microworks - Fotolia
Years ago, a former colleague fumed on a regular basis that Google was reading his email. He grew increasingly outraged as targeted ads continually popped up in his Gmail account. The publishing types he vented to during lunch knew there was truth to his concerns about Google's increasing access to data. But many of us also thought he was a bit paranoid.
His son had a different last name and was a popular anchor on The Weather Channel. When I channel-surfed during a major storm, he was always there getting pelted by rain, slammed by surf or knee deep in flood waters as he talked to storm-struck locals.
Ten years later, it turns out my former co-worker got that early forecast right. The text in free email accounts supported Google and its partners' rise to the top of the advertising world, bolstered by search and personalized ad campaigns. And it didn't stop there: To attract third-party developers, Google and other platform companies dangled not only APIs but access to data gathered from unwitting customers.
Most organizations have strict policies regarding developer access to production environments. Access to data to fuel app engines is sometimes encouraged, however, and not as strictly monitored outside of compliance requirements. What data, if any, should third-party developers have access to? What are the restrictions and how are those policies enforced?
In June 2017, Google said it would stop using email text for personalized advertising. The company also modified its Google API Terms of Service and User Data Policy to help developers provide "clear and accurate information" to Google users regarding permission requests for access to data (identity of application using the data), types of data being requested and the purpose of the application making these requests.
Third-party developers are still reading your Gmail, according to a Wall St. Journal report in July 2018, and so are employees of third-party email providers. While GDPR, which went into effect in May, is changing the rules on how companies share data, modification of website processes is simply not enough. It's time to figure out how developers are handling your data before the storms around Google, Facebook and others shift under climate change.
- Visibility to Workflow: How IT Leaders Can Discover and See All Technology ... –ServiceNow
- Obtaining Best-in-Class Network Security with Cloud Ease of Use –Palo Alto Networks
- A Practical Guide To Automating Away IT Drudgery, Energizing New Ideas, And ... –ServiceNow and EVIDEN
Dig Deeper on Security operations and management
Storm-0324 gathers over Microsoft Teams
How Storm-0558 hackers stole an MSA key from Microsoft
Microsoft finds Storm-0558 exploited crash dump to steal signing key
Risk & Repeat: Microsoft takes heat over Storm-0558 attacks