DoControl: Delivering A Unified, Automated, And Risk-Aware SaaS Security Platform In A $10 Billion Market

By Amit Chowdhry • Mar 14, 2024

DoControl is a leading SaaS Security Platform (SSP) that is modernizing CASB and DLP to secure SaaS applications. And DoControl helps organizations expose their SaaS risk surface, monitor user and OAuth app activity continuously, and automatically remediate it over time through granular, contextual, and drag-and-drop workflows. Pulse 2.0 interviewed CRO and co-founder Omri Weinberg to learn more about the company.

Omri Weinberg’s Background

Weinberg was born into a family business that his father founded 60 years ago. And Weinberg said:

“It was a low-tech business with manufacturers in the Far East involved with importing, assembly lines, and more. Ever since I can remember, I was working for the family business. Eventually, we sold the company, and I looked for my next job. I was very intrigued with online marketing and sales, and in 2007, I started working for 888.com, one of the biggest online gaming operators in the world.”

 “At 888.com, I was named the ‘Employee of the Year’ and managed a team of 10 employees within just one year in my position. During my last year, I was fascinated by technology and startups and wanted to create one myself. This is when I co-founded my first company with my friend, Amit (Getonic). Together, we built an innovative digital marketplace to sell digital goods online and process payments via SMS.”

 “My next gig was at a small ad-tech company called Matomy, which I was referred to by the same investors at Getonic. I built a sales team from scratch and grew it to almost 40 employees. Eventually, we took the company public, which prompted my move to the U.S. in 2017 as the company’s first senior executive. After over six years with Matomy, I got a call from a Venture Capitalist about a cool startup that may be a good fit, called SafeDK. I joined the management team and started to work on the business side, where we took the company from $0 to almost $3M in just under two years. As a result, the company was sold to San Francisco-based company Applovin. I stayed at Applovin for about six months before the idea of DoControl came to life in June 2020.”

Formation Of DoControl

How did the idea for the company come together? Weinberg shared:

“During my time at SafeDK, while the company was being acquired, I was involved in a lot of business-critical conversations and exposed to a lot of sensitive data. I noticed it was easy for employees to mistakenly share sensitive data with their personal emails rather than their corporate emails. There was a lack of SaaS security awareness within the company, which could be detrimental if sensitive files were leaked or obtained by cybercriminals. At the same time, my co-founder, Adam Gavish, was working on a secret project related to competing with AWS GovCloud. We found it was nearly impossible to constantly remove file permissions to third-party vendors on a manual basis. This is about the time when we figured out there was a gap in the SaaS security market that DoControl could address.”

Favorite Memory

What has been Weinberg’s favorite memory working for the company so far? Weinberg reflected:

“There are two favorite memories that I recall working for DoControl so far. The first was in June 2020 when I was sitting on a bench on a lake in North Carolina and heard that we were receiving our first seed round of funding. My second favorite memory is when we received our first $2,000 deal in the late afternoon at our WeWork office in New York City.”

Core Products

What are the company’s core products and features? Weinberg explained:

“DoControl is revolutionizing the security of SaaS environments with a modernized approach, delivering a unified, automated, and risk-aware SaaS Security Platform (SSP). The solution optimizes data security, bolsters operational efficiency, and boosts productivity by continuously safeguarding essential SaaS applications and data through automated remediation processes.”

“It protects business-critical SaaS applications and data through full asset management (i.e. users, assets, third-party OAuth SaaS applications, groups, domains, and more), real-time monitoring and control of user activity, and both automated and self-service remediation.”

“Our primary focus is reducing risk exposure to prevent data leakage and the exfiltration of sensitive files. Many companies spend large amounts on massive, labor-intensive CASB or DLP solutions. However, CASB solutions are bound by hard-coded policies that require more time and resources to address the problem, and DLP does not support SaaS as an egress channel and provides far too many false positives. DoControl’s agent-less, contextual, and robust API-mode CASB connects to your SaaS applications and gives you complete visibility, context, and remediation paths for your corporate data so information security teams and end-users can push the business with the right guardrails in place.”

“Additionally, our Cloud DLP provides granular access controls that detect and prevent the loss, leakage, and misuse of sensitive data within business-critical SaaS applications. DoControl’s sensitive data scanning service is a natural-language processing (NLP) tool that uncovers valuable insights and connections through machine learning. Files and documents are automatically scanned throughout all structured, semi-structured, and unstructured data types. Security teams can create dynamic DLP policies through DoControl’s Security Workflows engine. The combination of DoControl Cloud DLP’s file-scanning and data access workflows enable organizations to adhere to stringent compliance and regulatory requirements.”

“We also provide foundational data access controls that help proactively secure modern businesses against insider risk. The solution identifies inappropriate end-user behavior, such as external sharing of sensitive data or file downloads by about-to-be terminated employees, and sends notifications to security teams via email or Slack. It enriches SaaS events with security and business context from EDP, IDP, and HRIS, generating accurate alerts based on context.”

“Lastly, our platform boasts a comprehensive Shadow Apps solution. Building on prior innovations that address mission-critical use cases, the module introduces shadow SaaS application discovery, monitoring, and remediation to better protect businesses from SaaS supply chain attacks. It provides complete visibility and control across all sanctioned and unsanctioned SaaS applications to close compliance gaps and remediate supply chain-based attack vectors automatically.”

