Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Dmitry Dontov
Dmitry Dontov
Connect Directly
E-Mail vvv

Four Rules and Three Tools to Protect Against Fake SaaS Apps

Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.

When employees work in an office setting, they operate under a certain number of protections. There is likely a secure network connection, up-to-date software defenses, and a team in charge of monitoring threats and educating employees on risky behavior. The shielding of company (and even more importantly, customer) data is of utmost importance. Even in this setting, the number of employees who admit to using unauthorized apps, devices, or other technologies is approximately 40% at any given time. Nearly half of all employees are engaging in risky behavior. And that's just when they're in the office. 

Now, with the influx of people working from home and operating outside normal, secure on-premises parameters, the likelihood of experiencing cybercrime has increased. Some experts predict that by the end of 2020, shadow IT will be responsible for one in three security breaches. An increasing concern in the world of shadow IT is the rise of fake SaaS-connect applications. While banning employees from downloading these and other types of apps would undoubtedly reduce the threat, a more effective method probably lies in between no apps and free rein. 

Here are four rules and three tools that can help you control this rogue behavior and minimize the risk fake SaaS apps pose to your company. 

Rule 1: Openly Allow the Use of Third-Party Apps
To develop structure around the use of these apps, you have to acknowledge they're being used. Banning the practice entirely creates an environment where people refuse to ask for help, especially if something seems amiss. By explicitly recognizing the ongoing use of third-party apps, you can build in mandatory rules that make their usage much safer for the company as a whole.  

To create a list of mandates, it's essential to know which apps post the most risk to the organization. Utilizing a third-party software system that can track which apps are downloaded and rank those apps based on assumed risk is recommended.

Rule 2: Generate a List of Approved and Banned Apps
Once you have visibility into the number and types of apps living on the devices throughout your network, you can assess which are compliant with your organization's privacy and security policies. Making a public list of which apps are allowed (and which should be deleted) is an excellent way to encourage the use of safe apps and even introduce your employees to new options that may make them more productive. If there are several "allowed" apps in various categories on the list, it lessens the chances that employees will go off on their own to find a potentially risky solution.

Rule 3: Host Mandatory (Virtual) Cybersecurity Trainings
The most significant risk to your data security is not the fake SaaS apps; it is the people who download them. It only takes one non-compliant person to introduce risk to an entire data set. For this reason, it's imperative that ongoing cybersecurity training is a part of your total protection strategy. These trainings are not just crucial for new employees during the onboarding process. They should be updated and viewed yearly by all employees in the organization. Investing a little in education can reduce the risk of being compromised substantially. 

Rule 4: Set Clear Rules Around Sensitive Information Sharing
Leaked sensitive data can create a real issue for both individuals and the greater organization. If an employee has given a risky app access to their email or cloud drive, and there is sensitive data stored in these areas, a bad actor can take control. Confidential information sharing can legally compromise the whole company and generate enormous fines for noncompliance. Setting clear, visible rules around user permissions and sharing platforms can help mitigate your chances of a breach. 

Now that the rules are established, how can you monitor adoption across the organization? Consider these three tools, all recommended for minimizing the risks associated with fake apps and Sshadow IT. 

An App Audit Solution
Look for a solution that will conduct automatic, ongoing scans of all third-party apps connected to your employees so you can identify risk in real-time. These tools will also inform the list of banned apps noted in rule two. Having the ability to see apps and their risk score all in one place is a great advantage for anyone looking to take better control of unauthorized activity.

A Backup Tool
One of the risks of shadow IT is data loss. If a third-party app or a Web extension is run by a threat actor, it can infect your data with ransomware or delete it. A reliable backup solution is an indispensable part of every organization where data management is a focus. Ransomware risks are higher than ever as cybercriminals turn their attention toward the cloud-based services being used by remote workers. Make sure your data is protected from all sides. 

A Ransomware Protection Tool
Ransomware is one of the main risk factors associated with third-party applications. It can seep through unauthorized applications and devices that your employees bring to work every day. Ransomware exploits any vulnerability and can move quickly from device to device and straight into your organization's network. Choose a solution that can stop an attack while it's in progress and flag it immediately. The sooner you're aware of a breach, the more likely you are to save your data.

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dmitry Dontov is the CTO and Founder of Spin Technology, a cloud data protection company based in Palo Alto and a former CEO of Optimum Web Outsourcing, a software development company from Eastern Europe. As a serial entrepreneur and cybersecurity expert with over 20 years of ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read ...
PUBLISHED: 2021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/t...
PUBLISHED: 2021-05-14
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is...
PUBLISHED: 2021-05-14
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application tha...
PUBLISHED: 2021-05-14
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream...