min read
Jun 18, 2021

Automated Security Workflows for SaaS Applications

In our two previous blog posts in this series, we explored SaaS Asset Management and Continuous Monitoring, two of the three pillars of the DoControl SaaS Security platform. Today’s post covers no-code Automated Security Workflows, the critical capability that enables Security / IT teams to control SaaS data access across thousands of employees, tens of thousands of external collaborators, and hundreds of thousands or even millions of assets created and/or stored in an enterprise’s array of business-critical SaaS applications. 

As we’ve previously discussed, SaaS applications can leave organizations far more exposed to potential data exfiltration than they realize. The threats come from a range of sources that may allow leakage, and the first step in preventing exfiltration is to create an inventory of all those sources. We detailed that process in the first post in this series, SaaS Management: The First Step in Protecting Your Organization.

Next we considered the second step in securing corporate data in SaaS applications through Continuous Monitoring of SaaS Applications – that is, understanding from minute to minute who’s accessing data through the apps, where’s the data moving to, whether the internal and external collaborators who have access to the data have a legitimate need for it, and related issues. Now comes the third and final step of the process: Applying automated security workflows to guard against the myriad ways that data security may be breached.

 

Why Automated Security Workflows Are Needed

Let’s step back for a minute and appreciate how difficult it is to address this problem on an ad hoc or manual basis and why we need centralization and automation to successfully protect the organization against harm. As enterprises leverage more cloud resources and services, automation has become an absolutely essential aspect to managing security operations at scale across the entire enterprise technology stack. CISOs, CIOs and COOs who understand the magnitude of maintaining security across all of IT operations in the face of an explosion in ransomware and other malware attacks know that automation is the only way that Security / IT teams can keep abreast of the growing threat with their comparatively limited resources.

This is especially relevant in the rapidly growing SaaS application ecosystem. There are simply far too many actions involving far too many people to expect your security operations teams to be able to safeguard corporate data and assets residing in applications without a SaaS workflow automation designed to establish and enforce consistent data access policies. For Security / IT teams to keep vigilant on all the possible areas of exposure and avenues to exfiltration just by receiving alerts and manually responding to them would be too much.

Instead, we need to apply security policies consistently across all SaaS applications and rely on automated enforcement to prevent unwarranted data access and address anomalous data sharing incidents in real time. Again, these policies have to be applied across all the SaaS applications, not just the ones that might have recently caused a problem, because it’s impossible to predict where the next vulnerability might be exploited. And if your organization is of even a moderate size, you’ll need to be able to create and deploy a multitude of policies so you can properly scale your SaaS security operations.

 

What Policies Should Be Part of the Automated Security Workflow?

In DoControl, we’ve created an assortment of policy templates that make it easy (and code-free!) to be both proactive in guarding against potential breaches and reactive in quickly identifying pre-existing threats and taking action to remediate them. We’re constantly expanding this list, but here are some of the major categories and types of policies available within our suite of templates:

Offboarding Users

As we’ve described, organizations often leave themselves vulnerable when they allow ongoing data access for people or organizations who should no longer have it. Say, for example, you know an employee is leaving your company at the end of the month. Rather than forcing someone to remember to shut off that employee’s access when the time comes as well as cleaning up all the sharing they might have done during their employment, DoControl can shut down that employee’s access to all assets upon termination, change the ownership of those data assets, and can remediate access to data they shared externally. Similarly, you can offboard external users or external vendor companies that are no longer business partners with your organization so that they no longer have access to data.

Security Incidents

At the opposite end of the timing spectrum are security incidents that need a quick response. DoControl templates can create instant lockdowns when getting security notifications from SOAR platforms, shutting off access to assets or by certain users, domains or apps. Additional security templates can be used for less urgent actions, such as shutting off the sharing of certain encryption keys at a specified date.

Permissions and Asset Management

These templates provide broad, highly customizable policies that control access to specific assets.For example, you may want to no longer allow external users access or you may want to change who in your organization controls access to an asset for an increased data security access control.

External and Public Sharing

More granular are policy templates that allow temporary external or public sharing, deny external or public sharing, or require approval for external or public sharing. These can be set up for time periods (an asset is accessible for 30 days, for example) or for specific assets (financial data is never shared externally, for example), or for particular business units. 

Making Centralized Administration a Snap

It’s one thing to have an assortment of policies, but it’s another to implement them. The intuitive, no-code workflows of the DoControl platform allow our customers to enforce robust security policies across all SaaS applications, some of which are not available natively in the individual app. Our Slack/Teams bot proactively engages end-users on behalf of your SecOps and IT departments to identify and mitigate outdated or irrelevant data access in real time.

With enterprise tech stacks, cloud dependencies and security perimeters getting more convoluted each month, we are firmly in the age of security automation. DoControl understands the magnitude of the challenges facing Security / IT teams and is bringing its wealth of enterprise security expertise to bear on the swiftly burgeoning SaaS application ecosystem. 

Now that you see how thoroughly DoControl has addressed these issues, perhaps it’s time to get in touch with us so we can discuss how we can help your organization. We look forward to hearing from you.

Adam Gavish is the Co-Founder and Chief Executive Officer of DoControl. Adam brings 15  years of experience in product management, software engineering, and network security. Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy of Security & Privacy products serving Fortune 500 customers. Before Google, Adam was a Senior Technical Product Manager at Amazon, where he launched customer-obsessed products improving the payment experience for 300M customers globally. Before Amazon, Adam was a Software Engineer in two successfully acquired startups, eXelate for $200M and Skyfence for $60M.

Adam is a lifetime information geek, breaking down business and technical problems into components to generate long-term learning. He loves running outdoors, playing with LEGOs with his son, and watching a good movie with his wife.

Adam holds a B.S. in Computer Science from the Academic College of Tel-Aviv Yafo and an MBA from the Johnson Graduate School of Management at Cornell University.

Get updates to your inbox

Our latest tips, insights, and news