Your Cloud, My Cloud, Security in the Cloud

I had a great conversation the other night while at the Seattle Web Analytics Wednesday (#waw) with Carlos (@inflatemouse) and a dozen others. @inflatemouse brought up the idea that an analytics provider using the cloud, increases or at least possibly increases the risk of security breach to the data. This is, after all a valid point, but because of the inherent way web analytics works this is and is not a concern.

Web Analytics is Inherently Insecure

Web analytics data is collected with a Javascript Tag. Omniture, Webtrends, Google, Yahoo, and all of the analytics providers use Javascript. Javascript is a scripting language, which is not compiled, and stored in plain text in the page or an include, or passed into the URI when needed. This plain text Javascript is all over the place, and able to be read merely by looking at it. So the absolute first point of data collection, the Javascript tags, is 100% insecure.