The number of third-party apps connected to corporate environments increased by 30 fold over the last two years, the firm reported, from 5,500 to 150,000 apps.
CloudLock ranked more than a quarter of the apps found in business environments (27 percent) as “high risk,” which means they were more likely than other apps to open pathways into an organization for cybercriminals.
Companies have not ignored that danger, CloudMark’s researchers also found. More than half of third-party apps were banned in many workplaces due to security-related concerns.
All third-party apps pose a risk to the enterprise, but a specific subset of apps are particularly risky. The apps that touch the corporate backbone are the riskiest of all shadow applications.
Problems arise from the kinds of access the apps request from users. When you want to use them, some of them ask you to authorize them to use your corporate credentials. When you do that you give those apps and by extension their vendors access to your corporate network.
The apps can pose a risk not only when they’re being used, but also when they’re not.
When you enable an app’s access and two years later, you may not even remember you have the app on your phone, but the app continues to have programmatic access to all your data.
Because of the size of the challenge, organizations need to develop a high-level strategy to address the shadow app problem. They need specific application-use policies. They need to decide how they will whitelist or ban applications.