In organisations around the world, it is often the case that there are two definitions of how work is supposed to 'get done'.
On one side there are the managers and policy-setters who set up frameworks and regulations in order to make the best use of the business' resources, while at the same time trying to protect it from outside threats.
However, if these restrictions cause slowdowns in workflow – and many do – then employees will be tempted to explore options outside the required framework in order to complete their tasks.
The problem is that while most third-party professional applications are benign, they still create opportunities for malicious parties to exploit a breach in the organisation's defences.
On top of this, the potential improvements rendered by external services can be quite valuable to the entire firm – as long as it passes a security audit.
Trusting this process to the individuals who use the system is not always a wise idea, as their familiarity and appreciation for its services may cloud their judgement.
A more diligent approach is to have a work system reviewed by an impartial team of security experts who are trained in the techniques used by malicious parties to gain access to privileged information through external services.