EveryCloud Blog

Third party fire and theft?

Written by Paul Richards | Aug 23, 2016 8:57:47 AM

When it comes to protecting your business in a connected world, you can't be too careful. Indeed, when it comes to cloud access and security, you want comprehensive cover. Only then can you be "cloud confident". One of the fastest-growing problems today comes in the shape of connected third party apps - with a new report throwing the risks into sharp focus.

Headline findings in "The Explosion of Apps: 27% are Risky" - the Q2 2016 Cloud Cybersecurity Report (CloudLock) - make for sobering reading. The scale of the problem? Third-party apps have increased thirty-fold over the last two years. And what's more, 27% of third party apps connected to corporate environments are considered high risk. More than a half of third party apps are banned because of security-related concerns.

The problem is, these connected third-party apps are authorised using corporate credentials, so they can also gain access to corporate data on multiple SaaS platforms. These apps can view, delete, externalise and store corporate data. Indeed, "a malicious individual leveraging these connections can act on behalf of users to access, exfiltrate, and externalise your data." As I've written before, the threat is real, and it's significant: "With 22% more breaches from January to May of 2016 than during the same time period in 2015 (source: 24/7 Wall St), connected third-party apps must be managed carefully." As CloudLock's Director of Customer Insight & Analytics said, "The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems. Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft.”

So what can you do? As the report makes clear, it's important to understand how apps are connecting to your corporate environment, whose credentials are being leveraged, and the security implications that can result. You need defined plans and agreed techniques in place to measure and better understand the extent of the risks. You need ways to pinpoint the 27% of third-party apps that are more likely to open up potentially dangerous pathways into your organisation, pathways that cybercriminals can exploit. So to avoid push coming to shove - in terms of a real-life cyber-attack, or data loss due to a third party app being exploited - planning ahead and having powerful insurance in place is clearly the best policy.