) enabling you to interact and retrieve data from your integrated apps programmatically. The API is based on the GraphQL query language.

A programmable method to define or restrict user access. Generated by an API, an access key can be defined by role or other parameters to ensure that allowed access is situation-specific and legitimate.

DoControl steps you can use when defining your workflows: Wait - A timeout action to be used with a subsequent action. Notify - Inform a user or group of users about an event. Decide - Send a message to the approver, asking to either approve or reject the user's action, or decide between several options. The workflow branches out according to the approver's decision. Flow control - Control the flow of execution based on input from conditional actions, and create different paths in your workflow. Remediate - Implement SaaS-specific actions to mitigate potentially damaging data exposure or reduce risk. Query - Investigate the contents of inventory items, such as users, assets, groups or domains. Utilities - Implement an outgoing action to send HTTP requests using API keys to other systems.

A Microsoft application, Active Directory serves as a gatekeeper to ensure users are matched with the correct level of access permissions appropriate for their defined profiles.

A user who triggered the event that generated the alert. Actors can be internal (within your organization) or external (outside your organization).

A calculated alert that is distributed after a user performs multiple actions, such as sending numerous assets to a personal Gmail account, or publicly sharing large quantities of assets.

Automatic notification that is generated after a triggering event occurs. This event can indicate anomalous user behavior across one of your organization’s SaaS apps.

Type of alert based on the event that triggered it. Alert categories include: External sharing - These alert types indicate excess permission privileges that were granted to external users outside your organization. Public sharing - These alerts indicate company assets that were publicly shared; for example, a Google Drive asset becoming public. Downloading assets - These alerts indicate an anomalous number of file downloads over a short period of time; for example, an internal user who is about to be terminated downloads assets. SSPM - These alert types indicate security risks in SaaS applications; for example, if a user disables the organization’s MFA requirement. Malicious domain - These alerts indicate assets that were shared with or by a suspicious or malicious domain. Leaving employee - These alerts are triggered for terminated or leaving employees.

An indication of how risky the alerted event is. This parameter is fully customizable. Severity levels include: Low - Unusual user activity, such as accessing inactive files or when a user shares files extensively. Medium - Anomalous user activity considered to be risky, such as allocating public access to assets. High - The highest severity level. Anomalous user activity that's considered highly risky, such as sharing sensitive files externally or with private emails.

Stage of the alert in the investigation process, such as new, in progress, suppressed, or resolved.

A workflow that is triggered by a specific alert in order to close the remediation loop faster and ensure better risk coverage.

Not all third-party apps are safe as they may contain vulnerabilities or malicious code that can lead to data breaches.

File or recording on your organization's SaaS platform.

A detailed record describing tasks performed by DoControl. The audit log is auto-generated for every executed workflow action.

A quick action that’s applied to multiple assets or users. Bulk actions help to expedite the remediation process when multiple assets are affected.

A cloud access security broker (CASB) is a service that is positioned between cloud services users, providers, and devices. It aims to enforce security measures based on a set of policies. Due to the way it operates, a CASB cannot offer comprehensive cybersecurity measures for more complex third party applications.

Cloud security posture management (CSPM) focuses on securing the posture management of the assets and resources that comprise cloud infrastructure.

An alert that is processed after multiple events occur, as in the case of aggregated alerts.

Yes, a third-party app can steal data if it is designed to do so or if it contains vulnerabilities that can be exploited by attackers.

A subset of an event that triggers a workflow. A condition can include an input value, a comparator, and an input value to check against.

DoControl scans on-demand any content in Google Drive by leveraging search terms across Google APIs. An example of a content scan is a list of keywords containing financial details, or a GDPR request with names or emails to be forgotten. Scanned data is not persistent, and DoControl doesn’t store any data.

Data loss prevention (DLP) includes processes, policies, and software to keep data safe from unauthorized access, destruction, and theft. It also applies to preventing employees from sharing sensitive content outside the organization network.

