In an effort to give admins and IT leaders better visibility into how their data is being used by third-party apps, Google released a new feature called OAuth apps whitelisting on Thursday. The feature, announced via a Google blog post, could help admins protect their organization from malicious apps looking to leverage their data.
Once a given app is whitelisted, G Suite users can choose whether or not they want to allow it to access their organization's G Suite data, the post said. The goal is that this would cut down on users being tricked into accidentally granting permission to the wrong apps, the post said.
Fine grained visibility will show the user the name of the apps in the organization, their app ID, and what kind of application it is (e.g., web application, iOS, or Android). It will also show what G Suite data it has permission to access, and how many users are currently using the app.
SEE: Google Go Programming for Beginners (TechRepublic Academy)
In the same dashboard, users can also sort the apps by their status as to whether or not they are trusted apps or not. Additionally, the feature can help "guard OAuth access to core G Suite apps data by preventing unauthorized app installs, thus limiting the problems caused by shadow IT," the post said.
If OAuth apps whitelisting is enabled, third-party app access will be determined based on the policy set by admins, the post said. As such, employees should automatically be protected against these unauthorized apps, too.
This announcement follows other security updates that Google has made to G Suite in 2017. Back in January, Google introduced a host of features such as security key enforcement for more access control, data loss prevention (DLP) and S/MIME encryption across certain G Suite apps, along with some other capabilities. The company announced new machine-learning powered protections against phishing as well.
The new feature will show up in the G Suite Admin Console sometime in the next few days. Interested G Suite organizations can find out more information here.
The 3 big takeaways for TechRepublic readers
- G Suite's new OAuth apps whitelisting feature offers more visibility into how third-party apps are using an organization's G Suite app data.
- Admins receive fine-grained visibility into certified trusted apps, app IDs, and what permissions they have.
- Google continues to add more security features to G Suite, including additional encryption features and machine-learning based phishing detection.
- 5 steps to securely transfer G Suite data when an employee leaves your company (TechRepublic)
- Gmail fake Docs attack: Now Google tightens OAuth rules to block phishing (ZDNet)
- 10 tips for getting the most out of Google's G Suite apps (TechRepublic)
- Google plans to leverage G Drive for broader enterprise footprint, team management and collaboration (ZDNet)
- Google boosts G Suite manageability with enterprise-grade security controls (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.