It’s no secret that 3rd party apps can boost productivity,
enable remote and hybrid work and are overall, essential in
building and scaling a company’s work processes.
An innocuous process much like clicking on an attachment was in
the earlier days of email, people don’t think twice when connecting
an app they need with their Google workspace or M365 environment,
etc. Simple actions that users take, from creating an email to
updating a contact in the CRM, can result in several other
automatic actions and notifications in the connected platforms.
As seen in the image below, the OAuth mechanism makes it
incredibly easy to interconnect apps and many don’t consider what
the possible ramifications could be. When these apps and other
add-ons for SaaS platforms ask for permissions’ access, they are
usually granted without a second thought, presenting more
opportunities for bad actors to gain access to a company’s data.
This puts companies at risk for supply chain access attacks, API
takeovers and malicious third party apps.
 |
| Oauth mechanism permission request |
When it comes to local machines and executable files,
organizations already have control built in that enables security
teams to block problematic programs and files. It needs to be the
same when it comes to SaaS apps.
Learn how to gain visibility into your SaaS
stack[1]
How Do 3rd Party Apps Gain Access?
OAuth 2.0 has greatly simplified authentication and
authorization, and offers a fine-grained delegation of access
rights. Represented in the form of scopes, an application asks for
the user’s authorization for specific permissions. An app can
request one or more scopes. Through approval of the scopes, the
user grants these apps permissions to execute code to perform logic
behind the scenes within their environment. These apps can be
harmless or as threatening as an executable file.
Click here to schedule a 15-minute demo to
learn how to gain visibility of your SaaS apps[2]
Best Practices to Mitigate Third Party App Access
Risk
To secure a company’s SaaS stack, the security team needs to be
able to identify and monitor all that happens within their SaaS
ecosystem. Here’s what a security team can share with employees and
handle themselves to mitigate third party app access risk.
1 — Educate the employees in the
organization
The first step in cybersecurity always comes back to raising
awareness. Once the employees become more aware of the risks and
dangers that these OAuth mechanisms present, they will be more
hesitant to use them. Organizations should also create a policy
that enforces employees to submit requests for third party
apps.
2 — Gain visibility into the 3rd party
access for all business-critical apps
Security teams should gain visibility into every business
critical app and review all the different third party apps that
have been integrated with their business-critical SaaS apps –
across all tenets. One of the first steps when shrinking the threat
surface is gaining an understanding of the full environment.
3 — Map the permissions and access
levels requested by the connected third party apps
Once the security team knows which third party apps are
connected, they should map the permissions and the type of access
that each third party app has been given. From there they will be
able to see which third party app presents a higher risk, based on
the higher level of scope. Being able to differentiate between an
app that can read versus an app that can write will help the
security team prioritize which needs to be handled first.
In addition, the security team should map which users granted
these permissions. For example, a high-privileged user, someone who
has sensitive documents in their workspace, who grants access to a
third party app can present a high risk to the company and needs to
be remediated immediately.
4 — Get the automated approach to
handle 3rd party app access
SaaS Security Posture Management solutions can automate the
discovery of 3rd party apps. The right SSPM solution, like Adaptive
Shield, has built-in logic that maps out all the 3rds party apps
with access to the organization’s SSPM integrated apps. This
visibility and oversight empowers security teams so whether a
company has a 100 or 600 apps, they can easily stay in control,
monitor and secure their company’s SaaS stack.
The Bigger SaaS Security Picture
To secure a company’s SaaS stack, the security team needs to be
able to identify and monitor all that happens within their SaaS
ecosystem. 3rd party app access is just one component of the SaaS
Security Posture Management picture.
Most existing cybersecurity solutions still do not offer
adequate protection or a convenient way to monitor a company’s SaaS
stack, let alone the communications between their known apps and
platforms, leaving companies vulnerable and unable to effectively
know or control which parties have access to sensitive corporate or
personal data.
Organizations need to be able to see all the configurations and
user permissions of each and every app, including all the 3rd party
apps that have been granted access by users. This way security
teams can retain control of the SaaS stack, remediate any issues,
block any apps using too many privileges and mitigate their
risk.
References
- ^
Learn
how to gain visibility into your SaaS stack
(www.adaptive-shield.com) - ^
Click
here to schedule a 15-minute demo to learn how to gain visibility
of your SaaS apps (www.adaptive-shield.com) - ^
Learn
how to secure your SaaS app stack
(www.adaptive-shield.com)
Read more https://thehackernews.com/2022/05/is-3rd-party-app-access-new-executable.html