Building Application Security for Enterprises in 2023

Arguably, it is the double-edged sword of cloud Software-as-a-Service (SaaS) environments – third-party apps. SaaS applications are the lifeblood of modern productivity, providing organizations with the tools and features needed to meet the current demands of the distributed workforce. But unfortunately, they can also be a cybersecurity nightmare, leading to unwanted security risks, data breaches, and Shadow IT. In this article, we’ll discuss in great detail the hidden threats of third-party OAuth apps as well as how to build application security.

The tremendous growth of Software-as-a-Service (SaaS) applications

One of the benefits of cloud Software-as-a-Service (SaaS) environments is the delivery model of applications. Businesses and organizations do not have to provision servers, storage, networking, and other traditional data center resources. Instead, SaaS applications allow companies to consume the applications they need without worrying about the underlying infrastructure. The cloud service provider takes care of the underlying infrastructure provisioning and management. Companies can then easily consume the application without any management and configuration tasks required on-premises.

Organizations have a virtual ala carte with today’s cloud service providers with thousands of SaaS applications in cloud service provider marketplaces. These cover the gamut of productivity applications.

Google Marketplace apps available for businesses

Note the following statistics related to cloud SaaS applications:

According to one report, the average number of Software-as-a-Service applications used by organizations worldwide in 2021 topped over 110 SaaS applications
As of 2022, Software-as-a-Service applications are worth over $170 billion
The SaaS industry has increased end-over-end by around 500% over the past 7 years
Cloud security is the fastest-growing segment in IT security

Cloud SaaS solutions such as Google Workspace and Microsoft 365 provide businesses with an easy-to-consume SaaS environment with rich application marketplaces that allow organizations to augment the native features of the cloud service provider environment.

With the onset of the global pandemic, organizations needed to pivot quickly to allow the transition to a largely remote workforce to work from home or any other location. As a result, cloud service providers saw a massive uptick in adoption. In addition, the applications found in the cloud service provider marketplaces allowed adding any missing features or capabilities needed. Unfortunately, while the fully-featured capabilities found in cloud service provider environments have allowed organizations to tap into the robust productivity features found in the cloud, it has also introduced tremendous risks, including malicious cloud applications and shadow IT.

Why and how do third-party cloud apps introduce risk?

Third-party applications prove to be a double-edged sword for companies leveraging the power of cloud SaaS environments. There are essentially two reasons for this:

Malicious cloud SaaS applications
Shadow IT operations

Malicious cloud SaaS applications

Attackers have wasted no time taking advantage of cloud SaaS marketplaces and the ease with which users can install cloud SaaS applications by default in both Google Workspace and Microsoft 365. Malicious cloud SaaS applications generally go hand-in-hand with phishing attacks.

Attackers take advantage of the cloud model for authorizing access to third-party applications. The authorization technology used is known as OAuth. OAuth allows users to grant access to third-party applications on their behalf without sharing their passwords. While OAuth itself is secure, the people and processes behind using it can be an easy target for attackers.

As with most phishing attacks, threat actors make the email appear to be a legitimate communication asking the end-user to click a link. The link then directs the end-user to grant OAuth permissions to what they believe to be a legitimate app. The user may see an OAuth authorizations request similar to the following:

OAuth authorizations request in Microsoft 365

Due to the mobile phone era, most end-users have trained themselves to simply “next” through any permissions requests when installing applications and do not screen these very closely. Once a user grants the OAuth token to a malicious application, the app can perform any actions under the privileges and context of the user with the permissions granted.

OAuth tokens also bypass two-factor authentication and must be manually removed. These characteristics make OAuth-enabled access especially dangerous when in the hands of a malicious attacker. For example, it opens an organization to data breaches where data can be accessed and exfiltrated using the OAuth token. In addition, attackers can launch cloud ransomware attacks to encrypt cloud-housed data, including cloud file storage and email.

