Photo credit: www.csoonline.com

Considerations for Data Sharing and Analytics Security

When evaluating the integration of third-party services, CISOs must assess whether sharing data is a crucial component of their threat model. While utilizing cloud services carries inherent risks, these may be outweighed by the advantages offered by established cloud providers.

Esnar Seker, CISO at SOCRadar, emphasizes a critical aspect of using Google Analytics. “When configuring Google Analytics, ensure that no query parameters, form inputs, or dynamic elements inadvertently transmit sensitive data into the tracking code.” This is vital to prevent the tracking of URLs that may contain personal information. For instance, URLs generated by applications, such as example.com/results?user=JohnDoe&dob=01011990, may lead to the unintentional collection of sensitive parameters unless explicit filtering is applied.

Furthermore, Seker advises against allowing Google Analytics to capture form field values. This precaution includes avoiding the transmission of names, emails, birth dates, and any data considered personally identifiable information (PII) or personal health information. Many websites inadvertently expose such details through JavaScript variables that analytics scripts can access.

Source
www.csoonline.com