Tech

DoControl raises $30M for no-code security tools for cloud app log-ins – TechCrunch

According to a recent study, cloud security is one of the big drivers of companies investing in IT this year Report by Gartnerwhich estimates that in 2022 a total of around 4.4 trillion US dollars will be spent on IT. A startup called today DoControlwhich is developing so-called “no-code” solutions for part of this security suite — securing logins across cloud apps — announces $30 million in funding for the expansion.

Funding comes in the form of a Series B round of funding led by Insight Partners, with participation from other unidentified past backers. DoControl, which is headquartered in New York and also has R&D activities in Israel, came out of the stealth last year and its list of investors also includes RTP Global, StageOne Ventures, Cardumen Capital and security firm CrowdStrike, which is both a financial and strategic backer and with DoControl works together in its own company and the integration into its own platform.

The problem DoControl addresses is one that has grown with the way businesses operate today. As more and more companies move their IT activities to cloud environments, cCollaboration doesn’t just happen between people in the same organization; More and more people share documents and data across different companies.

That’s great, but problems arise when people change roles or leave organizations or move projects and those who have attached to documents don’t update sharing access to the data in those shared apps and documents. It’s not that it’s not possible for an organization to revoke access, but many applications have sharing enabled on a per-user basis and that means it needs to be disabled on a per-user basis as well, but because we’re busy and distracted , Not often.

“So even if you delete a user from the broader system, that information can still be shared,” said Adam Gavish, DoControl CEO. “For example, if I start a document on Google and then share it with a contributor, we’ve found that no one ever goes back to the document and revokes sharing permission. You don’t remember what you shared, you don’t have the context, and it’s done and buried in multiple ecosystems. ”

Gavish saw this problem firsthand: he worked on privacy and security at Google Cloud before founding DoControl. It was there that he first began to identify the problem, but struggled to get people to build something to address it. “They had other priorities,” he said.

However, things change quickly with security breaches like Octa Focusing on the fact that even zero-trust network and app authentication may not always be enough to protect data.

DoControl’s solution is based on the idea of ​​adding a zero-trust security principle to data access, similar to the zero-trust approach that many vendors have developed around network or app access that requires users to sign in to to use apps.

“We’re not reinventing the wheel,” jokes Gavish. But they’re building, perhaps more accurately, a wheel that’s better fit for purpose, to work with the specific vehicle that people drive today. Users are authenticated, but even if they leave an organization or change roles and then try to use the same documents, they can be seen, flagged and stopped if necessary. The system is also set up to monitor and stop when users – current and previous, with access yet to be revoked – are also moving data in and out of apps, which is particularly important when personal data is involved.

Today, DoControl offers integrations with what Gavish calls the “Top 15 Cloud App Platforms” including Google and Microsoft Apps (including GitHub), Jira, and Salesforce (including Slack).

Although an API is now available to integrate DoControl with a broader security authentication framework, some funding will be used to build a more powerful API aimed at security developers who can then build integrations with whatever other apps an organization uses , which DoControl may not already use by default support. Currently, when these use cases occur, end users must ask DoControl to build these integrations themselves.

“Every modern business faces the risk of uncontrollable SaaS data access, where sensitive company, employee and customer data is stored in common enterprise applications. DoControl provides a rare combination of asset management, security automation and remediation that eliminates the risk of being compromised through a lack of SaaS privacy capabilities,” said Stephen Ward, MD at Insight Partners, in a statement. “In my time as a CISO, I have recognized the importance of technology that addresses these issues quickly and effectively, and as such we are proud to partner with DoControl as they continue to grow.”

Gavish, who co-founded DoControl with Omri Weinberg (CRO) and Liel Ran (CTO), described CrowdStrike not just as an investor but as a “paying customer”.

“When [CrowdStrike] If we see malware on the endpoint, we can find and remove the login,” he said, adding that CrowdStrike’s turning to a third party like DoControl to do this work is “a testament to how hard it all is.” Netskope and BetterCloud are among the competitors that are also developing tools to address the same problem as DoControl, which is another reason to invest in more tools to integrate DoControl into more environments. Another partnership with Datadog to open incident reports directly after user login detection is also in the works.

DoControl raises $30M for no-code security tools for cloud app log-ins – TechCrunch Source link DoControl raises $30M for no-code security tools for cloud app log-ins – TechCrunch

Related Articles

Back to top button