Cloud SaaS Risk Assessment is difficult

Properly performing cloud SaaS risk assessments for each cloud SaaS application in the cloud marketplace is tedious and challenging, requiring many hours of dedicated time from a cybersecurity professional. Additionally, as mentioned, there are thousands of cloud SaaS applications. However, with more than 50% of the global corporate data stored in the cloud, organizations must give cloud cybersecurity their full attention.

Businesses leveraging cloud SaaS applications must leverage effective automated cybersecurity risk assessments of cloud SaaS applications to prevent risky applications from being used in their cloud environments.

Protect your SaaS Environment from a Ransomware Attack

Get Started

Shadow IT operations

Shadow IT is a term that notes any software, hardware, or service used by an end-user allowing work-related tasks to be completed without corporate IT approval. This practice can lead to many security, compliance, and productivity issues. So what are the risks associated with Shadow IT operations?

Lost SaaS security controls
Low visibility into applications
SaaS data loss
SaaS data leak
Non-compliance
Expansion of malware attack surfaces
Lengthy downtime
Increased Google Workspace and Microsoft risk management cost

Cloud SaaS applications have made shadow IT operations by end-users easier than ever. For example, managers of a business unit or specific department simply have to provide a credit card number for a cloud SaaS service to start using it without the proper controls in place. In addition, free cloud SaaS solutions may not even require a credit card, allowing end-users to bypass the corporate approval process for cloud services and integrations.

Businesses often lack the visibility needed into end users’ activities, what cloud apps they are using, and how they allow those applications to access business-critical data in cloud storage. In addition, traditional on-premises tools and monitoring are often useless in cloud Software-as-a-Service environments.

Shadow IT operations may also be unintentional without any malicious or covert intent. For example, when users see they can install new cloud SaaS applications easily, they may assume it is sanctioned by the business to do so. So again, it underscores the importance of the company ensuring proper controls are in place to govern which apps are installed and granted access in the cloud SaaS environment.

Note the following:

One survey noted that 33 percent of Fortune 1000 companies have unapproved cloud SaaS platforms storing private or sensitive corporate data
Another report noted that as much as 83 percent of corporate employees engage in informal shadow IT activities, with some 72 percent of CIOs were unaware of the true scope of Shadow IT operations in their environments

With the ease and prevalence of Shadow IT in most organizations, businesses must have visibility to cloud applications used in their environments and implement the controls needed to limit their use in sanctioned cloud SaaS environments.

Building Application Security and protecting your cloud SaaS environment from malicious apps and Shadow IT

Protecting your business-critical cloud SaaS environment is critically important to prevent data breaches and ransomware. Unfortunately, many businesses lack the visibility and automated cybersecurity solutions to help quickly identify cloud SaaS risks and provide automated responses leading to cloud data compromise.

SpinOne provides a robust solution leveraging the power of artificial intelligence (AI) and machine learning (ML) to help businesses have visibility and control over cloud SaaS applications.

It provides the following capabilities and benefits for enterprise cloud SaaS environments:

Continuous risk level analysis of applications – SpinAudit provides visibility when users install or uninstall apps in the cloud SaaS environment. It offers automatic reviewing of applications and those that are blocked using SpinOne policies. When SpinOne blocks an app, the app’s access is automatically revoked
User behavior analysis – SpinAudit provides security information about user behavior, including when they are accessing, applications used, which IP address they are connecting from, and geolocation
Shared items control feature helps understand how cloud data is accessed and shared – See which file resources are accessed and any shared files or folders and see if these are shared publicly. You can capture events in historical dashboards. Sensitive information, such as Credit Card Numbers (CCNs), is easily identified
SaaS security policy orchestration – With SpinOne, you can use granular policies to customize SaaS apps, data audits, and domain audit-related policies to customize cloud SaaS security for your environment. Policies allow for specific rule scopes blocklisting and allow listing, exceptions, and notification settings per-rule basis

Learn more about how SpinOne can help your organization mitigate zero-day attacks and Shadow IT in your cloud SaaS organization in this on demand webinar. Watch now: Mitigate Zero-Day Attacks and Shadow IT