InfoSec Blog - Office365 Add-ons are Risky!
December 6, 2017
By nature, third-party applications pose a significant security risk. Although Microsoft takes great care to secure Office 365 environment, this effort can be negated by granting a potentially insecure third-party vendor permission to access customers' data. In order to publish an application in Office 365, vendors need to meet specific requirements, but Microsoft cannot verify the safety of every application. Therefore, it is important to review each application carefully, with particular emphasis on what data it has access to, as well as privacy and security policies of the vendor.
The risks of using third-party apps are based on the following critical issues:
Data privacy and protection
There is a possibility that customers' personal information which is collected while signing up for the services opens up opportunities for its unauthorized disclosure. Some third-party tools use questionable practices in terms of private data collection. Some collect data in the background, which is aggregated into profiles and then sold.
Business continuity is not guaranteed
The University does not have any influence over third-party applications, which means there is a risk that the product could be discontinued at any time without prior notice, in case of malfunction or error in the service, for example.
Questionable business practices of some add-on providers
The business model of some add-on distributers is based on the sale of user data. Users are generally kept in the dark about which data is being sold to whom. Several data vendors even offer so-called “Developer Toolkits” as free add-ons that can be used to collect user data and turn it into profit.
Add-on accessing internal environment
When users enable add-ons using their University's credentials, a pathway is opened between University's domain and the add-on. This path is open in an "always on" manner. This means that if an add-on has access to manage and delete users' files , it may do so around the clock. The pathway creates the potential for exploitation if the add-on is not trustworthy, or the add-on was compromised. If an add-on enabled in your environment is compromised by a hacker, the hacker can act on behalf of the user by leveraging the permissions granted to the add-on.
At the University of Guelph, we take security and privacy of our institution’s data very seriously, and therefore have implemented a process to disable add-ons by default. When requests are received to enable add-ons CCS will analyze the application against pre-defined criteria to ensure it is safe to implement.
Written By: Natalia Dashevska (Analyst 3, Content and Document Management)