With the dramatic shift to remote workforces over the last six months (and projected to continue through 2021), more organizations are struggling with the security concerns of third-party software-as-a-service (SaaS) applications and extensions. While these apps can significantly extend the functionality and capabilities of an organization's public cloud environment, they can also introduce security challenges. For instance, many have permission to read, write, and delete sensitive data, which can significantly impact your organization's security, business, and compliance risk. Assessing the risk of these applications to your employees is key when trying to maintain a balance between safety and productivity. So how do you balance the two?
It's vital first to understand the risk of third-party applications. In an ideal world, each potential application or extension is thoroughly evaluated before it's introduced into your environment. However, with most employees still working remotely and you and your administrators having limited control over their online activity, that may not be a reality today. However, reducing the risk of potential data loss even after an app has been installed is still critically important. The reality is that in most cases, the threats from third-party applications come from two different perspectives. First, the third-party application may try to leak your data or contain malicious code. And second, it may be a legitimate app but be poorly written (causing security gaps). Poorly coded applications can introduce vulnerabilities that lead to data compromise.
While Google does have a screening process for developers (as its disclaimer mentions), users are solely responsible for compromised or lost data (it sort of tries to protect you … sort of). Businesses must take hard and f ..
Support the originator by clicking the read the rest link below.
