Installed 3rd Party Apps over SaaS platforms are for enterprise what mobile App Store apps were for consumers in 2009. You think you are getting a free ping pong game without realizing that all your contacts, personal messages and location history is being exfiltrated to external servers!
Optimized workflow. Better collaboration. Improved user experience.Increased performance. That’s what third-party apps installed on SaaS platforms such as Slack, Zoom, Dropbox, Google Drive, and Chrome extensions promise to bring to your business.
SaaS apps’ adoption is on the rise now more than ever before. In fact, a Martech report says that an average company with 200 to 500 employees uses about 123 SaaSapps these days.
And, according to Microsoft CEO Satya Nadella, a staggering 500 million SaaS apps will hit the market in the next 5 years!
On paper, that sounds incredible. However, on the flip side, you can be sure we’re not going to have professional developers create all of these five hundred million applications …and therein lies the problem.
While using 3rd party SaaS apps offers a host of benefits, installation of such software, in most cases, happens without consent from the IT department.
According to Microsoft, 80 percent of employees use unauthorized apps. We’re talking about apps no one has reviewed or ones that fail to comply with your company’s security and compliance policies.
3rd party SaaS apps: business, security and compliance risks
Non-sanctioned apps, even those downloaded from reputable marketplaces, can expose your organization to various risks, including:
Legitimate apps are susceptible to security vulnerabilities. In essence, this means you can expose your crucial business data when you install these apps on platforms such as Slack.
And, information breach is costly.
According to the Cost of a Data Breach Report, businesses worldwide lost an estimated $3.86 million in 2020 due to data breaches. The situation was even worse in the United States, where companies grappled with damages of up to$8.64 millionduring the same period.
With such stats, data breaches aren’t something you can ignore, and any 3rd party apps can potentially instigate an information breach.
The use of 3rd party apps to spread ransomware is on the rise. Sure, this trend isn’t as common as corrupting devices or phishing threats. Even so, the low awareness about this type of attack means attackers have a higher chance of success.
A good example isRagnar Locker, ransomware that targeted remote management software (RMM) used by MSPs, encrypted data, and demanded $200,000 -$600,000 for decryption.
Compliance and regulatory statutes such as CCPA and HIPAA require companies to safeguard their client’s information.
Exposing sensitive data exchanged on Slack, Zoom, or Google Drive aided by unauthorized apps may lead to compliance violations and, by extension, hefty fines.
You’re exposed to 3rd party app security risks
There’s every reason to be concerned about the security vulnerabilities of 3rd party apps installed in your SaaS platform. After all, app security threats account for 43 percent of data breaches.
How hackers use app data to access your business data
Installing a 3rd party app into your SaaS platform such as Slack requires permitting the application to access your data, including files, mail, profile info, location, and so on.
The catch is, giving permissions is somewhat a “routine” with these apps, the same way you’d accept a user agreement. It’s not surprising, therefore, that allowing apps to access your information seems like a “natural” thing to do.
However, by giving an outwardly harmless app permission to access your data, you could be exposing your business to criminals.
Hackers can implant a malicious code into your SaaS platform to “listen” to your company’s confidential messages and control files being shared.
How can you protect your business from risky 3rd party apps?
It makes perfect sense to determine if an app is safe before installing it into your SaaS platform. Here’s what a risky app look like;
- Suspicious reviews – this could be a lot of negative or positive feedback posted roughly at the same time.
- Scare information about the developer.
- Requires excessive permissions than its expressed goals.
- Is rarely updated
- It has an email linked to the developer – some apps use a personal Gmail account, so you’re never sure who has access to your data.
With that being said, here how you can reduce the risk of non-sanctioned third-party apps;
- Take stock of SaaS apps your business is using.
- Check into permissions your employees grant apps to access your SaaS platforms.
- Monitor the app’s usage
- Create awareness among your employees on the importance of understanding app permissions and sticking to your company’s information security and governance.
Check out Polymer Security Scan for Slack to assess PCI, HIPAA compliance and 3rd Party Installed App Risks within minutes.