When I started working in IndexTools, many customers accessed their web analytics data using a single username and password. In many offices, this username and password was shared among all of the relevant analysts. In some cases it was given to someone in Marketing. Occasionally it was given to an executive. The passwords often went unchanged for quite some time. Anyone who had been given the username and password would have access – whether they still worked for the company or not. For the Partners, one username and password gave access to every underlying client account. End customers could add multiple users, all with the same viewing and editing rights.
When IndexTools was bought by Yahoo! in 2008, this practice was promptly knocked on the head due to the obvious potential for abuse. We moved into a single-sign-on model in which an individual gains access to their web analytics account using their Yahoo! account ID. Also, we introduced various user management elements, like restricting access to a particular report or project for a user (see all user management options in the screenshot at the end of the article).
Now, I am not simply telling you this to sing the praises of Yahoo! Web Analytics (that’s a given) – I want to stress the importance of user management in whatever tool you use. Please, please, please, I beg of you – PLEASE don’t share usernames and passwords!
Visitor Privacy – Online and Offline
Look at the distrust in website visitors whenever there’s a mention in the media of being tracked by evil code that is designed to carefully brainwash you into selling your granny for the latest iThingy.
All that can be done in that case is to offer visitors the opportunity to opt out of being tracked, or assure them that personally identifiable information (PII) is not being stored. It’s a matter of education and reassurance.
Why compound the privacy issue by not taking responsibility when it comes to data privacy in your own backyard?
Manage Your Company Numbers Intelligently
There are also other considerations to take into account, like competitive advantage or simple data overload. Look into the access restriction practices in your web analytics tool (they all have some level) and manage the way that access and control is shared out in your company. For example
- Why give an executive access to all the data when all he wants to see is a relevant dashboard?
- What if you have 2 branches of the same company that essentially compete against each other – do you necessarily want each to see the other’s data?
- Why give the office intern administrative access to the web analytics tool? Are you prepared to take responsibility if they delete an important client’s campaigns?
Everyone who has access to a web analytics tool needs to take responsibility for that access.
Tips on Managing User Access to Data
Here are some tips and tricks on managing users and access.
- Don’t share usernames and passwords among employees.
- Investigate the access levels and security in your web analytics tool.
- Assess the access needs of those who use the tool. Do they need to see all of the reports? Do they need to be able to add users/change settings?
- Investigate the report export abilities of your web analytics tool. Are there people who really just need a scheduled report emailed to them on a data sub-set?
- Make your tool administrator responsible for user administration.
- Advocate for a regular review of the existing users (perhaps a user has not left the company, but moved departments – do they still need access?)
- Delete the access of users who leave the company
- Encourage users to change their passwords regularly.
Yahoo! Web Analytics User Management
As an example, here’s a look at what can be done in Yahoo! Web Analytics in terms of user management and general security (see screenshot below too).
- Restriction of access to the web analytics UI to an IP address or set of IP addresses.
- Creation of an Administrator User – this user has unlimited access to all reports, all projects etc.
- Creation of a Power User – unlimited access to reports etc but can be limited to specific projects (websites)
- Creation of a User – unrestricted access to reporting (for selected projects) but no access to account management or user management features.
- Creation of a Restricted User – access only to selected reports or dashboards.
