Recently Google announced a change to its Google Drive interface, encouraging Google Apps users to connect 3rd party apps to their data in Google Drive. This change will certainly drive users to try new apps in the Google Apps ecosystem, and will make enterprises using the online productivity suite assess which 3rd party apps should be allowed in corporate accounts. In this post, we’ll look at how end-users can connect 3rd party apps to their data, and how companies can decide which apps should be enabled in the corporate domain.
How to Connect 3rd Party Apps to a Google Drive Account
When a user creates a new document, the following menu now appears:
Clicking on the “Connect more apps” link brings up a window that highlights available 3rd party apps the user can install and associate with different document types:
Clicking on an app will bring you to a detailed description along with user ratings:
Once you’ve clicked to connect the app, you’ll see the following:
When a user clicks “Allow access” (and they will), the application will now be linked to their account, letting it:
- View basic information about their account
- View and manage files that they have opened or created with the app
- Manage the user’s contacts
- Perform these operations even when the user is not using the application
Later we’ll get into more on what these permissions mean and how companies can manage which apps can do what within their domains.
Using a 3rd Party App in Google Drive
Let’s take the example of an app called Form+, which allows you to extend the features and design of Google Forms. Once you’ve clicked on the “connect more apps” link in the create menu and found Form+, you’ll see:
After clicking to connect Form+, you’ll be asked to grant the following permissions:
Clicking to allow access will bring you to a secondary permissions page:
Clicking allow access again will bring you to the app, allowing you to create a new form.
Taking a look in Google Drive, you’ll see that Form+ has created a new folder containing a link to the form as well as the spreadsheet containing submitted answers:
Clicking on the file “New Form.form” will redirect you to the form within the Form+ application:
What Connected 3rd Party Apps Mean To Companies Using Google Apps
Enabling Trusted 3rd Party Apps in Google Drive
Now that end-users can decide which 3rd party apps they want to use personally, this can be a huge productivity boost, allowing employees to get their work done in whatever way they see fit. When employees find apps that boost their efficiency, companies may want to roll out these apps company-wide as part of a corporate Approved Application Policy.
CloudLock Apps Firewall is designed to allow users the freedom and flexibility to perform their daily tasks while providing IT with the visibility and control to enforce the Approved Application Policy (AAP).
Control The Information 3rd Party Apps Can Access
Conversely, companies will want to discover, classify, and decide which 3rd party apps should not be allowed access to the corporate domain.
Some examples of cases where a customer needed to revoke an application follow:
- Legitimate Applications That Behave Unexpectedly – We’ve seen a perfectly legitimate productivity application from an established company performing unexpected actions. For example: files that are accessed by the application were shared externally without the user explicitly allowing this action.
- Questionable Apps – We’ve witnessed applications that were granted access to users contacts that sent spam to every employee.
- Well-known Applications That Are Hacked – We have seen instances where a popular and established application has been hacked, putting all users that have given access to the app at risk.
In each instance, organizations with the problematic app look to revoke all access from the hacked application until the issue is resolved.
Summary
Google’s push to let end-users decide which apps should have access to their data will drive adoption of 3rd party apps. This increase of employee productivity must also be balanced by the need for security of corporate data and accounts.
Related Articles
- How to Discover, Classify, and Decide Which 3rd Party Apps to Allow in Your Domain
- Best Practices for Creating an Approved Application Policy (AAP) in Google Apps
- Best Practices for Determining the Risk Profile of 3rd Party Apps in Google Apps
CloudLock Collaboration Security
See how CloudLock Collaboration Security can help your organization manage sharing policies based on content patterns, keywords and metadata. 7 day free trials are available on the Google Apps Marketplace.
CloudLock Apps Firewall
See how CloudLock Apps Firewall can detect potential risk created when 3rd party apps are authorized by employees and apply mitigating controls.
{ 1 comment… read it below or add one }
One thing worth adding is Google provide a JavaScript client library for connecting to Drive. What used to be the only option, was that third-party applications had to send data via their severs both to and from Drive. All other cloud storage providers only allow this mechanism.
The JavaScript client library was launched around summer 2012 and we have it working in production, it works really well. What this means is all data goes directly from the browser to Drive and vice versa. We never actually see the users’ data.
This might sound subtle, but it’ll actually a huge advantage that this third-party app integration for Drive has over the other vendors in the space in terms of security and information access control. In practise you won’t see the “perform these operations while I’m not using the application” that indicates that the third-party server doesn’t have the ability to access your Drive from their server.
Generally, the fewer permissions the Drive enabled application asks for, the more users trust it to install.