These days, there’s so much existing software that helps us do our jobs and live our lives that it’s incredibly overwhelming. Every day we learn about something new that can improve our workflow, time management, and more. But how do we know what’s really useful and what’s just trouble in disguise? How do we make sure shiny new third party apps won’t cause more problems than benefits?
Third-party apps vs. native apps
One of the main security risks with this new software is third-party applications. But what are those exactly? By definition, a third-party application is an app that is not created by the manufacturer of a device.
This is different from a native app, which is developed by the manufacturer. So if Apple develops an app for the iPhone, it is a native app. If someone else develops an app that runs on iPhone, it is a third-party app. Same for Facebook – apps that are not developed by Facebook are considered third-party, and will often ask your permission to access your Facebook data. You may have encountered this when trying to take a Facebook quiz or play a game.
Under the umbrella of third-party apps, there are three types:
- Applications created for official online app stores (like Microsoft AppSource or Google Play)
These applications follow fairly strict criteria for development and publishing and are often vetted for issues like malware.
- Applications offered through unofficial websites
These apps are usually offered via websites not affiliated with the manufacturer of the device. They are not vetted by manufacturers.
- Applications which connect with another service
This type of application is not downloaded. Instead, it piggybacks off another installed app and asks for permission to access the information you’ve given to the other app. A good example of this is the Facebook quiz mentioned earlier.
The risk of third-party apps
As might be evident from the descriptions, there are varying levels of threats associated with each type of third-party app. The official app stores pose the least amount of danger due to their development criteria and vetting process, but no store can guarantee that all applications sold there are safe. It only takes one bad apple to compromise your data.
Unofficial third-party app stores may sell good apps, but they are more likely to have applications infected with malware. They can also sell what appears to be common, safe apps at lower prices than the official store. However, these apps can have ransomware or adware injected into their code that you cannot see.
The risk of the third type of app that connects with another service isn’t malware. But when used, you’ve permitted it to view sensitive data from that point forward. So long after you’ve taken that quiz, the company is still mining your profile for potentially sensitive data.
The risk for your business
As you can see, the biggest problem with third-party apps is ambiguity. You don’t honestly know if an app is malicious or helpful at first glance. It takes much research and time to determine if an app is coded with malware, even if you are an IT professional. For someone without IT experience, it takes even more research and time.
What happens if a malicious app slips through?
What if someone doesn’t do their due diligence, and a malicious third-party app downloads onto your network? What kind of malware could make its way into your system, and what trouble could it cause? It could be any number of things, but here are a few examples.
- Ransomware – This attack extorts money from you to access your system.
- Spyware – A program that runs in the background, slowly extracting your valuable data over time.
- Outbound Spam (LINK) – It triggers a code to send thousands of spam emails from your account in a second, causing the loss of your reputation and clientele.
Not worth the risk
As the keeper of your businesses’ data, you can’t afford to rely on your employees taking steps to ensure that any third-party app they download is safe. Just one mistake could cost you your data, reputation, clients, and more. So the safest thing to do is to ban third-party apps altogether. But how can you do that?
What do we mean by a third-party integration for Office 365?*
Now, there may be some confusion about what me mean when we say “third party integration”, so let’s clear that up right now. We’re talking about any software developed by non-Microsoft sources, and which requires permissions/access to any information that’s in your Office 365 tenant.
For example, say a user likes Salesforce and wants to integrate Salesforce Lightning with their Outlook (so that they can look at their contacts, leads, and accounts associated with their emails without leaving Outlook), this is an example of a third party integration since the app is made by Salesforce.
Office Protect is here to help. With the setting “Do Not Allow Third-Party Integrated Applications,” you can make sure no employees are integrating third-party apps into Office 365.
For example, when this setting is in effect, an end user without administrator privileges would not be able to integrate Salesforce Lightning to their Outlook.
How to turn on the setting
To enact this feature, just access the settings from your Office Protect “Set” page. Go to the setting, and then flip the toggle switch to “on.” You will see the security impact (high) and the user impact (medium).
Exceptions to the rule
You may be concerned that some users may go through the correct vetting process and could utilize third-party apps to do their job better. If that’s the case, no problem. Even if this setting is enabled, anyone with admin privileges can download third-party apps. You could give these users admin privileges. Or, you might allow anyone that wants to download a third-party app submit a request to your IT department or someone you trust to do the right research. You’ll be covered no matter what your needs are.
As you can see, there truly is no downside to enacting this great setting (and more) that you can get with Office Protect. Contact your Sherweb representative today to learn about how this product can help your business. Do remember that Office Protect is one layer of an efficient security offering, and it is very specific to raising the essential security of your Office 365 tenants. If you want something that prevent a user from putting potentially malicious apps on your network, you’re looking for endpoint protection. Sherweb has you covered there too!
*A correction was made to the article on November 26.