SaaS to SaaS authorized apps, your ticking bombs for data breaches?

Remember the last time you clicked to approve a new app? What access permissions to your data did you grant the app?

In the business world, users can also consent to permissions requested by third-party apps to gain access to business and customer data of the organisation. Once this authorization is established, it is often forgotten about and becomes a security blind spot. 

The most common SaaS blind spot is SaaS to SaaS authorizations

These are SaaS apps that users connect to the organization’s SaaS ecosystem themselves to enhance the business value for their unit or for personal use. 

For example:

  • An Office 365 user authorizes HubSpot to send email as the company

  • Another user consents to monday.com to access their OneDrive and Outlook Calendar

  • A user connects Zapier to Salesforce to take customer data to an unmanaged app Airtable

Data often flows between SaaS apps without anyone knowing. This can lead to multiple risks which are often unknown to the organization. 

Business User managed vs IT Administrator managed SaaS to SaaS authorizations

In the modern workplace, business teams choose, procure and operate SaaS solutions. Because of this decentralised ownership model, the IT team strongly prefers all SaaS to SaaS authorizations to be brokered by a managed middleware platform. This gives them visibility, oversight and freedom to de-couple solutions as the business teams require.

The blind spot for these organizations are the SaaS to SaaS authorizations that business users authorize themselves without the involvement of IT and managed middleware platforms. 

Malicious third-party SaaS apps are on the rise, and can be authorized by a user by accident or by being socially engineered. 

Attackers are adding malicious applications to app stores and marketplaces every day in an attempt to compromise high value targets. Microsoft released new guidance about this new blind spot in early July 2020  “Protecting your remote workforce from application-based attacks like consent phishing“ that SaaS administrators should be aware of. A user can unknowingly authorize a malicious Azure marketplace app. See our previous blog on How to detect malicious Azure apps that are accessing your sensitive data

How Detexian helps

Detexian reduces these risks by discovering:

  • Unauthorized apps staff use with their corporate email accounts

  • If those apps have access to your business and customer data

  • When new apps are granted and permissions change

Many apps are granted excessive permissions such as read/write access to files, emails, calendars. If left unknown, these apps are ticking timebombs for data breaches. 

Find out how to discover unknown, untrusted apps with access to your data in 5 minutes, Try Detexian free for 7 days.

Previous
Previous

Cross-SaaS contamination: How to prevent unauthorized access to your organization

Next
Next

Security with benefits