Today’s guest blogger is Ben Howard, Global Partner Manager, BetterCloud
The adoption of cloud platforms over the past few years has brought huge benefits to organizations of all shapes and sizes. Specifically, Google Apps presents immense opportunities to leverage the power of third-party applications for even more benefits, like increased collaboration, productivity, communication, and more.
As an administrator, its vital to the overall security and health of your domain to be aware of these applications, how they are utilized by your users, and the potential risks they may bring to your organization. This post takes a deep dive into these third-party applications and how you can reduce the risk brought to your organization.
How Are Third-Party Apps Installed?
Users are installing these apps on computers and mobile devices alike, accepting the requested permissions using their Google Apps credentials–thus granting access to their Gmail, Drive, Contacts, and more.
Though users have the authority to install unlimited third-party applications, administrators still lack the tools to review which apps are gaining access to their domain’s data. And ultimately, IT and security teams are responsible for the data loss or misuse that could result from a user giving access to an untrusted application.
There are four primary marketplaces where both end users and domain administrators can browse and install third-party applications:
Google Apps Marketplace – Available for both end users and administrators, the Marketplace is an online store with cloud applications for businesses.
Chrome Web Store – An online marketplace for Chrome users, where users can find and install browser extensions.
Google Drive Add-Ons – Available directly within Drive, add-ons provide extra features for Docs, Sheets, and Forms.
Mobile Apps – Users can also install mobile applications on cell phones and devices using their Google Apps credentials, creating a risk if the device gets lost or stolen.
When a user attempts to install a third-party application using their Google Apps credentials, he/she must review and accept the data access the app is requesting.
Apps request varying levels of access in order to integrate with Google Apps and build upon the functionality provided. For example, an app that aids in scheduling may request access to your Google Calendar.
Given the extensive data access that an app could request, and that these applications are oftentimes built by independent software vendors (ISVs), IT and security teams should be vigilant about evaluating each application installed on their domain.
However, while end users have the authority to authenticate and install third-party apps using their Google Apps credentials, domain administrators lack the tools to audit and control the types of apps installed and the data access they’re requesting.
Solution – Review Applications One-by-One
Users can view all applications with authenticated access to their account:
Navigate to Account Permissions > Apps and Websites > View All
Scan through the list, reviewing each application and whether it is necessary or still in use
Revoke access to an app to remove it from your account
While this is a handy tool, it is difficult to mandate that all users regularly review the third-party apps they have installed. Also, IT and security teams still don’t have any insight into this information or ability to enforce it.
Solution – Review Applications in Bulk Using BetterCloud
BetterCloud is a comprehensive security and management solution and the number one tool for Google Apps administrators.
In order to review all third-party applications with authenticated access to your domain, as well as the data access those applications request, use BetterCloud’s Apps Audit functionality.
Admins can then decide if certain applications should be prohibited for the entire organization, remain accessible for only certain organizational units or restrict access only to a handful or even just one user.
To streamline this evaluation process, IT admins can utilize Apps Audit’s powerful policies–using this feature, IT admins can enforce acceptable use policies based on a number of conditions an app meets, such as data access level requested (ex. read/write Gmail, read/write Drive, etc.) or the app’s permission score.
With better auditing, insights, and compliance policies like those provided through Apps Audit, IT and security teams can confidently allow users to leverage third-party apps without risking data exposure.
While a primary focus of Apps Audit is protecting your domain from data loss, by having a list of every application installed by users, you’ll inevitably start to see trends. With that, you can:
Discover which applications are being used by the majority of your organization or certain teams
Purchase licenses through the IT department to consolidate billing
Inquire about earning your organization a per license discount
There is no doubt that third-party applications represent a huge risk to organizations. With proper knowledge, foresight, and leveraging BetterCloud, administrators can reduce that potential risk brought to their domain.
To download a free security and compliance whitepaper and to learn more about Apps Audit, click below.