A few years back big IT players – like Google – started placing more focus on the security of the integrations and their API access that they have with other tools.
Google turned their open API into a closed one. Now to access it, you need to meet a certain set of requirements.
That’s why as one of Google’s integration partners, Woodpecker goes under the microscope once a year – so Google can see if our app complies with these standards.
Here’s a few words about what’s being audited and what the process looks like.
What’s being checked?
For IT geeks: Woodpecker’s compliance with Google’s API policy (the parts that fall under the scope of our native integration).
For non-technical people like myself:
If you’ve ever connected your mailbox to Woodpecker, you probably remember this image:
If – like most of our customers – you’re using Google as your email provider, you connected your mailbox in just a few clicks.
You were able to do so because our tool is natively integrated with Google.
More than that – it’s because of the native integration that we can import your From name from Gmail into Woodpecker. It’s also why you can remove emails both from your Woodpecker Inbox and your Gmail inbox straight from our app.
That’s when Woodpecker gets access to a part of your data stored by Google – and the reason we get audited yearly. This way Google makes sure the data they keep is safe when it’s synced with Woodpecker.
What does the audit look like?
First of all – it’s not Google itself that does these audits.
They work with external security assessment companies (exclusively with those that are accredited by them), and those companies perform the audits. Leviathan Security Group is the one that does the assessment for Woodpecker.
Their auditors take a look at a part of our system – the one that’s accessing and storing the data coming from Google – and validate whether it meets the Big G’s requirements.
We’re being audited every year, and always pass the test. We make sure we’re keeping up with the security standards so we can keep the full scope of the integration.