eScan Enterprise DLP GitHub control addresses access gaps

GitHub Tenant Control has been introduced within eScan’s Enterprise DLP platform to address a growing security concern: organisations using GitHub Team or Organisation accounts without Enterprise-level authentication controls.

The development focuses on closing a gap that leaves many companies exposed when employees access repositories using personal credentials or third-party authentication providers.

The access control dilemma

GitHub’s pricing structure creates a practical security trade-off.

• GitHub Enterprise at USD 21 per user per month includes SAML single sign-on and centralised authentication controls.

• GitHub Team at USD 4 per user per month offers lower costs but lacks native tenant control capabilities.

For organisations managing dozens or hundreds of developers, cost considerations often drive the choice toward Team accounts. However, this leaves a gap in monitoring and auditing repository access.

The issue is not theoretical. In June 2024, a leaked GitHub token exposed unrestricted access to a major automotive company’s source code. In January 2024, credentials linked to a media organisation’s repositories were exposed and later surfaced publicly. In March 2025, a compromised GitHub Action exposed CI/CD secrets across 23,000 repositories, including AWS keys, GitHub tokens and private RSA keys.

These incidents underline the risk of uncontrolled access pathways.

How GitHub Tenant Control works

GitHub Tenant Control operates within eScan Enterprise DLP and functions across GitHub account types: Team, Organisation and Enterprise.

When an employee attempts to log in using:

• Personal credentials

• Google authentication

• Microsoft authentication

• Apple ID authentication

the DLP system intercepts and blocks the attempt.

Access is permitted only when authentication occurs through the organisation’s corporate domain credentials. This approach maintains workflow continuity while enforcing visibility and centralised control.

Govind Rammurthy, CEO and Managing Director, eScan, stated that organisations face a cost-versus-control challenge and described the solution as a way to eliminate that trade-off.

Shweta Thakare, VP of Global Sales, said the feature is intended to extend enterprise-grade access control to Team and Organisation users, while also adding an additional enforcement layer for Enterprise customers seeking defence-in-depth.

Why this matters now

GitHub reported that 39 million secrets were leaked on its platform in 2024. The March 2025 compromise affecting 23,000 repositories highlighted how exposed credentials can enable lateral movement into production systems.

With India’s DPDP Act increasing scrutiny on data sovereignty and access control, source code repositories are emerging as compliance-sensitive assets.

Authentication governance is no longer limited to data files and email systems. Code repositories now sit within the same risk framework.

Unified tenant control across platforms

GitHub Tenant Control integrates with eScan’s broader Workspace Tenant Control framework. The platform already manages authentication enforcement for:

• Google Workspace

• Microsoft 365

• Dropbox

• Atlassian

• Slack

• Webex

• ChatGPT

• Other cloud applications

The company positions this as a unified DLP-led model that applies consistent authentication policies across the cloud application ecosystem.

A shift in repository governance

The introduction of GitHub Tenant Control reflects a wider shift in how organisations treat development environments. What was once considered a technical workspace is now recognised as a high-value compliance and security domain.

As repository leaks increase and regulatory pressure grows, authentication control is moving from optional enhancement to operational requirement.

The latest deployment seeks to address that transition directly, particularly for organisations balancing cost management with access governance.