A three-year-old startup called Overtis launched a browser plugin on Tuesday aimed at letting companies control what data employees can access through web applications such as Salesforce.com and Google Apps.

The plugin, called the VigilancePro Web Application Manager (WAM), allows administrators to blank out certain tabs, hyperlinks and buttons within a web application. For example, an administrator could block access to Salesforce.com's contacts as well as the ability to print or use copy-and-paste depending on where the employee logs in, said Overtis CEO Ed Macnair.

To do this, Overtis has mapped all of the functions within Google Apps and Salesforce in order to provide the granular control, he said. Both of those companies have worked with Overtis to make it work, Macnair said.

Macnair said there are increasing concerns among organisations over how to protect sensitive data when using web applications. Salesforce.com has some controls built in, but the plugin expands on those, while Google Apps has few access controls once a user has been authenticated.

The plugin also provides a full audit trail, which is needed in industries such as financial services, Macnair said. If a user is allowed to print, that event can be logged, as well as what data the employee accessed in the application.

The plugin also acts as a single sign-on mechanism. Users have a login and password for the plugin, which then authenticates the user to one or more web applications. The browser plugin does this by communicating with a server component.

Administrators can also limit what devices their employees can use. The plugin is provisioned by sending an employee an email with a link to download it with pre-loaded permissions. Since the plugin handles authentication to the web application, an employee must have it in order to get access.

The plugin would ensure, for example, that a consultant doesn't have access to the sales or customer information, said Fran Howarth, senior security analyst for Bloor Research.

"The insider threat is large and data breaches are every day news, so this is an excellent tool for controlling information access to try to prevent these problems from occurring," Howarth said.

The plugin is compatible with the Firefox and Internet Explorer 9 browsers, although Overtis plans to release it for Safari and Chrome. The company also plans to develop a version for SAP.

Overtis' idea is not revolutionary but does address key security issues around authentication and data access for organisations using cloud services, said Eric Domage, manager of western European security research and consulting at IDC.

The web browser is the gateway to data held in cloud-computing services, Domage said. However, whether organisations choose to use the plugin will depend on price as companies are unlikely going to want to pay for another application on top of Salesforce.com, he said.

Overtis plans to sell the plugin for Salesforce.com through its App Exchange. It will cost $10 per user per month. Overtis has priced the Google Apps plugin at $5 per user per month.