The promise and peril of third-party integrations

Idan Gour February 16, 2022

We’ve entered the hyperconnected era.

In an effort to drive productivity and growth, businesses are embracing third-party cloud applications at an unprecedented rate. And they’re increasingly tethering these applications to core systems – like Google Workspace, Office 365, Salesforce, and Github – to achieve automation and data-sharing at scale. 

This is great for innovation – and terrifying for security. (Case in point: 93% of companies report a cybersecurity breach in the past year related to weaknesses in their digital supply chain.)

The exploding world of third-party integrations presents daunting new security challenges. These integrations effectively define a new cloud perimeter, one in which the points of connectivity between applications and core systems have become the most vulnerable attack vectors.

“What are the primary risks of third-party app-integrations – and how can digitally connected enterprises protect themselves?”

Risk #1: Supply chain attack

  • What it is: A third-party app integrated to a trustworthy central platform may move or “leak” sensitive data into a less secure environment. Malicious actors abuse security vulnerabilities associated with a legitimate (but less secure) third-party application – and exploit its privileged access to distribute malware or access sensitive information (like credentials or data).  
  • Recent example: Hackers compromised the software development tool Codecov to gain access to – and rapidly copy and export to an attacker-controlled server – sensitive secrets,credentials and IP associated with software accounts at thousands of clients.
  • Why third-party integrations increase the risk: More and more, third-party applications hold the “keys to the kingdom”: the most privileged credentials in the enterprise. Any third-party application that can be compromised opens up the possibility of unauthorized intrusion (and data extraction, ransoming, and more) by malicious actors.

Risk #2: Direct malicious access

  • What it is: Malicious actors seek direct access to core platforms by tricking users into providing consent (via OAuth permissions rather than explicit credential phishing) or by taking advantage of leaked API keys, certificates, webhooks urls, etc.
  • Recent example: Microsoft recently warned of a phishing attack n which Office 365 users received emails intended to trick them into granting OAuth permissions to a fake app.
  • Why third-party integrations increase the risk: With third-party applications increasingly integrated to core platforms, access tokens can deliver malicious actors a payload of data and direct access to connected apps.

Risk #3: Compliance violations

  • What it is: An act that compromises an organization’s ability to comply with relevant governmental, legal, or industry frameworks – for example, data privacy regulations (like GDPR) or security and governance (like SOC 2). 
  • Recent example: Ticketmaster received a $1.6 million fine for GDPR violations after hackers exploited vulnerabilities in the code of a third-party chat app vendor on its checkout page, exposing customers’ personal and payment data. 
  • Why third-party integrations increase the risk: Any third-party application involved in data processing is part of an enterprise’s regulatory purview – meaning that the organization is ultimately responsible (often financially and legally) for its handling of sensitive data. 

How to avoid the pitfalls of third-party integration

The field of access management emerged to address security challenges associated with the proliferation of third-party applications. Some of the most popular services, like Okta, exist to manage user access to key resources and services.

This is a good start. But the world has changed – and the discipline of access management hasn’t kept up.  

Access management is still all about users. But with third-party applications increasingly integrated with core systems in a dense web, it’s the connections themselves that need auditing, monitoring, authentication, and governance.

What does third-party integration access management look like? At Astrix, we believe that, for a start, technical leaders need a new toolkit to go from gatekeepers to growth enablers in the age of cloud hyper-adoption – critical capabilities like:

  • Risk visibility. One-stop inventory of all organization’s third-party connections, powered by continuous exposure identification and in-depth contextual analysis.
  • Threat detection. Identification of external connection threats, integration misuse, and anomalies with a logic engine built for the complexities of third-party integration.
  • Rapid remediation. Contextual and actionable mitigations to address emerging threats and to reduce the attack surface.
  • Lifecycle management. Out-of-the-box and zero-trust-inspired security tools to gain control over all app-layer access, set enforcement guardrails and prevent policy drifts.

Learn more about how Astrix can help your enterprise accelerate cloud adoption fearlessly with integration access management built for the era of hyperconnectivity.

Learn more

The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes

The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes

Detect and Rotate Exposed Secrets with Astrix

Detect and Rotate Exposed Secrets with Astrix

Securing NHIs in Salesforce and NetSuite for SOX Compliance

Securing NHIs in Salesforce and NetSuite for SOX Compliance