Security

The Alpin team recently had the pleasure of exhibiting at SecureWorld Denver 2018. The conference was full of friendly hosts, fantastic speakers with great original content, and new solution providers like Alpin.  

 

Hello from our team!

 

The Alpin team, including an awesome Daenerys Targaryen cosplay rocked by our wonderful Customer Success manager, Laura (costumes were welcome, it was Halloween!)

 

So what did we learn from SecureWorld 2018? Here are a  few takeaways from conversations, presentations, and discussions:

 

TL;DR

 

  1. Yet another Facebook breach gives hackers access to full account details.

 

  1. Different mechanism, but similar outcome: G Suite users and admins should realize that users signing into applications via the extremely popular Connect with Google button gives those web apps access to corporate data — often full access to email contents, calendars, contacts, and more.

 

  1. Alpin shows a list of apps with dangerous access, and allows you to blacklist them in 1 click.

 

In this ebook, we explore the need to discover and cut rapidly-growing cloud software expenses.

The ebook includes the current state of shadow IT and the high prevalence of “shelfware” –  software that’s paid for but never used. Cloud apps can be especially hard to find, so we describe manual and automated methods to find the software. Then, we then discuss the costs you should expect to be able to cut and how to cut them.

If you’re looking to cut a lot of costs and help solve the issue of shadow IT at the same time, you’ll enjoy this ebook.

blacklist dangerous applications

If you are running G Suite, you’ve likely noticed how incredibly easy it is for your users to allow access to sensitive information. We have seen notable cases like this and this where seemingly innocuous permissions have resulted in significant data breaches.

Why does this happen?

Google and third party apps have prioritized user adoption and ease of use. This has led to the unintended consequence of easily allowing users to provide access to their data — and at work, that may mean sensitive company data.

A whole class of stealthy security vulnerabilities has already invaded your organization. And your users are adding them every single day.

Third party applications can have dangerous permissions that suck confidential information from your email, documents and databases — and you can’t even see it happening.

But you have a secret weapon to kill these dangerous permissions.

A cunning attack that lasted only 1 hour exposed roughly 1 million users and businesses to extremely serious risk of identity theft, stolen money, enormous business liability and more — all made possible by user trust in a commonly-used feature in one of the web’s most well-known brands: Sign in with Google.

 

How did it happen? How was it fixed? What does it mean for users? And what do you need to do? Read on for definitive answers.