Businesses are more reliant than ever on SaaS applications. According to a survey of 2000 global businesses, 56% of companies are using five or more cloud-based applications to run their operations. While integrating new applications is leading to enhanced productivity, especially in a hybrid work environment, it does create challenges from a security standpoint. Reliance on SaaS vendors creates a gap in terms of data protection for today’s cloud-centric companies and this also creates disparities across an organization’s application ecosystem and stack. DoControl is an automated no-code data access control platform that’s integrated with the most popular SaaS applications like Dropbox, Google Drive, Salesforce, and Zendesk, allowing companies to take control over their various cloud deployments without compromising security. Built for the enterprise, the platform handles asset management, security automation, and remediation without compromising productivity and security.
AlleyWatch caught up with DoControl Cofounder and CEO Adam Gavish to learn more about the business, the company’s strategic plans, latest round of funding,which brings the total funding raised to $43.4M, and much, much more…
Who were your investors and how much did you raise?
DoControl, recently announced we raised a $30M Series B funding round led by New York-based global private equity and venture capital firm Insight Partners, with participation from its existing investors, including StageOne Ventures, Cardumen Capital, RTP Global, and CrowdStrike’s early-stage investment fund, the CrowdStrike Falcon Fund.
Tell us about the product or service that DoControl offers.
Organizations’ widespread use of SaaS applications creates significant data security risks that can stem either from within companies or outside the security perimeter. Many applications offer very different data access controls that are completely uncorrelated, resulting in a huge amount of lingering, unmanageable data access that poses significant risk to organizations and increases the likelihood of a data breach.
DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation. We take a unique, customer-focused approach to the challenge of labor-intensive security risk management and data exfiltration prevention in popular SaaS applications.
By replacing manual work with automation, DoControl reduces the overload of work and complexity that Security/IT teams have to deal with every day. As part of that, DoControl involves all employees as part of the security equation to drive business enablement and encourage a collaborative and frictionless security culture.
What inspired the start of DoControl?
DoControl was first conceived in 2019, when I was working as a product manager on the Google Cloud Security & Privacy team in charge of the user experience (UX) for their heavily regulated customer base (FedRAMP, CJIS). In talking with customers, I realized that in order for them to onboard to Google Cloud, they needed to learn, set up, and maintain dozens of different security controls and policies; to keep data access secure, remain compliant, and prevent admin misconfigurations. Addressing this need formed the basis for DoControl’s platform.
How is DoControl different?
Key benefits and differentiators of DoControl’s platform include:
- Improving business productivity by enabling collaboration through SaaS applications while lowering the risk of data exfiltration or leakage.
- Implementing granular data access controls – by individual, role, application, or domain – to minimize the risk of data breaches.
- Automating application of dynamic security policies through workflows designed to improve operational efficiencies of Security / IT teams.
- Demonstrating and reporting on compliance requirements of relevant regulations while lowering corporate liability risk.
What market does DoControl target and how big is it?
DoControl’s platform is aimed at businesses that use popular SaaS applications, such as Google Drive, Dropbox, Slack, and Microsoft Teams. Research indicates 80% of businesses are already using at least one SaaS application, and growth has been further accelerated by move to remote/hybrid work. Increasing SaaS adoption, the growing complexity of SaaS ecosystems, and the lack of granular, automated access control are leaving organizations exposed to unauthorized and undetected data exfiltration without a clear solution, and I believe the market will only continue to grow.
What’s your business model?
Many companies spend large amounts on massive, labor-intensive CASB or DLP solutions. DoControl’s solution offers a moderately priced per-user subscription model that provides most of the critical features in an easy-to-use no/low-code interface.
DoControl is a 100% agentless platform. The connection to each SaaS application is created through a secure OAuth flow, providing user-rich insights within minutes without needing a background service or daemon.
As a completely event-driven platform, there are no scalability issues whatsoever, whereas inflexible CASB solutions are bound by hard-coded policies that require more time and resources to address the problem.
What are your post-COVID office plans?
Most of our employees work remotely across all corners of the USA. However, we just finished preparing our new USA HQ located in Manhattan, NYC. Employees are more than welcome to stop by the office whenever they need to collaborate. Personally, I work from there every day.
What was the funding process like?
Very comprehensive and professional from Insight Partners’ end and consisted of customer calls, and sharing our roadmap, vision, financials, etc. From our perspective, it was very different from previous rounds, because this time we did not really prepare anything, but rather let our customers, product differentiators, and vision speak by themselves.
What are the biggest challenges that you faced while raising capital?
The biggest challenge when raising capital is making sure you are not too distracted from running your business. Fundraising is extremely time-consuming, as you have to pay attention to so many details. At the same time, we have 50 employees and dozens of customers to work with daily. Not easy, but apparently doable. Our families supported us the most during this stressful fundraising process.
The biggest challenge when raising capital is making sure you are not too distracted from running your business. Fundraising is extremely time-consuming, as you have to pay attention to so many details. At the same time, we have 50 employees and dozens of customers to work with daily. Not easy, but apparently doable. Our families supported us the most during this stressful fundraising process.
What factors about your business led your investors to write the check?
You’d have to ask the investors, as I cannot speak on their behalf. I can only assume that they are very excited about how big is the SaaS Security opportunity, how differentiated our product strategy & vision, and what kind of team we put together to make it happen.
What are the milestones you plan to achieve in the next six months?
We have clear Q2 OKRs around revenue, product adoption, product differentiators, and scaling multiple company functions. We are very much laser-focused on what our customers need and what the industry demands to solve SaaS Security issues at scale.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
Find a big problem with a big market. Identify your specific buyer in that market. Talk to that buyer 24/7 for several months before you even think about raising money. Focus on the user experience and problem-solving before everything else. Achieve clarity of thought on how to communicate the thing you do for personas who aren’t experts in this field, especially investors, but also future employees, partners, etc.
Where do you see the company going now over the near term?
The Series B investment will enable DoControl to double its headcount and advance its go-to-market penetration in the United States and beyond. DoControl will also develop a national channel partner program to enable MSPs, resellers, and other key partners to provide Zero Trust SaaS data access control capabilities to a broader user base. Most importantly, DoControl will leverage its funding to develop innovations that meet the needs of modern businesses reliant on SaaS tooling while extending its use cases to new vertical markets.
What’s your favorite outdoor dining restaurant in NYC?
Barbounia.