Introducing Apps Explorer Policies, Apps Explorer Out of Beta
May 14, 2014
3 minute read
When we announced Apps Explorer late last year, the new feature gave admins the ability to audit third-party applications installed by users, view the permissions the app requested, and add applications to a whitelist or blacklist. Today, we’re excited to announce that Apps Explorer is now out of beta in limited release, and we’ve added another layer of functionality to the feature: Apps Explorer Policies.
Monitoring Third-Party Apps
Google Apps users are inundated with apps–from productivity and scheduling tools to games and social networks–with thousands available via the Google Apps Marketplace, Chrome Web Store, iTunes Store, Google Play Store, and other sources. Users are installing these apps on computers and mobile devices alike, accepting the requested permissions using their Google Apps credentials–thus granting access to their Gmail, Drive, Contacts, and more.
Though users have the authority to install unlimited third-party applications, administrators still lack the tools to review which apps are gaining access to their domain’s data. And ultimately, IT is responsible for the data misuse or loss that could result from a user giving access to an untrusted application.
However, admins can regain control using BetterCloud’s Apps Explorer feature, which presents a comprehensive list of installed applications and their access level. With this information, admins can research applications and vendors, then make informed decisions–taking action to approve or revoke each app. And now, admins can create granular policies for evaluating third-party applications.
Creating Policies
Much like Drive Sharing Policies, Apps Explorer Policies allow you to automate compliance based on specific criteria. This way, users can have the freedom to browse and install apps that add value, while admins can prohibit unsecure apps from leeching company data. Begin using policies in a few easy steps:
1. Create a policy for the entire domain, an Org. Unit, or an individual user. You can also layer multiple policies–consider setting a baseline policy for everyone, then stricter policies for summer interns or contractors.
2. Next, determine what criteria an app needs to meet to be flagged or removed from your domain. Decide if “All” or “Any” of the conditions must be true, then select which permissions the app must request to be in violation of the policy.
For example, if your organization is primarily concerned with apps that request read/write Drive access, you can set a policy to revoke those apps and review others on an individual basis.
3. Set the access scope–whether or not an app is able to request domain-wide access–and decide what is an acceptable permission score, which is a number from 1-10 that indicates the riskiness of an app.
4. Finally, determine whether an app that meets the conditions should be whitelisted or blacklisted immediately or left for admin review, and also choose whether or not to notify the installing user via email.
Additional Enhancements
Along with policies, Apps Explorer saw several other enhancements, including the ability to:
→ View a list of all users who have installed each app on the app’s detail page
→ Revoke an app from a specific user from the app’s detail page
→ Notify specific users to ask them to remove an app, or explain why they may need it
→ Add exceptions to the whitelist or blacklist for specific users
Key Takeaways
By giving admins the ability to closely monitor each app that a user authenticates through their Google Apps domain, organizations can feel more comfortable allowing users to install third-party applications and take advantage of all of the valuable functionality they have to offer.
Apps Explorer is currently only available to BetterCloud Enterprise customers. If you would like to request trial access, please email apps-explorer@bettercloud.com.
[EPSB]
Like what you’ve read? Get more great articles like this delivered directly to your inbox.
MktoForms2.loadForm(“//app-ab09.marketo.com”, “719-KZY-706”, 839);
[/EPSB]