A data breach occurs when a cyber intruder penetrates the security system of an organization and accesses sensitive information.

A workflow action step that sends a message to the approver, asking to either approve or reject the user's action (approval step), or decide between several options (decision step). The workflow branches out according to the approver's decision.

An approach that integrates security from the beginning of the development cycle, in order to create rapid, agile workflows that shorten the development cycle while yielding high-quality software.

CASB can provide DLP capabilities as one of its features, but not all CASBs necessarily include DLP functionality.

A network of computers and devices that are controlled by one set authority, and labeled with a domain name. DoControl categorizes these domain types: Internal - Domains managed by your organization. External - Domains with external users who have access to assets in your organization, such as free email providers or external company emails. By default, external domains are not considered trusted. Trusted - A subset of internal and external domains considered safe for sharing.

DoControl’s default email format can be customized with your company brand, and used in workflows for all Approval, Decision, and Notify email actions.

A real-time user action in an integrated SaaS app. User actions include creating, viewing, editing, downloading, uploading, sharing a file, and more. An event can trigger a specific DoControl alert, or a defined workflow.

A user outside the organization who has access to a company asset. DoControl can remove the sharing permissions of external collaborators from an asset, without affecting the access of internal collaborators or asset owners.

A workflow action step that controls the execution flow based on input from conditional actions, and creates different paths in your workflow: Conditional - Define a logic with two subsequent true and false actions. Array filter - Create a subset with all elements that meet a defined condition. If no elements pass the condition, an empty array is returned. End workflow - End the workflow execution with success or failure status.

General Data Protection Regulation (GDPR) is a set of governing rules in Europe that enables consumers to control their personal information. It prescribes specific guidelines for how businesses can handle consumer data, and includes severe fines for organizations that don’t comply.

A set of internal or external users either imported from your organization’s integrated SaaS apps, or created in DoControl.

To secure a SaaS application, organizations can implement security controls such as access controls, encryption, and data loss prevention.

To assess a SaaS vendor, organizations can use a risk-based approach that includes evaluating the vendor's security controls, certifications, and compliance with regulations.

To ensure security in SaaS, organizations can implement security best practices such as using strong passwords, enabling two-factor authentication, and monitoring user activity.

To manage SaaS security, organizations can implement security controls, monitor user activity, and conduct regular risk assessments.

Managing insider risk involves implementing policies and procedures to prevent threats, monitoring employee behavior, and providing regular training and awareness programs.

Risk mitigation for insider threat includes implementing access controls, monitoring employee behavior, and having an incident response plan in place.

To secure SaaS solutions, organizations can use security controls such as encryption, access controls, and data loss prevention.

CASB works by intercepting traffic between an organization's on-premises infrastructure and cloud-based applications, and applying security policies and controls to protect data and systems.

Third-party authentication works by allowing users to log in to an application using their credentials from a third-party identity provider, which authenticates the user and sends a token to the application.

To secure data in SaaS, organizations can implement data protection measures such as encryption, access controls, and data loss prevention.

An identity provider (IdP) is an entity that manages user identities and issues credentials.

Your organization’s asset types and user activity across your SaaS estate. DoControl has full visibility of your SaaS inventory, including users, OAuth apps, shadow apps, assets, groups, domains and IPs, and their metadata.

CASB solutions can used in SaaS, but also be used for other cloud services such as IaaS and PaaS. CASB technologies provide a wide range of pros and cons.

CASB and DLP are not the same. CASB is a broader security solution for cloud services, while DLP specifically focuses on preventing the unauthorized disclosure of sensitive data.

SASE (Secure Access Service Edge) is a broader security framework that includes CASB as one of its components.

While some aspects of DLP may become outdated, the need for data loss prevention is likely to continue as long as sensitive data exists.

SOC 2 compliance is not legally required for SaaS companies. It is up to each company to assess their individual needs and determine if SOC 2 compliance is necessary to meet customer and regulatory requirements.

