A recent development in the world of data security has sparked a conversation among Chief Information Security Officers (CISOs) regarding the risks and benefits of sharing data with third-party cloud providers. According to industry experts, the decision to share data with a third party should be carefully considered as part of a company’s overall threat model.
One expert, Esnar Seker, who serves as the CISO at SOCRadar, highlighted the importance of configuring Google Analytics properly to prevent the inadvertent sharing of sensitive data. Seker emphasized the need to ensure that query parameters, form inputs, and dynamic page elements do not pass sensitive information into the tracking code. By taking these precautions, companies can avoid the risk of Google Analytics collecting URLs with embedded personal information.
In addition to filtering out sensitive data from tracking codes, Seker also advised against allowing Google Analytics to capture form field values such as names, emails, and birth dates. These types of information are considered personally identifiable and should not be shared with third-party tools like Analytics. Many websites unknowingly transmit this data through JavaScript variables, allowing Analytics scripts to pick up on them.
The key takeaway for CISOs is to carefully consider the potential risks and benefits of data sharing with third-party providers. While there is inherent risk in sending data to the cloud, the benefits of using a reputable cloud provider may ultimately outweigh those risks. By implementing proper configuration measures and avoiding the sharing of sensitive information, companies can enhance their data security practices and minimize the likelihood of data breaches.
Overall, the topic of data sharing with third-party providers is a complex issue that requires careful consideration and proactive measures from CISOs. By staying informed about best practices and implementing robust security measures, companies can mitigate the risks associated with data sharing and protect their sensitive information from unauthorized access.