More and more employees are bringing their own devices to work. BYOD is a permanent fixture of the modern age. It’s a free-for-all device party every day of the week. People now work from any location at anytime, which means Shadow IT must be addressed by security leaders. Luckily there are pain-free solutions to discover and control cloud apps.
Cisco Cloudlock is a Cloud Access Security Broker (CASB) used to secure the apps organizations use to run their business such as Salesforce, G Suite, Dropbox, Slack, Office 365, etc. If you’ve ever seen the prompt to “Login with Google” on a newly downloaded application, you’ve run into OAuth, which is a standardized way for Internet accounts to connect with third party applications.
OAuth is being taken advantage of by hackers in order to carry-out complicated phishing attacks. If an employee working off the corporate network downloads a new app to their device and then signs into this app using a work account identity, they are giving that app permission to view and sometimes change the data within the corporate application they used to sign in. Even if the app is innocent, the company behind the app could be compromised. Another problematic scenario is when a benign app distributes sensitive information to fulfill its function resulting in dangerous data leakage. Unfortunately OAuth can be taken advantage of maliciously and already has been the source for a number of notable attacks.
Securing applications in the cloud is a blind spot for many organizations. So what can be done about it? We suggest investing the time to implement a CASB such as Cloudlock from Cisco.
With Cloudlock your organization:
- Gains visibility of Client/Shadow IT without disrupting the user’s experience with the application.
- Defends against OAuth-based attacks within the growing volume of cloud-to-cloud communications off-network.
- Revokes access to risky applications based on their permission level in order to enable compliance policies.
- Utilizes intelligent insights to identify an app’s risk score with Community Trust Ratings.
Click here to learn more about OAuth.