A third-party plugin that is hosted in a SaaS app can pose risks to your organization
if the plugin has access to sensitive data through the SaaS app.
Some SaaS apps that you connect to SSPM can host functionality developed by a third
party. Users might install this third-party functionality to extend the capabilities
of the SaaS app. For example, a Zoom user might have installed the Zoom for Google
Workspace plugin to schedule Zoom meetings from Google Calendar. Various terms are
used to describe the third-party functionality, such as third-party apps, add-ons,
extensions, and plugins. We will refer to third-party functionality that is hosted
in a SaaS app as a
third-party plugin. We call the SaaS app that hosts
the third-party functionality a
marketplace app. However, the
documentation for your SaaS apps might use different terms.
Although third-party plugins enable users to extend the capabilities of a marketplace
app, they can be a security risk to your organization. To use the capabilities of a
third-party plugin, users grant the plugin some level of access to the marketplace
app. Users might inadvertently grant access to plugins that are not sanctioned by
your organization, giving the plugin access to sensitive data. An unsanctioned
plugin with privileged access might then be exploited to exfiltrate data or
otherwise harm your organization.
To help you address the threats posed by third-party plugins, SSPM gives you
visibility into the third-party plugins that are being used in your organization.
SSPM detects the third-party plugins that are connected to a marketplace app, and
also shows the level of access that the plugins were granted.
You can view this information in the
following two ways:
- Across all marketplace apps from the 3rd Party Plugins page (). The 3rd Party Plugins page displays a table of all the
third-party plugins that were installed across all the marketplace app instances
that you have onboarded to SSPM.
- Navigate to the Plugins tab to view a list of all
the third-party plugins. Use this information to determine the risks posed by
third-party plugins and to take action, if necessary, by
revoking access to the risky plugins.
- Navigate to the Users tab to view a list of users
who have access to third-party plugins for certain marketplace
applications. From here, you can determine risks by users.
- Navigate to the Plugin Library, which provides a
catalog of the plugins that are
available from the supported SaaS app marketplaces. This catalog shows
information, such as the publisher of the plugin, that can help you
judge whether you want to allow the plugin in your environment.
- For one marketplace app, from the Connected Applications
tab of the app's details page. The Connected Applications tab displays the
following information about the third-party plugins that are installed in the
marketplace app.
- A list of the Connected Applications that are
installed, including, for each plugin, the number of active users and
the number of access scopes. The list also indicates which plugins have
not yet been reviewed. You can click the name of the plugin to display
additional details. Use this additional information to help determine if the plugin
poses a risk to your organization.
- If supported for the SaaS app, a list of all the
Users who installed plugins. For Slack, a
list of the Workspaces on which plugins are
installed. From here, you can determine risks by users.
