Completing Google’s security audit
In October 2019 Google announced that it was taking extra security measures for apps built on top of the Gmail API. All software vendors who use a “restricted” or “sensitive” Gmail API scope would be subject to a third-party security audit which would cost them anywhere between $15,000 – $75,000. It seems Google implemented these security audits as a direct result of its $56 million dollar fine from the EU’s regulatory bodies for violating GDPR policies. As a result, Google shifted security responsibilities to developers.
What did the audit entail?
The audit entailed a limited penetration test and document review of the LiveAgent application. The third-party security auditors (Leviathan) assessed the application, supporting infrastructure and our staff’s answers in a self-assessment questionnaire. Leviathan verified the application’s use of the following restricted Google API scope:
- https://mail.google.com/ (includes any usage of REST, IMAP, SMTP, and POP3 protocols)
Why did we do the audit?
LiveAgent had to pass the Google Cloud Platform OAuth API Verification audit because our users utilize Gmail/Gsuite accounts. If LiveAgent users logged into our app and it wasn’t considered ‘safe’ by Google, Google would disconnect our user’s Gmail/Gsuite from their Liveagent dashboard. In this sense, our users wouldn’t be receiving emails into their LiveAgent dashboard, and that would defeat the purpose of having a universal inbox.
When did we do the audit?
LiveAgent completed the audit in December 2019 and received passing results on January 7th, 2020.
What were the results of the audit?
The results of the audit were great, we passed! According to our received report, [Leviathan] “confirms that the testing of the LiveAgent application and supporting infrastructure has been completed and that all issues with a Critical or High-risk finding have been remediated.”
Worried about your customer’s data?
Make the switch to LiveAgent help desk software today! We offer state-of-the-art security and comply with Google, GDPR, and ISO equivalent standards.
- Time to Update Your LiveAgent (Announcement)
- Increase Customer Service Satisfaction with Viber
- About.google Help Desk Contacts - LiveAgent
- Google Help Desk Contacts - LiveAgent
- Audit log (Explained)
- LiveAgent's Newest Time Tracker Integration (Announcement)
- Callback Function Explained (+Guide)
- LiveAgent bestowed with prestigious awards in Q1 2021