Contact Us:
+1 818 927-3660

Cloud Security image

How to Protect Your Organization from Risky Third-Party Applications


Today’s guest blogger is Ben Howard, Global Partner Manager, BetterCloud

The adoption of cloud platforms over the past few years has brought huge benefits to organizations of all shapes and sizes. Specifically, Google Apps presents immense opportunities to leverage the power of third-party applications for even more benefits, like increased collaboration, productivity, communication, and more.

As an administrator, its vital to the overall security and health of your domain to be aware of these applications, how they are utilized by your users, and the potential risks they may bring to your organization. This post takes a deep dive into these third-party applications and how you can reduce the risk brought to your organization.


How Are Third-Party Apps Installed?

Users are installing these apps on computers and mobile devices alike, accepting the requested permissions using their Google Apps credentials–thus granting access to their Gmail, Drive, Contacts, and more.

Though users have the authority to install unlimited third-party applications, administrators still lack the tools to review which apps are gaining access to their domain’s data. And ultimately, IT and security teams are responsible for the data loss or misuse that could result from a user giving access to an untrusted application.

There are four primary marketplaces where both end users and domain administrators can browse and install third-party applications:

  1. Google Apps Marketplace – Available for both end users and administrators, the Marketplace is an online store with cloud applications for businesses.

  2. Chrome Web Store – An online marketplace for Chrome users, where users can find and install browser extensions.

  3. Google Drive Add-Ons – Available directly within Drive, add-ons provide extra features for Docs, Sheets, and Forms.

  4. Mobile Apps – Users can also install mobile applications on cell phones and devices using their Google Apps credentials, creating a risk if the device gets lost or stolen.

When a user attempts to install a third-party application using their Google Apps credentials, he/she must review and accept the data access the app is requesting.

Apps request varying levels of access in order to integrate with Google Apps and build upon the functionality provided. For example, an app that aids in scheduling may request access to your Google Calendar.

Given the extensive data access that an app could request, and that these applications are oftentimes built by independent software vendors (ISVs), IT and security teams should be vigilant about evaluating each application installed on their domain.

However, while end users have the authority to authenticate and install third-party apps using their Google Apps credentials, domain administrators lack the tools to audit and control the types of apps installed and the data access they’re requesting.

Solution – Review Applications One-by-One

Users can view all applications with authenticated access to their account:

  1. Visit

  2. Navigate to Account Permissions > Apps and Websites > View All

  3. Scan through the list, reviewing each application and whether it is necessary or still in use

  4. Revoke access to an app to remove it from your account

While this is a handy tool, it is difficult to mandate that all users regularly review the third-party apps they have installed. Also, IT and security teams still don’t have any insight into this information or ability to enforce it.

Solution – Review Applications in Bulk Using BetterCloud

BetterCloud is a comprehensive security and management solution and the number one tool for Google Apps administrators.

In order to review all third-party applications with authenticated access to your domain, as well as the data access those applications request, use BetterCloud’s Apps Audit functionality.

Admins can then decide if certain applications should be prohibited for the entire organization, remain accessible for only certain organizational units or restrict access only to a handful or even just one user.

To streamline this evaluation process, IT admins can utilize Apps Audit’s powerful policies–using this feature, IT admins can enforce acceptable use policies based on a number of conditions an app meets, such as data access level requested (ex. read/write Gmail, read/write Drive, etc.) or the app’s permission score.

With better auditing, insights, and compliance policies like those provided through Apps Audit, IT and security teams can confidently allow users to leverage third-party apps without risking data exposure.

Additional Benefits

While a primary focus of Apps Audit is protecting your domain from data loss, by having a list of every application installed by users, you’ll inevitably start to see trends. With that, you can:

  • Discover which applications are being used by the majority of your organization or certain teams

  • Purchase licenses through the IT department to consolidate billing

  • Inquire about earning your organization a per license discount


There is no doubt that third-party applications represent a huge risk to organizations. With proper knowledge, foresight, and leveraging BetterCloud, administrators can reduce that potential risk brought to their domain.

To download a free security and compliance whitepaper and to learn more about Apps Audit, click below.

Free Security and Compliance Whitepaper


Familiar, simple, secure—it's time to give G Suite a closer look.

Organizations are moving to the cloud, and for good reason. Google Apps cloud solutions make it easier to collaborate, access files on the fly, and manage security. Download this free eBook, G Suite: Key Statistics and Use Cases for the Enterprise, to learn how Google Apps are revolutionizing modern work processes.

Download eBook

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>