SOC 2 compliance is not required for SaaS companies, but it can provide assurance to customers and partners that the company has strong security controls in place.

Data access controls are security measures designed to limit access to SaaS data based on user roles, permissions, and other factors.

DoControl provides several out-of-the-box keyword lists for scanning. These lists are customizable, and can be included or excluded when defining workflows. Encryption key file - A set of file extensions that indicate a file has been encrypted. Ransomware encryption file - Common ransomware file extensions. Private email domains - A set of private, non-corporate email domains. Sensitive keyword list - A set of words indicating PII (personally identifiable information) or company proprietary information.

Multi-factor authentication (MFA) requires at least two layers of proof of identity to ensure appropriate access for customers seeking data or use of applications.

A domain that was created for the purpose of promoting scams, phishing, spam, attacks, and frauds. By sharing assets with an infected URL, your organization's data could be exposed to ransomware, viruses, trojans, or other types of malware that compromise your network. DoControl leverages VirusTotal to determine whether a domain is malicious or not.

A workflow action step that informs a user or group of users about an event via one of these channels: email, Slack or webhook.

The Open Authorization (OAuth) protocol enables application-to- application connectivity in SaaS environments, for example, logging into a website using your Google account. If the tokens involved in the authentication process become compromised, the risk of a supply-chain based attack increases significantly.

Provides a birds-eye-view of the main exposures and security risks in your organization, so you can better understand your security posture over time, as well as trends and immediate actions required to remediate potential data loss.

Personally identifiable information (PII) is any information associated with a person’s identity and can be used to profile an individual. Examples include name, address, email address, and cell phone number. Cyber attackers seek this type of data in data breaches in order to steal identities or sell the information on the dark web. By defining DoControl workflows to scan for PII, you can prevent sharing of such information.

A workflow query action, a PII scan detects the probability that a file includes predefined labels,, such as credit card details and social insurance numbers.

An employee’s personal email, that usually originates from a free email account, such as Gmail or Yahoo. Personal sharing occurs when employees give themselves access to organizational assets and data through their personal email accounts. This opens the door to exfiltration during and even after their employment.

A predefined template that helps you create a workflow. Playbooks are displayed in categories according to event type, such as encryption key sharing and external collaborator sharing.

An unauthorized, non-business contact that usually originates from a free email account, such as gmail or yahoo, and could be an attempt to exfiltrate data. These email platforms as a rule do not require multi-factor authentication (MFA), which makes them the weak link in any chain of enterprise security solutions.

A domain that's shared with everyone, and carries the highest risk of potential data exposure.

A workflow action step that investigates the contents of inventory items, such as users, assets, groups or domains. DoControl can run these query actions: PII file scan - Scans text-based files for personally identifiable information. Regex scan - Scans text-based files for regular expression patterns and strings. Get file metadata - Returns all the metadata of a file in Google Drive. Get files by hash - Retrieves a list of Google Drive asset IDs by a matching file hash value.

On-demand remediation action that you can manually apply to your SaaS app inventory outside a workflow. You can also apply quick actions in bulk to multiple assets.

An alert that is distributed immediately after an event occurs.

Regex (regular expression) is a string or pattern sequence of symbols and characters that is searched for in documents. With the Regex scan query action, you can find customized patterns that are specific to your organization, such as customer data and sensitive company information.

A DoControl method to prevent unnecessary or potentially damaging data exposure via automated workflows or quick actions. Remediation actions are specific for each SaaS app and include: Remove public sharing - Removes public sharing from an asset, so people with a link can no longer access the asset without authentication. Remove collaborator - Removes collaborator access from an asset for one or more collaborators. When an asset exists in a parent folder, collaborator access is removed from all assets in the folder. Delete file - Deletes an asset from the specific SaaS app. Change asset owner - Changes the owner for a Google Drive asset in My Drive. Remove sharing links - Removes sharing links from an asset. Remove OAuth app - Removes an OAuth app from Azure Active Directory. Change recording visibility - Changes the sharing status of a Zoom recording from public to internal or non-shareable.

