End users easily grant permissions

Risky or malicious third-party apps often gain easy access to cloud SaaS environments like G Suite or Office 365 by means of end user-granted permissions.  Public cloud vendors use an OAuth 2.0 token technology to allow end users to grant access to their data without the need for a password to do so. All the end user has to do is grant permissions to a permissions request coming from a third-party app.

All of us are guilty of blindly granting permissions to apps that request them during installation.  How many of us actually read the details of the permissions requested by third-party applications we install on our mobile devices?  Think about an end user with either a company-issued mobile device, or a personal device used to also access company data.

If an end user blindly accepts permissions while installing a risky third-party app and the end user’s phone is connected to your organization’s data, all business-critical or sensitive data the end user has access to is now at risk of compromise by a risky third-party app.

The same is true for browser extensions.  Third-party browser extensions can request the same types of permissions to cloud data as other third-party applications that are installed via mobile devices.  A recent study found that more than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website.

When you think about the possible security implications of third-party apps installed on mobile devices as well as third-party browser extensions, it is imperative to have visibility to and the ability to block these dangers.  This requires controlling which applications are installed in your cloud SaaS environments.  

Data leak concerns

Aside from an all-out ransomware attack on your organization’s data, there is another scary cybersecurity concern that should get the attention of businesses everywhere – data leak.  Next, to ransomware data leak should be extremely concerning to your business.