Google recently announced a new security feature – OAuth apps whitelisting, for its G Suite customers.
The feature will provide better visibility and power in hands of the customers, allowing them to define how their data is being used by third-party apps.
Google added the feature into its G Suite security controls with an effort to improve the data access permissions and protect user data from any phishing attacks.
A few months back, Gmail users were hit by a phishing scam, consisting an email claiming to be an invite for Google Docs. Though actually, it was a hideous act to prompt users to give access permissions to the third-party apps to use their personal data.
With the new feature, Google tries to prevent such phishing attacks in future by ensuring better security level for the users’ data.
The G Suite admin can whitelist apps and let the users decide whether they want to give permission to the third-party app to access organization data or not. With this, users can be saved from getting tricked into accidentally giving permission to the apps.
Users will get clearer visibility into the app – like app name, app ID, app type, what data they can access and it is currently being used by how many users.
“This prevents malicious apps from tricking users into accidentally granting access to their corporate data,” Google explained.
If the feature is enabled by the admins, then the third-party access will be based upon the defined policy.
Google will roll out the feature to the admin console in coming days and has also prepared a tutorial to help admins understand the process.
Since the beginning of the year, Google has been putting efforts to protect customer data by introducing multiple security features like DLP (Data Loss Prevention), phishing detection and S/MIME encryption.
Amidst increasing cyber-attacks, such security features will ensure better protection for user and organization data.