I wish I didn’t feel compelled to write this, as this is one project I was really looking forward to using.
I applied for the beta a while back but didn’t make the cut… obviously they thought they had enough affiliates testing it.
Those affiliates obviously have no idea about business security.
They are asking for and storing Google Account passwords…
That is a high risk
It may also mean that users would give their Gmail account access, which might have other personal data such as hosting and domain registration information.
This could be partially overcome by upgrading to their premium service and running the software on your own server however…
Their automatic upgrade represents a security risk
I wouldn’t trust myself to secure a Rackspace server – actually I was recently helping a friend diagnose a hacked WordPress blog that was on a Rackspace managed server – do you think you are up to the task of securing one of their self-managed servers in the cloud?
One of the reasons I switched to a Liquidweb Storm server was because I didn’t feel confident keeping a server secure for myself, and paying a geek to do it for me just wasn’t working out time or cost effective.
Bevo Media (BevoRyan) stated this on their forums
Liquid Web not a recommended server
Because of the rigorous default permissions set on a Liquid Web server, we highly suggest against using Liquid Web as a way of hosting Bevo Self Hosted. We found that hosting on LiquidWeb creates a ton of issues, and bugs that do not show up when using Rackspace as using your hosting solution. Our self hosted version was made for Rackspace Cloud environment, and although it is possible to install the self hosted version on other servers, we suggest sticking with Rackspace. Rackspace is much less expensive yet more powerful than LiquidWeb, which is why we chose to use them over any other server companies.
I strongly disagree on the cost… I was paying $400/3 months for a good server jockey yet I find Liquidweb support to be better. That was just support.
My Liquidweb Storm server costs me $50 for the base server, $20 for Cpanel + support, and then maybe $20/month on top for bandwidth and backups. I could see the bandwidth going a little higher though I should farm most of that out to a CDN.
I admit using an API isn’t totally secure, but ultimately you can revoke access. You could create special Google accounts and give them access to particular Adwords & Analytics accounts, and then give those passwords to Bevo Media, but the majority of users won’t have the required tin-foil hat to even think about taking that precaution.
If I was using their self-hosted software (which whilst open-source is $200/month) then that is the direction I would have to go for now… creating new Google accounts just for use with Bevo Media.
You could possibly do that for their SAAS version, but that would require very specific training explaining why it needs to be done, and possibly why they felt they couldn’t use the API as provided by Google (which seems good enough for other competitors)
This isn’t that I don’t trust the guys at Bevo Media, I don’t trust people who hack servers to get hold of hundreds of Adwords accounts – it is a huge pot of gold for your average Russian or Chineese hacker to target (or any other nationality for that matter)
Bevo Media might well be great software, I plan to do some more testing with dedicated accounts granted access, but thought it important to get this “out there” before people use their primary Google account details with a 3rd party server.
Whatever you do, don’t give away your primary Google account details to anyone – they are the keys to your online business.