NEW YORK, July 13, 2022 – DoControl, the automated Software as a Service (SaaS) security company, today announced the launch of its OAuth governance and remediation capabilities, providing customers with OAuth application inventory, real-time activity event correlation, and automated remediation. This covers OAuth applications installed by any user across Google Workspace, Microsoft Office 365, GitHub, and many others. OAuth application installation and activity events are streamlined through the DoControl No-Code SaaS Security Workflows Engine to mitigate ongoing risk automatically.
It is a normal business practice for SaaS users to install 3rd party OAuth applications to improve productivity. Programmatic access is ultimately granted to SaaS-hosted company data, increasing the organization’s attack surface. As a result, OAuth applications have become a primary target for attackers. Similarly, with data sharing via human users, OAuth tokens provide an open channel to an organization’s data, which requires security controls to be applied to the emerging threat of non-human or machine identities. This was made evident by the recent GitHub data breach.
“The capabilities announced today help our customers address additional mission-critical use cases to include human and non-human access to SaaS hosted data,” said Adam Gavish, CEO and Co-Founder of DoControl. “Combining OAuth governance with our No-Code Security Workflows enables security teams to mitigate risk consistently, with the level of customization they require to effectively balance security with business enablement.”
A recent study found that 98% of companies reported that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships and machine identities. Further, 84% of respondents said their organization had experienced an identity-related breach in the last year. With OAuth visibility, DoControl can surface the potential risk third-party, unsanctioned applications might expose, such as extensive or unused permissions, listed vs. unlisted applications, as well as the use of invalid or compromised tokens.
DoControl keeps an up-to-date inventory of all OAuth applications with detailed information including permissions levels, installing users, marketplace verifications, and more. All OAuth application activity is streamlined to DoControl’s Security Workflows Engine with granular, pre-defined playbooks enabled with single-click remediation. Security teams can now establish granular workflows that provide on-demand remediation in near real-time to perform functions such as the automatic removal of specific applications or tokens that present high levels of risk.
To learn more, please visit the DoControl website, or request a demo.
Supporting DoControl Resources:
Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors Insight Partners, StageOne Ventures, Cardumen Capital, RTP Global and global cybersecurity leader CrowdStrike's early stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators. For more information, please visit www.docontrol.io. Follow us on Twitter and LinkedIn.
For Media Inquires:
Sena McGrand for DoControl
Research-based benchmarks to assess risk across critical threat model