Challenges Faced 

What challenges has Weinberg faced in building the company? Weinberg acknowledged:

“The biggest bottleneck in my sector of work is mostly around budget cuts. While we are on the verge of a recession and many companies are experiencing mass layoffs, businesses are spending less and are very picky about what they want to invest in. There is a big need to justify every cost. However, as more enterprises are shifting to SaaS-first business models, it is becoming increasingly crucial for businesses to invest in a comprehensive SaaS security solution to protect business-critical data. Failure to do so could result in a significant data breach, leak, or reputational damage to a brand’s image.”

Evolution Of DoControl’s Technology

How has the company’s technology evolved since launching? Weinberg noted:

“The company’s technology has evolved dramatically since our launch in 2020. We have shifted from a very narrow use case of protecting business data to an open, agent-less, and cloud-based platform that can tackle and automate a majority of cybersecurity measures.”

“We have also announced recent partnerships and integrations with key players, including Microsoft, Salesforce, Google Workspace, Okta, Slack, AWS, Jira, Zoom, Box, Datadog, CrowdStrike, Github, and Dropbox.”

Significant Milestones

What have been some of the company’s most significant milestones? Weinberg cited:

“Some of our most significant milestones include our first deal in 2020, our first hire in the U.S., our first $100K deal, our first $1 million in sales, and more. The company has continued to grow in revenue since its inception, and we are very proud of the milestones we have achieved thus far.”

Customer Success Stories

After asking Weinberg about customer success stories, he highlighted:

“Armis, one of our clients, uses multiple SaaS applications to improve employee productivity and drive business enablement at scale. As a result, their data movements occur at such a massive scale, which makes it extremely difficult to track using both traditional Security Information and Event Management (SIEM) solutions and native SaaS security capabilities, such as the Google Admin platform. Armis’ security team’s number one priority was to protect their customers, employees, and company data. However, the ongoing use of multiple SaaS applications has made it nearly impossible to apply effective data access policies that enforce the same levels of security and control across the different SaaS applications being utilized.”

 “The DoControl solution provided Armis with deep asset management capabilities that unified multiple major SaaS applications. Armis was now better equipped to identify all data movements between employees, external collaborators, and third-party applications. In addition, Armis’ IT team now experiences seamless visibility throughout their environment and effectively enforces advanced data access controls across their Tier0 SaaS applications. From auto-expiring specific external and public sharing to retrieving end-user approval for critical SaaS events, Armis is now in a position to have full control of data movements without slowing down business processes.”

“This real-world example highlights how we effectively prevented the sharing of sensitive company data, demonstrating our commitment to creating a secure environment for productive SaaS usage and business advancement. Our SSP offers complete visibility and control across all sanctioned and unsanctioned SaaS applications, closing compliance gaps and automating the remediation of potential attack vectors, ultimately ensuring a secure and productive SaaS environment for users.”

Total Addressable Market

What total addressable market (TAM) size is the company pursuing? Weinberg assessed:

“The CASB market we are addressing is around $10 billion. The overall SaaS and cloud market is continuing to grow dramatically, so this number could be even bigger. This puts DoControl in a special position as we are looking to solve the age-old problem of CASB evolution in the SASE era.”

Differentiation From The Competition

What differentiates the company from its competition? Weinberg affirmed:

“While there are many solutions to manage identities and provide secure connections for the user, our primary focus is reducing risk exposure to prevent data leakage and the exfiltration of sensitive files. There are over 30 vendors playing in our space, with new vendors appearing almost weekly. However, CASB solutions are bound by hard-coded policies that require more time and resources to address the problem, and DLP does not support SaaS as an egress channel and provides far too many false positives.”

“There are other SaaS security vendors such as SaaS Management Platforms (SMP), Shadow IT solutions that are endpoint focused, SaaS Security Posture Management (SSPM) solutions that are configuration focused, and Cloud Infrastructure Entitlements Management solutions that are identity focused. None of these vendors outlined are providing automated remediation in a way that addresses any use case to support modern security program requirements.”

“We offer a moderately priced per-user subscription model that provides most of the critical features in an easy-to-use no/low-code interface and fills gaps that other solutions cannot offer. DoControl is subscribed to all SaaS activity events to help customers respond to threats instantly. Alternative vendors pull activity logs every few hours, lacking the ability to respond to SaaS threats in a timely manner. Pulling events in real-time requires a massive architecture refactor and engineering effort.”

“DoControl’s no-code workflow engine also accepts any SaaS activity as a workflow trigger, solving hundreds of threat models. Combined with industry best practice templates, customers are positioned to automate remediation across common and company-specific use cases. In comparison, other CASB/DLP vendors offer hard-coded policies that are limited in scope and cannot solve company-specific use cases. Other CASB/DLP vendors perform full PII scanning, which causes alert fatigue for security teams. Those solutions are “blackholed” and add no value to the organization’s security posture. DoControl offers a “just-in-time” PII classification, combined with clear business context to avoid these issues.”

Future Company Goals

What are some of the company’s future company goals? Weinberg concluded:

“Looking ahead, we would like to expand our future product offerings to solve more use cases for our customers. Additionally, our goal is to consistently increase ARR and awareness of DoControl in the CASB and SaaS/cloud markets.”

Additional Thoughts 

Any other topics to discuss? Weinberg concluded:

“A primary focus for anyone looking to start a company would be to identify and hire the right employees for your business. A start-up work environment is not for everyone, and grit is especially crucial for those working in sales. Make sure to communicate this to prospective employees and ensure they are eager to work for a start-up and hit the ground running. This will be crucial to your success as an entrepreneur.”