SaaS to SaaS authorized apps, your ticking bombs for data breaches?
Remember the last time you clicked to approve a new app? What access permissions to your data did you grant the app?
In the business world, users can also consent to permissions requested by third-party apps to gain access to business and customer data of the organisation. Once this authorization is established, it is often forgotten about and becomes a security blind spot.
The most common SaaS blind spot is SaaS to SaaS authorizations.
These are SaaS apps that users connect to the organization’s SaaS ecosystem themselves to enhance the business value for their unit or for personal use.
For example:
An Office 365 user authorizes HubSpot to send email as the company
Another user consents to monday.com to access their OneDrive and Outlook Calendar
A user connects Zapier to Salesforce to take customer data to an unmanaged app Airtable
Data often flows between SaaS apps without anyone knowing. This can lead to multiple risks which are often unknown to the organization.
Business User managed vs IT Administrator managed SaaS to SaaS authorizations
In the modern workplace, business teams choose, procure and operate SaaS solutions. Because of this decentralised ownership model, the IT team strongly prefers all SaaS to SaaS authorizations to be brokered by a managed middleware platform. This gives them visibility, oversight and freedom to de-couple solutions as the business teams require.
The blind spot for these organizations are the SaaS to SaaS authorizations that business users authorize themselves without the involvement of IT and managed middleware platforms.
Malicious third-party SaaS apps are on the rise, and can be authorized by a user by accident or by being socially engineered.
Attackers are adding malicious applications to app stores and marketplaces every day in an attempt to compromise high value targets. Microsoft released new guidance about this new blind spot in early July 2020 “Protecting your remote workforce from application-based attacks like consent phishing“ that SaaS administrators should be aware of. A user can unknowingly authorize a malicious Azure marketplace app. See our previous blog on How to detect malicious Azure apps that are accessing your sensitive data.
How Detexian helps
Detexian reduces these risks by discovering:
Unauthorized apps staff use with their corporate email accounts
If those apps have access to your business and customer data
When new apps are granted and permissions change
Many apps are granted excessive permissions such as read/write access to files, emails, calendars. If left unknown, these apps are ticking timebombs for data breaches.
Find out how to discover unknown, untrusted apps with access to your data in 5 minutes, Try Detexian free for 7 days.