Enterprises Warned About Risky Connected Third-Party Apps

[Batu69]

More than a quarter of the third-party apps used in enterprises are risky, and one of the most problematic are connected cloud applications, according to cloud security company CloudLock.

 

CloudLock CyberLab’s Cloud Cybersecurity Report for the second quarter of 2016, which is based on the analysis of over 150,000 unique apps and 10 million users, shows that the use of third-party apps has increased 30 times over the past two years.

 

The security firm pointed out that organizations must not neglect a very important aspect when addressing the issue of “shadow IT,” the term used to describe applications and systems used by employees without approval from IT security teams. One technology that can introduce serious risks is OAuth, an authentication protocol that allows users to approve apps to act on their behalf without sharing their password.

 

The problem, according to experts, is that OAuth-connected applications can have extensive access to corporate data. These types of apps can request permission to view, delete, transfer and store corporate data when enabled using corporate credentials, which is why it’s important that organizations identify these applications, particularly those that pose the highest risk.

 

“On a daily basis, employees are utilizing apps without notifying IT, and authorizing OAuth connections through their corporate credentials. If these apps are malicious by design, or the connected application’s vendor is compromised, this opens the door to cybercriminals deleting accounts, externalizing or transferring information, provisioning or deprovisioning users, changing users’ passwords, modifying administrator’s settings, performing email log searches, and more,” CloudLock said in its report.

 

Across all the industries monitored by CloudLock, on average, a total of 733 third-party apps are connected to the corporate environment in each organization, with the higher education, technology and media sectors at the top of the chart.

 

Of the 156,000 third-party apps that have been granted access to corporate systems this year, security teams classified 27 percent as “high risk.” Experts noted that the percentage of high risk apps connected to corporate systems is roughly the same all around the world.

 

The list of top 10 risky apps includes various games, music players, the Goobric Web App, and the Pingboard employee directory software. The most risky application is the mobile strategy game Clash Royale. While these apps are not necessarily risky by nature, they can represent a serious problem if they are compromised – mainly due to their extensive access to corporate environments and the high number of privileged users.

 

In the enterprises analyzed by CloudLock, more than half of third-party applications have been banned due to security concerns. The top 10 banned apps are WhatsApp, Zoho Accounts, SoundCloud, Sunrise Calendar, Power Tools, Pinterest, Free Rider HD, Airbnb, Madden NFL Mobile and CodeCombat.

 

Article source

[steven36]

To many people not working at work and playing candy crush ,what do you expect is going to happen when Microsoft and Google  is pushing the cloud so hard?  Windows 10 is a hybrid O/S and  when business try to stop windows 10 pro users from accessing the cloud Microsoft removed  the way they blocked  it so they will have to upgrade to enterprise version.

 

Google O/S has to be online too do anything  they still never made offline apps yet.  It don't matter if you're a enterprise user or you are a home user when you're computer calls out to internet all the time you're vulnerable to attack.  Windows 10 is a internet conductor it calls out to the internet 24/7 Its the same as lighting is to a lighting rod.  This is my biggest problem with it its always calling out to somewhere behind the scenes scanning you're PC through Windows updates etc. I don't trust it back years ago I caught a virus on XP   from Windows update site .

 

When you're O/S software is the problem severing you up ads and sucking up you're data , getting rid of other cloud apps is not going to solve you're problem .

 

If businesses are not inspecting there workers PCs  to see what workers have on them  there at fault if they get infected  .