DoControl Launches Open Authorization (OAuth) Applications Governance and Remediation Capabilities
DoControl, the automated Software as a Service (SaaS) security company, announced the launch of its OAuth governance and remediation capabilities, providing customers with OAuth application inventory, real-time activity event correlation, and automated remediation. This covers OAuth applications installed by any user across Google Workspace, Microsoft Office 365, GitHub, and many others. OAuth application installation and activity events are streamlined through the DoControl No-Code SaaS Security Workflows Engine to mitigate ongoing risk automatically.
It is a normal business practice for SaaS users to install 3rd party OAuth applications to improve productivity. Programmatic access is ultimately granted to SaaS-hosted company data, increasing the organization’s attack surface. As a result, OAuth applications have become a primary target for attackers. Similarly, with data sharing via human users, OAuth tokens provide an open channel to an organization’s data, which requires security controls to be applied to the emerging threat of non-human or machine identities. This was made evident by the recent GitHub data breach.
Recommended AI News: AB Tasty and Mixpanel Announce Two New Integrations to Accelerate Digital Product Innovation
“The capabilities announced today help our customers address additional mission-critical use cases to include human and non-human access to SaaS hosted data,” said Adam Gavish, CEO and Co-Founder of DoControl. “Combining OAuth governance with our No-Code Security Workflows enables security teams to mitigate risk consistently, with the level of customization they require to effectively balance security with business enablement.”
A recent study found that 98% of companies reported that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships and machine identities. Further, 84% of respondents said their organization had experienced an identity-related breach in the last year. With OAuth visibility, DoControl can surface the potential risk third-party, unsanctioned applications might expose, such as extensive or unused permissions, listed vs. unlisted applications, as well as the use of invalid or compromised tokens.
DoControl keeps an up-to-date inventory of all OAuth applications with detailed information, including permissions levels, installing users, marketplace verifications, and more. All OAuth application activity is streamlined to DoControl’s Security Workflows Engine with granular, pre-defined playbooks enabled with single-click remediation. Security teams can now establish granular workflows that provide on-demand remediation in near real-time to perform functions such as the automatic removal of specific applications or tokens that present high levels of risk.
Recommended AI News: Darktrace Adds Early Warning System to Antigena Email
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.