Lately we have been talking a lot about security and for good reason!
When it comes to overall data governance, the need for strong, sound data security is a must, especially in today’s world where the internet has transformed how organizations do business.
The growth of cloud computing has been advantageous to businesses, but at the same time it has increased exposure to data security threats. The need for governance over data security has never been more essential and critical.
Google Analytics and Google Tag Manager (and other cloud-based tag management solutions) are great tools, and while they offer security features, these alone do not make for strong, sound data security governance. This responsibility lies solely with the organization.
Relaxed or deteriorating security processes erode your data security. Without strong data security, you are risking:
- Losing access to your data
- Actually losing your data
- Negatively impacting the quality and integrity of your data
Here are 4 ways to get smart with your GA and GTM data security governance:
- Assign an owner, who has accountability and resources (budget) to implement, manage and maintain data security processes.
- Administer a purposeful approach to GA & GTM user management.
- Check out our post “Who has Access to your Analytics Accounts“.
- Make it a policy to only use/allow corporate email IDs access to your GA and GTM accounts to minimize the risk of losing access to your GA/GTM accounts and potentially all your data.
- What happens if Tom leaves the company and he maintains the only full admin access to your GTM account under ‘firstname.lastname@example.org’? What control do you have? ZERO.
- Corporate emails can be registered as a Google ID:
- Use discretion when granting GA/GTM permissions to users such that the permissions given match the level of accountability they have for the data – Do not give everyone the same permissions.
- Make it a requirement that a user of your GA/GTM accounts, at a minimum, has completed the Google Analytics Academy courses for the specific tool or completed more formal training and or has obtained certifications (if required).
- Conduct regular audits of all the users in your accounts.
- Formalize a process for removing a user’s access to GA/GTM prior to or on the day of the user leaving the organization or the specific role.
- Implement a process (and act on it) to revoke access to those that are not using a corporate ID.
- Create a backup process for your GTM container (to an offline location) via export functionality in GTM Admin section.
- Should something happen to your GTM container, you will be able to restore.
- Require “record-keeping” via annotations in GA views and notes to GTM containers to record any significant events or changes, like site launches and tracking updates.
- If something goes wrong, you have a starting point to begin your investigation.
Do you have any tips for data security governance to share? We’d love to hear them!