At first, it might sound like an extra administrative burden: adding yet another platform. When you read that authentication for our Data Export Service is handled via Google, understandable concerns may arise regarding additional administrative burden or the need to manage a new supplier. We understand that completely.
Nevertheless, we made this choice very deliberately. In this article, we explain why this approach not only helps meet current security requirements, but is ultimately also more efficient and secure for your organization.
No proprietary API, but piggybacking on cloud-native benefits
We are sometimes asked why we do not offer the data via a standard, self-built API. The answer is practical: the integration capabilities and security of a cloud-native solution are many times more extensive and robust than we can facilitate ourselves via a standalone API.
With this setup, for example, you can integrate the data directly with various dashboarding tools, something that is not immediately possible with a standard API. Additionally, you can use the standard Google REST API and excellent client libraries in a wide variety of programming languages. This makes retrieving, linking, and processing the data much simpler and more stable.
No data replication: access to data that already exists
Our Spend Cloud is hosted on the Google Cloud Platform (GCP). For our data warehouse, we use Google BigQuery, a serverless solution.
A major advantage of this approach is that we do not need to replicate or move any data for this export solution. The data is already securely stored in our data warehouse. Using Google 's robust authentication methods, we simply provide you with direct and secure access to your data already stored there via so-called "views" .
This brings fundamental advantages. Google Cloud complies with the strictest contemporary security standards. Because we use GCP , Google is already a sub-processor under GDPR (we process your data, Google processes it via us). Therefore, no new or unknown data processor is added to the chain.
Data management: Take control of your data
A logical concern is that business data becomes linked to an unmanageable, standalone account. For robust data manageability, it is crucial that control remains entirely on your side.
We use a Google Account to authenticate to the data . Although it is technically possible to use a (private) Gmail account for this , we advise against it. The best and most manageable option is to link a Google Account to an existing business email address.
By extending an organization-specific address to a Google Account, you retain control. If a colleague leaves the company or a role changes, access remains manageable via your own domain. From this account, we then jointly generate a Service Account (with access keys) for daily, automated retrieval tasks by, for example, your BI tool or data warehouse solutions.
The misunderstanding: A Google Account vs. a Gmail Account
Confusion often arises regarding the terms 'Gmail' and 'Google Account'. They are sometimes used interchangeably , but for management, the difference is fundamental:
- A Google Account is purely an identity and authentication layer (your digital passport to securely log in to services, such as Google Cloud or BigQuery).
- A Gmail Account is a specific email service with an @gmail.com address, which happens to be linked to a Google Account by default.
So you absolutely do not need a new Gmail account for this integration; you can use your own trusted corporate domain.
How do you set this up?
We have limited the required configuration in GCP to the absolute minimum and provide detailed documentation on how to set this up.
The first step is simple: take an existing business email address and register it as a Google Account.
- Go to this Google support page.
- Start halfway down the page at the heading " Use an existing email address " (or "Use an existing email address").
As soon as this address is set up and provided to us, we will grant access to the data views. We will then schedule a short meeting (30 minutes is more than sufficient) to finalize the setup on the Google Cloud side together and create the necessary Service Account.
Want to know more about the content of the export? Then view the complete documentation on the Data Export Service .