Using workflow & collaboration platforms is the norm for all of us. Whether physical, remote, or hybrid, today’s workspace is adopting such technologies faster than ever. For many teams, everyday work is happening on Google Workspace, Microsoft Teams, Monday, Zoom, and Slack. The growing demand for more functionality has created a vibrant ecosystem of business apps and integrations. Even most modern browsers now provide extension support, enriching the user experience and capabilities.
In addition, no-code tools like Zapier and Bubble are slowly but surely finding their way into the mainstream of business, marketing, and creative work. These applications allow more people (a.k.a. citizen developers) to create custom-designed apps and business processes, driving increased interconnectivity between tools, boosting productivity, allowing more data to flow freely, and improving workflow efficiency.
Firstly, 3rd-party integrations collect vast amounts of data about you, your team, and your customers. You often probably don’t even realize you’ve given a company permission to see personal information! We have analyzed the top permissions required by 3,900 of the most popular integrations on Slack and Zoom and highlighted the permissions that might lead to sensitive data being stored and processed by the integration’s backend.
Top required permissions by 2,517 Slack integrations:
|Perform actions in channels & conversations||24%|
|Perform actions in your workspace||22%|
|View content and info about channels & conversations||20%|
|View content and info about your workspace||19%|
|View content and info about you||8%|
|Perform actions as you||6%|
|Administer Slack for your organization||1%|
Top required permissions by 1,414 Zoom apps:
|View and manage your meetings||16%|
|View your user information||14%|
|View your meetings||10%|
|View all user information||9%|
|View and manage all user meetings||8%|
|View all user meetings||6%|
|View your profile information||4%|
Given these results, the potential of your sensitive data being exposed intentionally (for monetization) or unintentionally (via data breach) is not zero. It is estimated to be closer to a low two-digit percentage.
Data protection regulations and security compliance are starting to affect smaller companies, SMBs, and startups, which means that R&D, sales, and marketing teams will need to keep an eye on cloud security, code, and the tools they use. Complying with standards and regulations like the GDPR, CCPA, ISO-27001, SOC2 might be a time-consuming process, while failing to comply is likely to hurt business performance and user trust. Choosing only the safest 3rd-party integrations from the get-go will save you time and money when choosing to comply with current & future regulations.
Platforms make it easier than ever to add new integrations, which is great for productivity and collaboration but can impose new threats on your company’s data. The risk is twofold:
First of all, full security & privacy evaluation of a 3rd-party is performed mostly by mature organizations with a dedicated information security team, and less by small companies and startups, which are focused on pressing issues like growing customers and generating cash flow. A typical internal assessment for a new integration would require several steps:
Many solutions perform data-loss risk evaluation, protection, monitoring, and data discovery. However, they are designed mainly for corporate, often cost lots of money, and require complicated integrations, management, and a dedicated team. Even if you pick one of these solutions, it’s usually long after your data has been exposed. That definitely defeats the purpose of protecting your data! It’s more effective to perform quick data safety checks for new apps before integration, preventing the risk of data exposure in the first place and reducing the need for expensive DLP solutions.
From our conversations with information security experts, the task of evaluating the trustworthiness of a specific integration is challenging, time-consuming, and often requires a lengthy manual process. It’s somewhat surprising that in 2021 we still don’t have an online open repository for a data security and privacy evaluation of popular SaaS providers, integrations, and no-code tools, especially since many companies are performing a similar review over and over again per integration. Such an online repository would benefit large and small companies with their data protection efforts.
You probably shouldn’t blindly trust a new business app with your information. The main reason apps overlook data protection and confidentiality is the high cost of security on the one hand and the high monetization potential on the other.
As a company that uses 3rd-party integrations, it’s often too complicated and costly to perform a data detailed security assessment for every integration, not to mention performing ongoing data protection monitoring. The challenge is even more significant for smaller companies and startups without a dedicated information security team.
Here are 7 simple but useful ways to help you decide which integrations are safe and will probably protect your data:
Remember that every third-party has its own way of protecting data privacy, and you should always question how they do so! When adding a new integration to your Slack, Zoom, Chrome, Google Workspace (or any other business platform), it’s important to keep in mind that not all integrations are created equal in terms of data protection. In order to protect your customer data, emails, payments, and documents secured, it’s crucial to perform some evaluation or research, as described in this post. We hope this post will help you keep your data safe with your new and existing integrations!
Need help? Interested in early access? Want to get in touch? Send us a message below, or email us at firstname.lastname@example.org