One of the least fun responsibilities application owners have is maintaining proper process and data controls. This has to be done to ensure cybersecurity is considered with any functionality that is enabled for the application users.
Tools can be very impressive, but they can also be very dangerous when it comes to cybersecurity.
It is common for application owners and security architects to characterize this responsibility as the ‘paranoia’ work.
Typically, when a 3rd party application is purchased, you expect a high-level of confidence that the security model in their applications is strong. However, this is not always the case.
If a vulnerability is available, it is critical that either a technical or process adjustment is made to block the vulnerability.
This may not make everyone happy because it may make work a little more difficult, but it is better than becoming another company in the news with a data breach.