DoControl: Automating SaaS Data Security Policy Enforcement

News
New York-based DoControl offers an automated way to monitor and remediate security vulnerabilities in major software-as-a-service applications. It provides a way to centralize enforcement of least privilege and expand zero trust principles to the SaaS data layer.

Way back when, a nightly public service announcement on TV intoned, “It’s 10 p.m., do you know where your children are?”

Today, the question might be asked about the vulnerabilities present in your company’s SaaS applications. And the answer might be equally eye-opening.

New York-based DoControl offers an automated way to monitor and remediate security vulnerabilities in major software-as-a-service applications. It provides a way to centralize enforcement of least privilege and expand zero trust principles to the SaaS data layer.

“We help [organizations] understand first of all, how much data they have stored in SaaS applications like Google Drive, Microsoft SharePoint, Slack, GitHub and so on, said CEO Adam Gavish.

“And then how the data is exposed internally and externally. It could be across different departments — finance, engineering — could be to vendors they don’t work with anymore, personal accounts by former employees and so on. We quantify the technical debt so they can visualize and explain it internally to leaders and most importantly remediate that exposure, fix it.”

Any number of people, including employees and vendors or partners, might have access to a Google Doc — your company’s client list or sales figures, for instance. And who goes back later to remove that access when an employee leaves or a partnership ends?

Visibility Plus Remediation

Applications are connected to the DoControl platform through a secure OAuth flow that allows DoControl access to the metadata and change logs of each system in near real time.

The platform creates a central inventory of both sanctioned and unsanctioned SaaS applications, users, external vendors, partners and others who have access. It can determine whether multifactor authentication is enabled with each application and offers continuous monitoring of data access to address the risk of both internal and external misuse of data.

“The first thing that we do in a demo is plug in their apps, and we show them. We say, “OK, look, you’ve got just in Google Drive, for example, 200,000 documents or PowerPoints or whatever, and did you know that 10% of them have a link that anybody can access on the internet?” explained Sam Adler, DoControl vice president of marketing.

He calls that a lightbulb moment for many companies.

Read the Full Article
Get updates to your inbox
Our latest tips, insights, and news
DoControl - SaaS data access control - Linkedin logoDoControl - SaaS data access control - Twitter logo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Our latest tips, insights, and news
Get updates to your inbox