The potential damage or data loss that might occur as a result of the triggered event.

Security assertion markup language (SAML) is a standardized way to authenticate a user's identity for external applications and services. When logging into DoControl, you can choose any identity provider that supports SAML 2.0.

A security information and event management (SIEM) solution can display consolidated DoControl alerts in its collection board after configuring a connector.

Single sign-on (SSO) allows users to login to multiple applications and services with a single authentication.

SaaS security posture management (SSPM) is a suite of solutions that automate security for SaaS applications. SSPM discovers, protects, and monitors third-party SaaS applications and platforms.

Software as a service (SaaS) is a usage model where software is hosted in the cloud by a third party and accessed on demand via subscription.

A collaborative approach that combines security and IT teams to eliminate silos and fortify cross-functional workflows, resulting in more secure platforms and computing environments.

An API key that’s stored with AWS Key Management Service (KMS). You can create secret keys to safely use in HTTP action workflows.

Classified or confidential information, including PII, that must be protected to mitigate damage to companies or individuals. With the recent rise in data breaches, government regulations mandate that companies are accountable for safeguarding sensitive data. DoControl can detect sensitive data via keyword lists in automated workflows.

Software, applications, devices, and other technologies that are deployed without the knowledge or authorization of the IT team. DoControl’s Shadow App module performs discovery, control, and automated remediation for shadow app risks.

Recipient of an asset. A target can be one of these types: Internal - If the target is part of the organization. External - If the target is outside the organization. Public - If the asset was publicly shared. Download - If the asset was downloaded.

A SaaS event, alert, or quick action that initiated a workflow into motion.

A single SaaS event or multiple events that trigger each alert or workflow in DoControl.

An IP range that indicates a legitimate network. IPs outside this range are considered to be non-trusted. DoControl manages trusted organization IPs in CIDR format.

All internal and external individuals who can access, share, and manipulate data stored in your organization’s integrated SaaS apps.

A workflow action step that sends HTTP requests using API keys to other systems. You can integrate DoControl with popular apps, such as Jira, Datadog, and VirusTotal using predefined HTTP request actions for specific use cases.

A timeout action to be used with a subsequent action in a workflow. For example, when a file is shared with an external user, wait 30 days and then remove sharing.

Enables you to send real-time notifications to other apps in your organization, whenever a specific event happens as defined in a workflow. Having information in real time is essential to addressing the security and compliance requirements of your organization.

Shadow apps are unauthorized applications used in an organization, often without the knowledge or approval of IT administrators, which can pose security risks and lead to data breaches.

DLP tools can include software, hardware, or cloud-based solutions that monitor, detect, and prevent data breaches or data leaks.

SSPM features include real-time monitoring, threat detection, vulnerability scanning, and compliance reporting.

SaaS companies can obtain SOC 2 compliance, which is an independent audit that evaluates their security, availability, processing integrity, confidentiality, and privacy controls.

Examples of OAuth include Google Authenticator, Microsoft Authenticator, and Authy.

Examples of DLP include monitoring email traffic for sensitive information or using encryption to protect data in transit.

SaaS security categories include application security, data security, user security, and infrastructure security. Example technoligies include SaaS Security Posture Management (SSPM), SaaS Service Mesh, SaaS Management Platform (SMP), Shadow IT, SaaS DLP, and many others.

Examples of shadow IT applications include messaging apps, file-sharing services, and social media platforms used for work purposes.

Some CASB DLP use cases include detecting and preventing unauthorized data sharing in cloud applications, identifying sensitive data stored in cloud applications, and blocking downloads of sensitive data to unmanaged devices.

Some ways to reduce insider risks include implementing access controls, monitoring employee behavior, conducting background checks, and providing training and awareness programs.

The three phases of insider threat are the pre-employment phase (vetting potential employees), the employment phase (monitoring employee behavior), and the post-employment phase (managing data access for former employees).