In today’s blog, we’ll take a look at some new G Suite security features. These features are designed to prevent threats from unauthorized or rogue applications.
Most of our customers have already adopted enterprise Software-as-a-Service (SaaS) applications or are evaluating them. The most popular ones are office automation suites like G Suite and Office 365. These cloud-based solutions offer a lot of productivity gains and are generally secure. However, they can also represent a significant new attack surface that many companies haven’t thoroughly considered, particularly if you’re integrating in-house or third-party apps.
We regularly identify account takeovers from phishing attacks. We also see a lot of surreptitious or hidden data exfiltration from rogue apps that haven’t been approved or vetted by corporate IT teams. The good news is that both Microsoft and Google have expanded their features lately to provide more controls to address these threats.
Google offers API access to G Suite email and file storage services. That way, you can integrate as needed with a variety of productivity tools. You’re likely already using third-party security or productivity apps or custom applications within your organization.
However, your employees may be installing rogue apps. Those rogue apps can steal the data being accessed as well as the credentials your employees hard code in the apps. Or it could be the app creator simply mishandles the credentials and unknowingly exposes them to an attacker.
In either case, you don’t want rogue application use to be a risk for your organization. Google recently announced an updated App Access Control feature. The feature enables Google admins to control which apps are allowed to access data through the APIs. We recommend using these features to define which apps should be allowed and what data those apps can access.
How Do You Know When a New App is Accessing Data?
Our SOC-as-a-Service solution, ActiveEye, has been helping discover rogue apps for the last couple years. ActiveEye identifies new apps being configured to access G Suite or Office 365 and can notify you when that happens. Any new apps being configured are also listed in a standard weekly security report. The report outlines identity and access updates to the cloud environments.
App Connections is one small feature in the ActiveEye set of security controls for SaaS Applications. We also have an extensive set of policies that identify account takeover and unapproved data access.
If your employees are using rogue applications, your organization’s data could be at risk. Make sure you have the right tools in place to look for this kind of problem. Our 24×7 SOC has extensive experience with cloud environments and investigates any potential threats while eliminating the false positives, leaving your team (or ours, if you’re short on resources) more time to focus on actual problems.