Unqork offers a no-code application development platform for enterprises. Their platform provides enterprise customers with cross-functional collaboration, future-proof apps and the ability to focus on innovation and value instead of security and maintenance.
Challenge
Prevent external overexposure of SaaS assets
As an enterprise platform provider, Unqork used their SaaS systems to communicate and collaborate extensively with customers. System integrations and innovations were facilitated by the seamless sharing of Google Workspace and Slack assets, often containing sensitive data or intellectual property. This extensive asset sharing, while critical for business workflow, also opened the door to superfluous asset access and risk.
Unqork searched for a solution that would shed light on the exact parameters of current and future SaaS asset exposure, including sharing and access by third parties, fourth parties and terminated employees. Equally as important as understanding risk, Unqork wanted the solution to provide a way to remediate those risks without disrupting business flow. Fortunately, they discovered DoControl.
Solution
Automated remediation with end-user involvement and just-in-time access workflows using DoControl
Unqork particularly wanted to curtail two types of risky asset exposure: sharing assets publicly and sharing assets with personal email accounts. In the Unqork SaaS environment, neither of those should be necessary for business. Yet these shares were happening, significantly compromising data security. With DoControl, Unqork was able to easily set up automated workflows to detect whenever a file is shared publicly or with a personal email account - and automatically remove those permissions.
In addition, the workflows enabled automated notification of the user who had performed the share, giving Unqork the ability to do real-time security policy education and hopefully minimize future security risks.
To take care of assets that were already overexposed by public or personal account sharing, Unqork made use of DoControl’s historical remediation ability to remove almost 10K permissions from assets at scale and with minimal time investment.
Unqork realized the potential of DoControl to enhance their SaaS security while saving even more time, and started to work with DoControl on a custom workflow using http requests for just-in-time provision of access to other SaaS apps in the Unqork ecosystem.
For Unqork, working with DoControl facilitates both risk visibility and risk reduction. It’s both the granularity with which we can see what type of data is being shared publicly, externally with organizations, individuals, third and fourth parties… and the granular workflows with which we can take care of the risks without disrupting business. Even if your organization technically has all that risk information somewhere in alerts and spreadsheets, there’s data, and then there’s intelligence. DoControl provides us with the intelligence - context-aware intelligence - on top of our data.
Daniel Wood, CISO
Results
Sharp decrease in overexposed assets and increase in workhours saved
Leveraging DoControl’s capabilities, Unqork has already achieved their vision when it comes to eliminating public and personal account sharing of SaaS assets. Publicly shared assets have been reduced by 100%; none remain publicly shared. Of the assets that were shared externally, only 60% remain with external shares: those that meet Unqork’s security policies. All of those overexposed assets were taken care of in a few clicks - instead of the 1,317 hours of work it would have taken to find and change their permissions manually!
Going forward, the DoControl workflows prevent any attempts at public or personal account shares. The automation has already been instrumental in reducing the amount of time that the Unqork information security team spends investigating alerts, triaging tickets and interacting with employees. This reduction of manual involvement benefits information security and business users alike. Unqork has found that when the users in question are executive leaders with limited time, the ability to remediate and notify without requiring user involvement provides exceptional business enablement value.