A big security risk I see in a lot of business environments is the widespread use of 3rd party applications. The inherent use of 3rd party applications itself is not a security risk and I am by no mean telling you that you cannot securely implement 3rd party apps in your environment. Let me explain further.
What is a 3rd Party App?
A 3rd party app is an application that is not created by your operating system developers. If you’re using Microsoft as your operating system then any application not created by Microsoft is considered a 3rd party app. So with that said I guarantee that you have 3rd party apps on your computer right now. It’s OK, I do too! As I type this blog post I am using Chrome Web Browser by Google.
What is the Security Risk?
To demonstrate I will use a common scenario I see as an IT professional, PDF applications. Most people know what PDF files are and PDF applications happen to be one of the biggest 3rd party security vulnerabilities.
So in this scenario, you have just received an email from a trusted source. This email has a PDF file attached that contains sensitive company data. You double-click the attachment and the PDF file opens with your default PDF application. Now I have noticed until the early years of Windows 10 (released July 2015) most users were still using Adobe Reader, which is… a 3rd party app.
But Adobe has always been synonymous with PDF files. The company has innovated how we work with PDF files since the 90s. Adobe is a trusted PDF application and therefore can be confidently implemented into any environment. The issue arises when Adobe needs to be updated! Every time that you use an outdated version of any application, even native Microsoft applications, you run a security risk!
So the problem isn’t the 3rd party apps themselves, but the constant maintenance to keep them updated and secure.
What is my Recommendation?
When Windows 10 was released in 2015 they included a native web browser, Edge, to compete with the all powerful Google Chrome. I will be honest, I opened the first release of Edge and immediately switched back to Chrome. The early phases of Edge just didn’t catch on. In 2019, Microsoft revamped the whole browser and rolled out it out with windows update as the “New Edge”. This new Edge was a lot more intuitive and user friendly than the original. Edge finally became a contender against Chrome.
A nice feature of Edge since the beginning was the inclusion of a PDF reader, however since most users were not using Edge the PDF reader was never used. Around the time that New Edge was released, Microsoft started to set the default PDF application as Edge. From this point on unless a user switched their default pdf program to Adobe, all PDF files will open up with Edge. At first I thought this was a bit pushy on Microsoft’s part but then I saw the advantage.
While the Edge users were consistently being updated with Windows Update, the Adobe users were not remembering to keep theirs updated.
To summarize, I recommend using native applications when you are able to. This goes for all type of applications: web browser, email client, cleanup tools, etc. The more 3rd applications you implement, the more maintenance you will have to consistently perform to maintain your security.
If you have any questions on this topic. Give us a call at (910) 727-2200.
Blogger for Advanced Data Infrastructure, LLC