FREE Shadow IT Assessment tool
.png)
All I want for Christmas is visibility into Oauth Apps
Last week while the US was gobbling down turkey our Canadian team decided to build a FREE tool for you to see how your organization is sharing permissions with all those 3rd party sites.
We all know that employees are quick to click through Google’s OAuth consent screen so they can get back to the task they are trying to accomplish, but sometimes the scopes they allow are overly permissive. It’s also really difficult to get a quick overview of the situation with the google admin console. So we decided to build something that makes it all quick and easy.
What is OAuth Shadow IT?
OAuth Shadow IT refers to unauthorized third-party applications that employees have granted access to your organization's sensitive data. These applications can range from productivity tools to niche services, and they often operate under the radar, posing significant security risks.
Why is OAuth Shadow IT a concern?
- Expanded Attack Surface: OAuth-enabled applications can significantly expand your organization's attack surface, making it easier for malicious actors to exploit vulnerabilities and gain unauthorized access to valuable information.
- Cloud-to-Cloud Communication: These applications often communicate directly with cloud providers, bypassing traditional network security controls. This makes them difficult to detect and monitor, creating blind spots for security teams.
- Data Leakage Risk: Unauthorized applications can potentially leak sensitive data outside the organization, either intentionally or unintentionally.
- Vendor Risk: Relying on third-party applications introduces additional vendor risk.
- Compliance Violations: Using unsanctioned applications can lead to violations of data privacy regulations.
Taking Control of Your OAuth Landscape
To combat OAuth Shadow IT, you need visibility into the applications that have been granted access to your organization's data. That's where YeshID comes in.
YeshID's Free OAuth Shadow IT Tool
This is how you can scan your Google Workspace: First, to use this tool you will need to grant us two scopes: the ability to read users and the ability to read the applications that users have granted access to. As a note, we do not store any of this data, everything is done in the browser locally without sending requests through our servers. I’ll also tell you how to remove access at the end.
- Visit our Shadow IT Assessment Tool
- Click Begin Scan
- Authorize YeshID access to list users and their scopes
That’s it! The scan will start immediately. As scan results come in you will see a report similar to this:
From here You can see the applications, number of users who have granted some amount of access to the app, scopes that are common, sensitive scopes and restricted scopes. Clicking on the app will drill down to see which scopes that have been granted and by who. In this example, I can see that Slack has some pretty broad access to some of our employees' files, in particular Slack could delete all of their files. Now in this case I’m not worried because It’s Slack, but if the app is not one I recognize I might dig a bit deeper and maybe recommend to the employee to rethink the access they have granted.
If you want to remove the access you’ve given YeshID, Go to https://myaccount.google.com/, click security on the left side, scroll down and on the right side of the screen you will see a section called third-party apps & services, click see all connections. Then search the list for YeshID and click on it. At the bottom of the screen click “Delete all connections you have with YeshID”. That’s it!
We hope this tool has been helpful. If so you might want to take YeshID for spin with our free trial. We have a much more powerful version of this report that will update daily so you can keep track of all those apps and be alerted when Steve in accounting grants a bit too much access. We’re always looking for feedback and we would love to hear your thoughts in our Slack channel
