Published On: Thu, Sep 29th, 2016

Third Party Apps and their risks to the Enterprise

If you have any kind of smart phone or tablet than you are familiar with the term “app”, which are different features that service different purposes on your device. Many come installed but you can also download third-apps that do a plethora of things for your convenience. Apps have now become so central to our lives that it is almost hard to remember a time when we didn’t have them to hand every minute of every day.


You may be wondering what exactly is a third-party app. Well, essentially it is an application that is provided by a vendor other than the manufacturer of the device. For example, if you have a smartphone and it comes with your basic keyboard functions but you want a more emojis or language capabilities and your phone does not have it then you have to download a third party app that gives you those features onto your device. Third-party apps are increasingly becoming targets for cyber criminals who seek to gain access to private data. This breach in security is a frustrating problem on a personal level but it is a problem that is becoming increasingly more common for businesses as hackers wise up. The techniques that are used in personal attacks can be utilized to retrieve sensitive data from the enterprise.

More than 10 million users & 160,000 apps installed

A survey recently conducted with ten million users with personal devices connected to enterprise systems found nearly 160,000 different apps being used. It was found that almost 80 per cent of those apps were labelled as either medium or high risk. That is an outstanding number and organizations should be concerned. Because of the size of the challenge, organizations need to develop a high-level strategy to address the shadow app problem. There several new techniques in which hackers are attacking systems, one of those ways that is severely overlooked by users (even on their personal devices) includes stealing data cashed by apps that do not follow strong API security protocol.

Beware of third party apps on your network

Businesses have not been the best when it comes to running third-party software on their enterprise many do not have controls in place to evaluate the security of these entities and their apps. If businesses are going to allow third-party application usage on company issued devices than it is up to them to make sure that there are clear guidelines on what apps are acceptable and which ones are not.

Business should include third-party apps in their enterprise security strategy and should include the proper tools and resources to enforce security controls employed by those applications. Those apps should be vetted by their IT team to make sure they are safe to use on all employees’ devices that are going to be connected to the business’s enterprise. Included in that strategy should be a governance process that overseas both onboarding and the exit process of third-party applications.

Many security breaches have come because accounts have not been properly closed out on old devices or with old versions of apps. Furthermore, regular audits of devices connect to a business’s enterprise should be conducted periodically to verify security controls of apps.

If your business is one that is going to be conducting majority of its business on cloud based systems and has users with multiple devices connecting to your enterprise than you need to think about security procedures for third-party apps. Remember that it is your brand on the line, you wouldn’t want to leave your sensitive data open for third-party attacks simply because you did not set clear expectations.