Skip to main content

Google's new G Suite security feature lets administrators approve or deny apps

google instant
Google is beefing up security for its enterprise G Suite apps with Selective OAuth whitelisting a new feature it announced on Thursday. Starting this week, the Mountain View, California-based search giant will let G Suite administrators specify the third-party apps that are allowed access to a given organization’s data.

“We are constantly evolving and always looking for ways to help our users protect their data,” a Google spokesperson said. “This is just another example of the innovations we are bringing to the table to ensure our customers’ data is secure and protected and can combat new threats as they arise.”

The intent is to cut down on security breaches — specifically phishing attacks like those that affected Google Docs users in May — that occur when apps like calendar managers, email clients, and to-do list organizers gain access to apps permissions. When OAuth whitelisting is enabled, G Suite collates all software that’s been approved or denied, and the data it has (or doesn’t have) permission to access. Administrators can see the number of accounts using an app, prevent per-user installs of an app, or impose blanket rules on Gmail, Drive, Calendar, and Contacts.

“OAuth apps whitelisting helps keep your data safe by letting admins specifically select which third-party apps are allowed to access users’ G Suite data,” Google said in a blog post. “[It helps] guard … core G Suite apps data by preventing unauthorized app installs, thus limiting the problems caused by [malicious apps].”

The new per-app controls come on the heels of Google’s other G Suite security enhancements. In May, the company rolled out updated guidelines aimed at tamping down on misleading and spoofed G Suite apps, and began manually reviewing web apps that request user data. And in December 2015, Google launched Data Loss Prevention tools for Gmail and Drive, which automatically scan outgoing emails and shared files for sensitive data and ensure that users can’t send emails that include full Social Security or driver’s license numbers, and other sensitive data.

Google says those and other G Suite preemptive measures, which include machine learning, Safe Browsing warnings about dangerous links, email attachment scanning, and dynamic sign-in challenges, have helped limit the number of users impacted by wide-scale phishing fraud to less than 0.1 percent.

“Protecting your organization’s most sensitive data and assets is a constant challenge,” Google said. “Our teams will continue our constant efforts to support a powerful, useful developer ecosystem that keeps users and their data safe.”

Editors' Recommendations