Protect Your Google Workspace: Free SaaS Risk Assessment

Understanding the depth of cybersecurity risks within your organization is the first step to safeguarding your valuable data. At DoControl, we provide comprehensive visibility, threat detection, and remediation for your SaaS environments.

To help you take control of your Google Workspace security, we are offering a FREE SaaS Risk Assessment. This assessment will provide critical insights into your SaaS data exposure and help you identify potential vulnerabilities, all within just 5 business days.

View Preview of Risk Assessment

Here’s what our assessment will uncover:

  • Number of external organizations with access to your assets.
  • Number of former employees who can access your data.
  • Number of assets shared with external users.
  • The third-party applications are connected to your workspace and a risk analysis  of each application.
  • Employees are at the highest risk of exposing corporate data.
  • Confidential data that is publicly shared and accessible by anyone.

Why is this important? With the rise of SaaS applications like Google Workspace, data exposure risks have significantly increased. Unauthorized data sharing and over-permission of third-party applications can lead to data loss, insider threats, and exfiltration of sensitive data.

A screen shot of a dashboard with data.

How does the assessment work?

  • Quick Setup: A 30-minute session to connect DoControl to your Google Workspace.
  • In-depth Analysis: Our advanced tools will analyze your data and permissions.
  • Comprehensive Report: Within 5 business days, receive a detailed report outlining your Google Workspace’s data risks.

What can I do with the assessment?

  • Understand how much sensitive data you have and how it’s exposed
  • Identify low-risk high-impact remediation paths (i.e remove inactive public/external sharing)
  • Understand what groups, departments, and individuals pose more risk to your company
  • Remove irrelevant data access to 3rd parties you don’t work with anymore
  • Remove inactive, risky, and non-approved OAuth tokens

Why DoControl?

Our event-based architecture ensures an accurate and up-to-date inventory of your SaaS data, coupled with real-time threat detection. We provide a risk-based approach to security, minimizing false positives and alert fatigue. Our automated workflows allow for efficient and granular policy enforcement without impacting productivity.

Proven Customer Success Stories:

Remediated over 600K files, saving 3,000 hours and achieving an ROI of 700%

Reduced public sharing by 90% in two months, saving 2500 hours,  resulting in an 850% ROI

Remediated over 36K files with a 540% ROI

Protected sensitive data with over 1M files remediated and had an 852% ROI

DoControl Risk Assessment FAQ

What Google Workspace API permissions does DoControl need to run the assessment?
DoControl requires both OAuth tokens and Service Account Domain Wide Delegation to read activity events, file permissions, user info, groups, labels, etc., across My Drive and Shared Drive. You can delete DoControl’s permissions anytime self-service. Onboarding documentation will be provided. 
Will you read my data on Google Workspace?
By default, DoControl doesn't scan the content of your data. DoControl reads metadata around users, directories, activity events, file permissions, OAuth tokens, etc. Permissions documentation will be provided.
What risk assessment report will I receive?
We will provide a comprehensive risk assessment report covering top threat models, with quantified insights across risky users, data exposures, third-party user/domain exposure, and more. The report format is a business-friendly presentation where you can communicate internally with relevant stakeholders. We would be happy to report on custom data point requests. 
How secure is the DoControl platform?
DoControl maintains a mature security and compliance program that includes SOC2 type II, ISO 27001, Penetration Testing, BugCrowd bug bounty, and more. Security and compliance documentation will be provided.
Will you delete my data after the risk assessment?
All metadata is deleted following the assessment. 
Can’t I get the same information from the Google Workspace Enterprise Admin console?
Yes and no. The Google Workspace Enterprise Admin console does provide basic visibility on users, high-level sharing trends, and a list of installed OAuth tokens. DoControl enriches these objects, files, permissions, third-party collaborators, domains, groups, and more to build out a proprietary SaaS Unified Data Layer. From there, DoControl provides security risk breakdowns that are not available for Google Enterprise customers otherwise, across risky identities, data exposures, risky OAuth tokens, inactive collaborators/permissions, and much more. 
Do you support large Google Workspace environments?
DoControl customers include some of Google Workspace's largest customers worldwide, with tens of thousands of users collaborating on petabytes of data.
Are the risk assessment findings actionable and fixable without DoControl? With DoControl?
The risk assessment findings are tied directly to DoControl's proprietary detection, response, and remediation capabilities, including bulk remediation to millions of permissions simultaneously. Testing DoControl’s full functionality can be done on a proof of value engagement.
I have a CASB solution in place; how is this different?
DoControl can solve many of the problems that CASBs were designed to solve, but we are bringing real innovation to the problem of SaaS security. CASBs fell short in the long delays - minutes to hours and sometimes days - to respond to the constant changes in SaaS data landscapes and their inflexible and business context-unaware remediation options. DoControl brings a unique approach, which we call Push API, to the problem of SaaS data security.  DoControl enables real-time responses to risky behavior or actions that made traditional Pull API-based CASB obsolete while also being able to prevent loss of data created and shared in the cloud, which proxy-based SASE or SSE solutions cannot protect. Furthermore, our customizable workflows allow for proportional responses to risky events because we understand the business context, proactive user education, and engagement of multiple parties and tools to understand the overall risk and behavior patterns.
I have a DLP solution in place; how is this different?
 For SaaS, traditional DLP is only part of a solution. You already know that you have sensitive assets in your SaaS applications; tools like Microsoft 365, Salesforce, ServiceNow, etc., are too mission-critical not to have important data. Traditional DLP approaches need to be revised in understanding the data perimeter - not only giving visibility to the current level of access different users and groups have to your data but, more importantly, being able to address the constant changing of access in SaaS dynamically. DoControl’s Push API technology allows for real-time response to the constantly changing, dynamic data environment of SaaS, and the DoControl automated workflow engine allows for immediate response and remediation of risky behaviors in SaaS. Furthermore, DoControl can evaluate the important context of data movement. It’s a very different risk profile if an employee sharing data is leaving the organization or the person the data is shared with is a known contractor versus a random G-mail account. In SaaS security, context matters as much as content, and DoControl understands the context of your data movement in SaaS. 
Do you support Google Labels? 
Yes. DoControl reads all Google Labels (DLP, Manual, Vault, AI, etc.) across all files in My Drive and Shared Drive to enrich its file inventory and correlate with external/public sharing, last view, file owners, third-party collaborators, and activity events. To learn more, please read our blog about DoControl and Google Labels.
I have Google DLP enabled; how is this different?
While Google DLP classifies all Google Drive files against compliance frameworks and custom keywords, DoControl provides identity, data, and OAuth threat detection, response, and remediation capabilities. While Google DLP policies are basic, DoControl Workflows are contextual, engaged with end-users, and remediating in multiple ways. 
Do you support Google Groups? IDP Groups? 
DoControl reads and automatically refreshes groups from Google Workspace, Okta, Microsoft Entra ID, and departments from Workday, BambooHR, Hibob, and SAP Success Factors.