Copy link below to share.
The size and scope of the recent OAuth attack targeted towards Google Docs users was deeply alarming, and at the same time validated much of what Cisco Cloudlock has been predicting. “We’ve been talking about OAuth as a new attack vector for years,” said Jennifer Sand, VP of Product Management. “We pioneered the detection of these 3rd-party OAuth apps in cloud services and were first to market with it. Historically people think of malware as something that’s often delivered as an executable onto an endpoint, but this is something that never hits an endpoint. It’s cloud-to-cloud traffic that can’t be identified by something that lives on your corporate network or an employee device.”
Cloudlock is a pioneer in the cloud security space. “What we do,” said Jennifer, “is identify compromised accounts, sensitive information, and 3rd-party applications that have access to cloud services like Office 365, Dropbox for Business, Salesforce, Google, and others.” Cloudlock’s focus on protecting sensitive data in cloud applications fueled rapid growth that led to an acquisition by Cisco in August, 2016.
A Secure Solution for In-App Messages
Cloudlock found Pendo as part of a UX initiative to provide users with more in-context help in their product. “As a part of that effort, we evaluated a number of solutions. Pendo won our extensive evaluation process, not only because of the in-app guides but because of the usage metrics coupled with them. Those two things combined in a single product was what drove the decision for us. The ability to survey users on top of that was just a great added benefit.”
Security was obviously a major concern. “Because we are a security company, we had a number of specific security requirements for any solution. Pendo delivered very quickly on some customizations that we needed, and was able to get through all of our security reviews.”
Rapid Response to an Escalating Situation
The product team at Cloudlock has been exploring ways to use in-app messages beyond basic documentation and feature announcements, and the Google Docs attack presented a unique opportunity. “When the Google OAuth attack started appearing throughout our customer base we knew that we needed to send out a notification to our entire customer base,” said Jennifer. “Historically, when we run into things like this we send out an email notification. That is problematic because not everyone is going to read and receive the email. In addition, our email contacts are not necessarily the people using the product. So really in order to reach our customer base, we needed a two-pronged approach: to send out an email alert but also to do in-product notifications.”
The attack presented a unique risk to companies. “This app had the ability to read, send, delete, and manage email. It also had the ability to manage contacts. So it could access all sensitive information that exists in any email. If this app was not detected and revoked, then the potential damage to an organization was enormous.”
We saw a 68% response rate – nothing close to what we’d get through email.
“As we understood more about the pervasiveness of the attack, we learned that the app had a number of different variants. We determined that we also needed to be taking action on behalf of our customers. So we also released a survey to our customer base allowing them to opt in or opt out of our automated action to revoke access to that app. So all of our users got a notification in the product that said ‘This is what is happening. Would you like Cloudlock to take care of this for you?’. If they opted in, they were added to a process that was going through and revoking access to all of the variants of this app as our Cyberlab team was discovering them. The majority of our customers opted-in to the automated fix. We saw a 68% response rate – nothing close to what we’d get through email.”
During the incident we saw a 20% jump in our NPS scores.
Timely Notifications Drive Customer Satisfaction
Using Pendo for the notification provided Cloudlock with immediate customer feedback, but more significant was the impact on customer sentiment. “With email notifications, you can get some kind of read receipt,” said Jennifer. “With Pendo surveys we could have an in-product conversation with our customers about the remediation process. The positive impression that this gives our customers is the really the most important thing here. We have an in-app Net Promoter Score (NPS) survey that we run with Pendo as well. During the incident we saw a 20% jump in our NPS scores, and I can only think that it was in part to having those notifications in the product.”