DoControl, an automated software-as-a-service (SaaS) security company, launched its OAuth governance and remediation capabilities, providing customers with OAuth application inventory, real-time activity event correlation and automated remediation.
This covers OAuth applications installed by any user across Google Workspace, Microsoft Office 365, GitHub, and others. OAuth application installation and activity events are streamlined through the DoControl No-Code SaaS Security Workflows Engine to mitigate risk automatically.
It is normal for SaaS users to install third-party OAuth applications to improve productivity. Programmatic access ultimately is granted to SaaS-hosted company data, increasing the organization’s attack surface. As a result, OAuth applications have become a primary target for attackers.
Similarly, with data sharing via human users, OAuth tokens provide an open channel to an organization’s data, which requires security controls to be applied to the emerging threat of non-human or machine identities.
“The capabilities help our customers address additional mission-critical use cases to include human and non-human access to SaaS-hosted data,” said Adam Gavish, CEO and co-founder of DoControl. “Combining OAuth governance with our No-Code Security Workflows enables security teams to mitigate risk consistently, with the level of customization they require to effectively balance security with business enablement.”
With OAuth visibility, DoControl can surface the potential risk third-party, unsanctioned applications might expose, such as extensive or unused permissions, listed vs. unlisted applications, as well as the use of invalid or compromised tokens.
DoControl keeps an up-to-date inventory of all OAuth applications with detailed information, including permissions levels, installing users, marketplace verifications and more. All OAuth application activity is streamlined to DoControl’s Security Workflows Engine with granular, pre-defined playbooks enabled with single-click remediation.
Security teams can establish granular workflows that provide on-demand remediation in near real-time to perform functions such as the automatic removal of specific applications or tokens that present high levels of risk.
To learn more, visit the DoControl website, or request a demo.