Third-Party Apps: 5 Steps to Empowering Your Users While Minimizing Risk

A major draw of Google Apps is its ability to integrate with other SaaS applications. Whether there’s a specific feature from a legacy system that isn’t available in Google Apps out of the box, or a user is just looking for a tool to solve a specific problem, chances are…“there’s an app for that.”

By authenticating an app, that third-party application has access to specific data such as your user’s Contacts or Drive. With such access, developers are able to synthesize your data and present it in new ways, providing users with insights and functionality they wouldn’t have otherwise.

However, granting third-party apps (and vendors) access to your data doesn’t come without risk, and one that is largely out of the control of IT.

A New Paradigm

Organizations moving to the cloud face much different challenges than they did using legacy systems like Active Directory. Among them is the difference in administrative control; admins used to have strict oversight of both on-premise server systems and local computers.

In the old system, users had to request permission from an admin to install new software or applications. But over the past 2-3 years as various app stores and marketplaces have really taken off, users gained the authority to install and authenticate applications without permission from–or even the knowledge of–IT.

From project management and scheduling tools to accounting and finance apps, a wide variety of applications are offered within the Marketplace–all integrating seamlessly with Google Apps and utilizing single sign-on. And without any way to view which applications users have granted access to, many admins safeguard their domains by disabling the use of third-party applications altogether.

This all-or-nothing approach means many organizations are missing out on extensions and apps that can enhance their users’ productivity. But, by using Apps Explorer and following these recommendations, you can monitor and control which kind of apps users have access to.

5 Steps to Empowering Your Users While Minimizing Risk

1. Discover
→ Find out which applications users have installed by navigating to Google Apps > Apps Explorer in BetterCloud
→ Evaluate each application, reviewing the permissions apps request and how many users have installed them
→ Research applications online, looking for ratings, reviews, and for security certifications earned by vendors

2. Define
→ Consider your organization’s stance on third-party applications–do you have a culture of individual accountability or do all policies come from the top down?
→ Determine which level of access is acceptable–do you feel uncomfortable giving an app read/write permissions to Drive, but read access to Gmail is okay?

3. Communicate
→ Devise a plan to relay your organization’s policy to users
→ Send a company-wide email or host a training session or lunch and learn to make sure users have a chance to ask questions and voice concerns
→ Let users know that the policy is intended for their protection and the safekeeping of your organization’s data, not to prevent them from using tools they need

4. Enforce
→ Monitor Apps Explorer regularly to check for new installs, scanning for suspicious apps or those requesting unnecessary permissions
→ Review who is violating policies and installing blacklisted applications, then email users warnings and violation notices

5. Adjust
→ Make changes to your organization’s policy as needed, keeping in mind that new apps are continuously entering the market and existing apps are adding functionality
→ Install applications that users frequently request on a test domain, and whitelisting those that add value
→ Consider rolling out the most popular and productivity-enhancing apps domain-wide–don’t forget to ask the vendor for bulk licensing discounts!

Rinse and Repeat

Through vigilance and communication, you should reach a point where you can trust your users to evaluate and make informed decisions about new applications on their own–just check Apps Explorer regularly to stay informed, make adjustments to your whitelist and blacklist, and enforce policies when necessary.