Today marks the launch of DoControl, a platform for automated data access controls designed to improve cloud security and cost efficiency. Emerging from stealth with $13.35 million in funding, including a $10 million series A, DoControl is introducing products that provide monitoring, orchestration, and remediation across software-as-a-service (SaaS) apps like Google Drive and Box.
Enterprise SaaS adoption has never been higher. Companies use 16 SaaS apps on average, driving the global industry to an estimated $157 billion. But coinciding with this climb is a decline in app usage transparency. A recent survey of IT leaders conducted by Numerify found that 45% don’t have a complete picture of key apps and business health services, with 57% saying they lacked an overview of IT performance across projects and employees.
DoControl provides self-service tools for app monitoring, creating connections through a secure flow that allows DoControl access to the metadata and change logs of each system. The platform automatically creates an inventory of users, external collaborators, assets, third-party domains, and more, enabling visibility and analytics to be used for security investigations, third-party vendor offboarding, compliance evidence, and incident response.
DoControl was founded by Adam Gavish, Omri Weinberg, and Liel Ran. Gavis formerly led teams at Google and Amazon and is also an ex-software engineer at data management platform eXelate, which was acquired by Neilsen in 2015 for $200 million, and cloud app analysis startup Skyfence, which Forcepoint bought in 2017.
Through no-code workflows, DoControl allows for consistent enforcement across apps, some of which can’t be done natively within each app. Slack and Microsoft Teams chatbots proactively engage with users on behalf of security and IT teams, helping to identify and mitigate outdated or irrelevant information in order to mitigate data breach risk.
The pandemic spurred some enterprises to fast-track their adoption of remote work technologies, leveraging SaaS apps to enable the transition. With an uptick in the adoption of SaaS, the focus on managing and securing these apps became increasingly critical. A recent AppOmni study found that two-thirds of IT leaders have less time to oversee SaaS apps, with 68% reporting they rely solely on manual efforts to detect data exposures.
New York-based DoControl has 14 employees and competes to a degree with Productiv, which aggregates real-time engagement data and insights for apps and management. Like DoControl, Productiv’s cloud-based dashboard integrates with single sign-on tools to track login activity and extract data from various systems.
But in the short time prior to its unveiling, DoControl claims that its over 40 early customers have used the platform to share millions of files, folders, repositories, and other assets with over 10,000 external companies.
“In the next five years, digital transformation, remote work, and freelancing will not only accelerate SaaS adoption but also expose more organizations to third-party entities and generate a huge amount of unmanageable data access. As such, SaaS security will become a mandatory, standard checklist in most security programs,” Gavish told VentureBeat via email. “To win this emerging category, SaaS security vendors will have to provide an autonomous solution that not only detects issues but also remediates them automatically on behalf of the customer. This is exactly how DoControl has differentiated itself within this category, by providing fully automated policy enforcement and [a] self-service remediation path for end users that works on behalf of the security team to solve cross-functional and externally facing SaaS data access challenges.”