eScan (MicroWorld Technologies Inc.) has announced the deployment of GitHub Tenant Control within its Enterprise Data Loss Prevention (DLP) platform, addressing a major security vulnerability faced by organizations using GitHub Team and Organization plans without enterprise-level authentication controls. The new capability enables organizations to enforce enterprise-grade repository access control without upgrading to GitHub Enterprise, significantly reducing the risk of unauthorized source code access and credential misuse.
The Growing GitHub Security Risk
Recent high-profile incidents underscore the urgency of stronger GitHub security controls:
- In June 2024, a leaked GitHub token exposed access to Mercedes-Benz’s Enterprise server source code.
- In January 2024, exposed credentials led to The New York Times’ codebase appearing publicly months later.
- In March 2025, the compromise of the tj-actions/changed-files GitHub Action exposed CI/CD secrets—including AWS keys, GitHub tokens, and private RSA keys—across 23,000 repositories.
According to GitHub, 39 million secrets were leaked across its platform in 2024 alone, highlighting systemic vulnerabilities in repository authentication and access governance.
The GitHub Pricing Dilemma
GitHub’s pricing model creates a security trade-off for many organizations:
- GitHub Enterprise ($21/user/month) offers SAML single sign-on (SSO) and centralized authentication controls.
- GitHub Team ($4/user/month) lacks native tenant control and advanced authentication enforcement.
As a result, organizations seeking cost efficiency often sacrifice security visibility. Employees may access repositories using personal credentials or third-party authentication providers such as Google, Microsoft, or Apple ID—leaving IT teams without centralized monitoring or audit trails.
“Organizations face an impossible choice. Either pay significantly more for GitHub Enterprise just to obtain access controls, or accept the risk of unmanaged personal account access. eScan’s GitHub Tenant Control removes that trade-off,” said Govind Rammurthy, CEO & Managing Director, eScan.
How eScan’s GitHub Tenant Control Works
eScan Enterprise DLP enforces authentication policies regardless of whether the organization uses GitHub Team, Organization, or Enterprise plans.
When an employee attempts to access GitHub via:
- Personal email accounts
- Third-party SSO providers (Google, Apple, Microsoft)
the DLP solution intercepts and blocks the authentication attempt. Access is granted only when users authenticate through corporate domain credentials, ensuring full visibility, auditability, and policy enforcement.
“This solution extends enterprise-grade authentication control to organizations that previously lacked it,” said Shweta Thakare, VP of Global Sales at eScan. “It also provides an additional defense-in-depth layer for Enterprise customers.”
Compliance and Data Sovereignty Implications
With India’s Digital Personal Data Protection (DPDP) Act increasing regulatory scrutiny around data governance and access control, source code repositories have become a key compliance priority. Unmonitored GitHub access can lead to intellectual property theft, data breaches, and regulatory penalties.
eScan’s GitHub Tenant Control integrates into its broader Workspace Tenant Control framework, which already enforces authentication policies across platforms including:
- Google Workspace
- Microsoft 365
- Dropbox
- Atlassian
- Slack
- Webex
- ChatGPT
This unified approach allows enterprises to apply consistent cloud access security policies across their entire SaaS ecosystem from a single DLP platform. By bridging GitHub’s access control gap, eScan positions its Enterprise DLP solution as a critical tool for organizations seeking stronger source code protection, CI/CD security, and compliance-ready authentication governance in an increasingly threat-prone digital environment.
