Updated on: October 10, 2024
In a recent interview with SafetyDetectives, Omri Weinberg, Co-Founder and CRO of DoControl, shared his journey in founding the company and the vision behind it. DoControl was born out of a need to address security concerns surrounding data sharing and exposure within SaaS applications, a growing challenge for organizations in the digital age. Drawing from Omri’s previous startup experiences and insights from his co-founder, the company has since grown exponentially, securing millions in funding and working with top-tier clients across various industries.
In the interview, Omri discussed how DoControl differentiates itself in the rapidly evolving SaaS Security Posture Management (SSPM) space. Unlike other solutions that mainly focus on administrative configurations, DoControl emphasizes data access and exposure, offering advanced capabilities to manage and remediate unauthorized sharing. The platform provides businesses with comprehensive control over their SaaS security, helping them mitigate risks related to shadow IT, third-party applications, and the growing volume of corporate data stored in the cloud.
Can you introduce yourself and talk about what led you to co-found DoControl?
My name is Omri. I was born in Israel and moved to the U.S. 10 years ago. I’ve been married to Shelly for 13 years, and we have two wonderful sons—Daniel and Ari. We lived in NYC for 7 years and have been in Miami for the last 3. DoControl is my 3.5th startup. The inspiration for co-founding DoControl came from an incident I experienced at a previous acquisition, along with insights from my partner Adam, who worked at Google. He saw firsthand how difficult it was to secure data in SaaS apps effectively. Once we started engaging with the market, we quickly realized we had something great. Fast forward, and we’ve grown from an idea to nearly $45M in funding, millions in ARR, and top-tier clients.
How does DoControl differentiate itself from other SaaS Security Posture Management (SSPM) solutions in the market?
SSPM, or SaaS Security Posture Management, is becoming an important acronym in the cybersecurity space. While many vendors in this market focus heavily on administrative misconfigurations in top SaaS applications—such as checking if MFA is enabled or if passwords are strong—our approach goes beyond that. While we offer this functionality as one part of our platform, our primary focus is on data sharing, exposure, and the ability to remediate unwanted access. The scale of incidents in this area is exponentially larger. We’re taking the best elements from traditional CASB and DLP solutions and modernizing them to focus exclusively on SaaS applications.
What types of businesses or industries do you find benefit the most from DoControl’s solutions?
We work across a wide range of industries and are completely agnostic when it comes to verticals—any company using SaaS applications in the cloud can benefit from our solution. Our clients include large tech companies, small startups, manufacturers, educational institutions, private equity firms, retailers, and more.
Shadow IT and unmanaged third-party applications are major risks. How does DoControl address these challenges for its customers?
Shadow IT is a challenge that has traditionally been addressed in a tedious and manual way. DoControl focuses on OAuth apps that are connected to your key third-party SaaS applications. We provide a risk score, insights on user activity, approval workflows, remediation capabilities, and full visibility into the thousands of apps employees are using to optimize business enablement. While these apps enhance productivity, they also introduce risk, which security teams need to govern effectively.
What are the biggest security risks companies face when managing data across multiple SaaS applications?
We encounter numerous risks daily across the companies we work with. These can range from a CFO sharing the company’s P&L with a personal email, to a former employee still accessing company data, or a sales representative preparing to leave the company and downloading the entire client database from Salesforce, sharing it with their personal email. It could be a developer making a repository public, an engineer uploading an encryption file to a shared Slack channel, or a CEO sharing a board meeting Zoom recording publicly without a passcode. The list goes on!
What advice would you give to organizations that are just starting to build out their SaaS security strategies?
Take this seriously and don’t wait until it’s too late. The majority of your corporate data and intellectual property is stored and shared within SaaS applications. This problem isn’t going away; it’s only getting worse as more companies adopt new SaaS apps, move to the cloud, and enable remote work, requiring collaboration both internally and externally. Our data shows that your information (your data, files, assets) grows exponentially—by over 300% each year. If you don’t address this early, your exposure increases significantly, making it much harder to manage later on.