Google is rolling out a new security feature for enterprises customers of its G Suite hosted apps that allows administrators to choose exactly which apps have access to user data.
The feature is designed as a barrier against phishing attacks, many of which try to fool or confuse users into giving attackers access to sensitive information. The new control is tied to the OAuth implementation in G Suite and it allows admins to whitelist specific apps or block API access to certain apps from third-party apps.
“OAuth apps whitelisting helps keep your data safe by letting admins specifically select which third-party apps are allowed to access users’ G Suite data. Once an app is part of a whitelist, users can choose to grant authorized access to their G Suite apps data. This prevents malicious apps from tricking users into accidentally granting access to their corporate data,” Google said in a post explaining the new feature.
“Once the OAuth whitelisting settings are in place, access to third-party apps is enforced based on the policy set by admins, and employees are automatically protected against unauthorized apps.”
Phishing attacks, especially those that target mobile devices, often are designed to gain access to a victim’s email inbox or other sensitive applications. On mobile devices, malicious apps sometimes will bury permission requests in long dialog boxes or use other methods to hide them. The app whitelisting approach that Google is taking with G Suite would stop that kind of attack even if the user was tricked into granting the permission.
Google also recently added the ability for G Suite users to encrypt email messages on the client end through the implementation of Virtru’s encryption technology.