Google OAuth Application Whitelisting On July 6, 2017, Google announced a new set of OAuth Security controls, called “OAuth Apps Whitelisting”. With these new security controls,…

Google OAuth Application Whitelisting

Russell Miller

Russell Miller has spent over nine years in network security in various roles, from ethical hacking to marketing. As Director of Product Marketing at CloudLock, he evangelizes cloud security as a business enabler.


On July 6, 2017, Google announced a new set of OAuth Security controls, called “OAuth Apps Whitelisting”.

With these new security controls, an admin can:

  1. Detect third-party apps that are accessing G Suite data
  2. Allow access to apps that are trusted
  3. Block unapproved third-party apps that access core G Suite services

Cloudlock has led the OAuth security market for several years with our Applications Firewall and Google’s announcement validates our position that OAuth security has been a critical and severely-neglected area of cloud security.

Cisco commends Google for responding to the recent OAuth Phishing Attack. In addition to sending users emails for newly-installed apps, Google has changed the OAuth prompt behavior to allow for more granular controls.

Google’s new whitelisting capabilities were critically needed by companies needing only broad-brush controls. However, there are a number of OAuth security controls that many organizations still require. Here is a comparison table of Google and Cisco Cloudlock’s OAuth Security capabilities:

OAuth Security Capabilities Google and Cisco Cloudlock Comparison

A Comparison of OAuth Security Controls Offered by Google and Cisco Cloudlock (July 2017)

In addition, the Cisco Cloudlock Apps Firewall provides a full workflow around sanctioning and/or banning applications. This includes identifying risky applications, notifying administrators and end users, and providing detailed access information to help security admins make intelligent risk-based decisions.

Keep your eye out for new Cloudlock announcements about how to prevent Cloud Malware while continuing to enable productivity.

Interested in learning more? Try our new OAuth Risk Assessment tool and in less than 60 seconds, uncover potential exposure from your connected 3rd party apps.

Get a Free OAuth Cloud Security Risk Assessment from Cisco Cloudlock

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser