27% Of Corporate-Connected Apps Are Risky

Number of apps up by 30x, with many asking for sensitive connections to enterprise.

The rapid rise of third-party apps is the new battlefront of BYOD security, and as enterprises seek to protect PII, they are struggling to keep risky third-party apps unhooked from sensitive assets. According to a new study out today, the number of third-party apps has risen significantly in the last two years and many of them add considerable risk to organizations.
Conducted among 10 million end users, the analysis done for the
CloudLock Q2 2016 Cloud Cybersecurity Report
found that the number of potential third-party apps is 30 times greater than it was two years ago, with an increase of 19% in just the last three months. Meanwhile, the third-party application installations connecting to corporate networks has increased by 11 times since 2014. According to a report, nearly one-third of these apps can be classified as high-risk.
The difficulty for enterprises is that while powerful apps have enabled users to get more done from anywhere, that very power poses a lot of risk. When these apps are authorized with API access to corporate data with a complicated mesh of authorizations through numerous SaaS ecosystems, it becomes increasingly difficult to keep data safe. For example, the convenience and seamlessness of OAuth authenthicated apps poses problems for enterprises.
Third-party apps authorized via OAuth-connections have extensive -- and at times excessive -- access scopes, the report says. Because they can view, delete, externalize, and store corporate data, and even act on behalf of users, they must be managed carefully.
According to the reports data, the average number of apps connecting to organizations has jumped from 130 to 733 since 2014. The risk rating granted to these apps by CloudLock was determined based on a matrix of factors, including the permissions required to authorize the app, crowdsourced trust ratings, and research -based vulnerability ratings. Only about 15% of apps today are considered low-risk.
The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems, says Ayese Kaya Firat, director of customer insights and analytics for CloudLock. Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft.

Related Content:
Whats At Risk When CISOs Say No
Epic Security #FAILS of the Past 10 Years
Understanding the Cloud Threat Surface
Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the
conference schedule
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
27% Of Corporate-Connected Apps Are Risky