Enterprise Data Security with Sanctioned and Unsanctioned Apps

admin | February 8th, 2018 | Cloud Security

CloudCodes CASB for Enterprise Data Security

Cloud services is something that every company is adopting in order to enhance its productivity by proper data management and sharing. But not everyone is yet aware of the perils of migrating to these cloud services. The most talked about subject pertaining to cloud usage is about enterprise data security and data breaches. Data breaches can happen anywhere and anytime and companies need to be constantly vigilant and overly cautious about their confidential data that is stored in the cloud or even the on-premises data that is transferred to the cloud.

What Are Sanctioned Apps?

Serving the companies security policies are the sanctioned applications, which any employee can use/download on-premises using the company’s network connections. These apps are in the knowledge of the IT staff.

What Are Unsanctioned Apps?

There is an increase in BYOD (Bring-Your-Own-Devices) work culture in organizations. Work flexibility of the employees in workplaces is allowing them to work from home with their own networks. This leads to the use of some unsanctioned apps, which are used without the IT staff knowing about them. This risks the probability of possible data breaches.

Enterprise Data Security: Facts and Figures

As per a survey by an identity management vendor:

  • Seven out of ten organizations are running cloud applications that are not officially sanctioned by their IT departments.
  • And equally perilous is the fact that 43% of the responders admitted that they store and manage the passwords in spreadsheets and sticky notes.
  • An astonishing 34% share passwords of cloud applications like Twitter and LinkedIn with their co-employees.
  • One more fact that comes into the picture is that around 73% of the organizations grant access to cloud-based applications to partners and consultants outside their company.
  • 20% of the employees are still able to login to the company after quitting the job showing the ineffectiveness of de-provisioning tool.
  • 81% say that they access cloud apps for work-related purposes from their own devices.

Rise of Anchor Tenant Apps

We explain the concept of anchor tenants and the subsequent intrusion of unsanctioned apps into your company’s network with the help of this scenario. Your organization has adopted a popular cloud app like Salesforce. Your IT department manages the deployment and security concerns related to this app. When the lines of business start using it, they find ways to get values by integrating the main Salesforce app with other third-party services like Zendesk, Marketo etc. This arrangement of anchor tenant is fully supported by Salesforce because it is in their business interest. But has your IT department given permission for other third-party services to be integrated with Salesforce? When employees or enterprises for that matter, sanction an anchor tenant app, dozens of apps that integrate with the main app enters into your office system many of which even you are not aware of. And these unknown apps share your data back and forth with the sanctioned apps. This poses a huge risk of data exposure putting the vulnerable company at risk.

Enterprise Data Security Around Sanctioned and Unsanctioned Apps

Sanctioned apps can be protected and secured by implementing some effective cloud security DLP solutions like CASB. They offer security for email clients and office apps like Microsoft Office 365, Google Suite, Dropbox, Salesforce, Azure etc. Tokenization and data governance with integrated access controls, DLP integration are some of the features that a DLP has to have to secure the sanctioned apps. Monitoring and automated remediation of risky data exposure and automated, custom data classification profiling with sensitive data identification are all offered by DLP solutions; thus securing the data with sanctioned apps. While organizations put a lot of emphasis on sanctioned apps, they should be paying more attention to apps that share data with those apps and thus prevent Shadow IT. These apps are the unsanctioned apps like the anchor tenants.

  • Know what apps are running in your organization including the sanctioned apps as well as the unsanctioned apps.
  • Understand their mode of work, their uses and the information they pull out from the major apps.
  • Secure the apps with IAM or SSO.
  • Enforce enterprise data security policies in your major apps and to your ecosystem apps as well for enterprise security.

The facts and statistics for unsanctioned apps and the security breaches through it cannot be taken lightly. As said, data security is possible only when organizations continuously monitor them and see to it that there is no intrusion in the form of unsanctioned apps.