More than 27 percent of apps connected to corporate environments pose a high security risk, possibly exposing corporate data to outsiders, said a new cloud cybersecurity report. The CloudLock survey examined 10 million users, one billion files and more than 150,000 apps.
A large part of the threat comes from apps’ use of OAuth, a popular open protocol that lets users allow an app to act on their behalf without sharing their password. Some third-party apps using OAuth “have extensive, and at times excessive, access scopes,” CloudLock warned in the report. “Because they can view, delete, externalize and store corporate data, and even act on behalf of users, they must be managed carefully.”
The seven most risky apps? Clash Royale, Goobric Web App, My Talking Tom, Evermusic, Music Player, Pingboard and 8 Ball Pool.
The 10 apps most often banned as security risks: WhatsApp Messenger, SoundCloud, Power Tools, Free Rider HD, Madden NFL Mobile, Zoho Accounts, Sunrise Calendar, Pinterest, Airbnb and CodeCombat.
The top 10 trusted apps: Slack, Asana, Turnitin, Lucidchart, Smartsheet, LinkedIn, Zoom, Zendesk, Hubspot and Quizlet.