Overview

With the abundance of SaaS apps available and employees having unrestricted access to numerous tools, organizations face increased security risks. The Torii SaaS management platform addresses these challenges by helping you stay on top of shadow IT and minimize organizational security risks:

1. Complete Visibility: Torii provides comprehensive visibility into third-party apps accessed via organizational Google, Azure AD, and Slack accounts. You can also configure notifications for newly discovered apps and the potential security risks associated with these connections.

2. Proactive Security Measures: Torii allows you to proactively revoke employee permissions for unsanctioned apps linked through Google, thereby safeguarding sensitive organizational data.

Monitoring third-party party app connections

The Security page provides a detailed summary of all apps connected via Google, Azure AD, and Slack accounts. Here, you can see how many users have connected to each app, assess the potential security risk, and review the specific permissions required by each app.

Blocking Access to Sensitive Data with Torii

Available for customers on the Enterprise plan

Torii provides you with the capability to manage and secure data access for applications connected to users' Google Workspace accounts. This feature is similar to what an Admin can view in the Google Workspace Admin console, specifically under Users -> User -> Security -> Connected applications.

Understanding Google Workspace App Access Management

Google Workspace allows you to "temporarily remove an app’s access to data" through the Google Workspace Admin console. By clicking the "Remove" button, an Admin can revoke an app's access to a user's data. However, this action is temporary, and Google notes that if a user has the necessary permissions, they can grant access to the app again by signing in, which restores the data access.

How Torii's "Block Access" Feature Works

Torii's "Block access" feature extends the functionality of Google's "Remove" button. While Google's removal is temporary, Torii continuously monitors for any re-granting of access to the app and automatically revokes it within a few minutes. This ensures a persistent block on the app's access to the user's data.

When you block access in Torii, it effectively revokes the permissions granted to the app to access the user’s Google data.

Example Use Case

Consider a user who has given the Calendly app access to their Google Calendar. If you mark the Calendly app as "Closed" in Torii and enable the "Block access" feature, Torii will revoke Calendly's access to the user's calendar. If the user attempts to reconnect Calendly, Torii will detect this and revoke access again, maintaining a secure environment.

End-User Experience of Being Blocked

The end-user experience of being blocked can vary depending on the app. In some cases, users might not notice the block at all. In other instances, users could be logged out of the app or lose access to specific features. For more detailed information on the impact of removing app access, you can refer to Google's documentation on the "Remove App" feature and contact Google for further assistance.

How to See Which Apps Were Blocked

To see which apps were blocked:

1. Navigate to the Security page in Torii.
2. Look inside the "Google Workspace" list.
3. A blocked app will show zero users in the list.
4. In the permission column, it will state "Revoked by Torii."

Please note that only apps with at least one user who connected via Google and granted permissions will appear in the list. Apps that are closed and were never connected via Google, or those that were connected but did not receive permissions, will not be listed under Google in the Security tab.

Configuring the "Block Access" Feature in Torii

To configure the "Block access" feature:

1. Navigate to the Settings page in Torii.
2. Enable the "Block access to sensitive data for third-party apps" toggle.

Once enabled, Torii will automatically revoke permissions for all users who have connected to closed apps via Google. This ensures that sensitive data remains secure and inaccessible to unauthorized applications

Best practices

Here are Torii's recommendations for staying on top of shadow IT and minimizing security risks:

1. Enable "Block Access": Turn the "Block access" setting to "On" to ensure unsanctioned apps cannot access organizational data.
2. Use Shadow IT Discovery: Set up a workflow to notify yourself about new apps and their associated security risks.
3. Review and Close Unsanctioned Apps: Regularly review new apps and set those you do not approve to "Closed." This will ensure that any app connected via Google will not have access to sensitive organizational data.