Lesson from huge Blue Shield California data breach: Read the manual

The bigger question for a CISO to consider, he added, is whether data sharing with a third party is part of their threat model. There is inherent risk in sending data to a cloud provider, he said, but that risk may be outweighed by the benefits of using a reputable cloud provider.

“From a CISO’s perspective, here’s the key,” said Esnar Seker, CISO at SOCRadar: “When configuring Google Analytics, you must ensure that no query parameters, form inputs, or dynamic page elements can inadvertently pass sensitive data into the tracking code,” to prevent it from tracking URLs with embedded personal information. For example, he said, if your application generates URLs like example.com/results?user=JohnDoe&dob=01011990, Google Analytics will collect those parameters unless the data is explicitly filtered out.

Letting Google Analytics capture form field values should also be avoided, he said. This includes names, emails, birth dates, or anything classified as personally identifiable information or personal health information. Many sites unintentionally pass these through JavaScript variables that Analytics scripts can pick up, he noted.