Posts

Showing posts from December, 2019

Can you verify Cloud App vendors ?

Image
Evaluating cloud app vendors After discovering that users could authorize 3rd parties to access enterprise data by just 3 clicks, we started to look at who people had actually given access to. One such 3rd party was Boomerang aka Baydinc. I remember I have seen the name before. I do not know the company, but we have a few happy users of their product. This blog article is about how to judge if a plugin should be allowed or not, or if it is even possible to make this judgement. This article uses Boomerang for Outlook as an example, and looking with paranoid glasses, it would be a clear no. But that would be based on stereotypes, prejudice etc. The unbiased conclusion is, that it is impossible to evaluate. Outloook Add-In Store In the store, it only gets a 3 start review. This might be a warning indicator.  Next, looking at what permission it needs, Microsoft clearly writes it can access and modify personal information in THE active message. Installing it, and pres