Marketers and the data security responsibility
As more and more data is shared in the cloud, Jay Muelhofer asks if the marketing department has become the weakest link when using and protecting sensitive information.
We’ve all been there. In the midst of a major campaign development and roll out, the marketing organisation is usually working around the clock. Both in the office and from home. We’re collaborating with colleagues, ad agencies, marketing tech providers and other agency partners.
We’re often sharing confidential information – strategic presentations, videos, databases and brand images.
Yet sharing this information has traditionally been a major challenge for marketers as most files and databases are too large for email. Enter the world of file and sync applications like Dropbox – the saviour of the marketing organisation’s life!
Now we can quickly and easily share information with our external partners. And, we can avoid the complicated firewalls and IT processes that had always held us back. And, these platforms offer us a high degree of security for our files – right?
Wrong, very wrong
Over the past two years, a constant stream of data leaks and breaches by large (and some smaller) Australian companies should have CMOs on high alert. We’ve seen Kmart, Woolworths and Telstra’s Pacnet subsidiary join a lengthy and growing list of Australian companies impacted by data breaches.
In Kmart’s situation, the marketing database including customer information such as names, addresses, phone numbers and purchasing histories was leaked. To put the threat into greater perspective, the Australian Cyber Security Centre notes in its 2015 Threat Report that it responded to 11,073 incidents affecting Australian businesses during the year.
That’s more than 30 issues per day.
Up until recently, data breaches have been considered largely the responsibility of the CIO or IT department, however, when so much sensitive data now resides in the hands of the marketing department the conversation needs to turn to how CMOs and CIOs can work together to ensure the integrity of sensitive data is maintained.
It is important to consider that following the breach of customer data, not only does this reflect poorly on a business’ IT infrastructure, but it also brings a wave of brand and reputational issues which then become the responsibility of the marketing department to manage.
The perimeter has changed
While some marketers will view consumer grade file and sync platforms such as Dropbox or WeTransfer as their time saviour and business enabler, the risk that these platforms open up is great.
Today, the ‘data perimeter’ – the boundary that safeguards an organisation’s sensitive data – has shifted considerably, as a result of a more mobilised workforce and greater collaboration with external partners.
In the past, when most workers only accessed company information from within the four walls of the business and data was saved on shared drives from PCs located in the enterprise, the perimeter was the firewall.
Since the advent of cloud computing, this has changed. In the current totally connected world, the data perimeter now needs to reside within individual documents, rather than within the IT infrastructure. This requires a new data management approach and better solutions for all organisations, in particular their marketing teams.
A collaborative solution
An important part of data security is the implementation of collaboration software that ensures the business’ most important information, including customer data, is properly secured.
Ideally, collaboration software should ensure security protocols are embedded in individual documents, including information about who has the ability to share and control information contained in the document within and outside the business.
The software should give the business access to information rights management (IRM) tools that deliver organisations the ability to properly protect information when it’s being shared internally and externally. IRM used to get a bad reputation for making certain software nearly impossible to use.
However, there are solutions which address the trade-off between security and usability. If done well, IRM is a critical tool for managing the content lifecycle, tracking who, when, what and how people are viewing and editing documents.
Administrators have complete control over that piece of content no matter how many copies exist in the world; even if it’s been downloaded 50 times onto 50 different devices. Using capabilities such as ‘read-only’ access, which restricts people from forwarding sensitive information to those who don’t have the authorisation to read the document, businesses can apply diligent controls on their information to help prevent incidents such as data breaches.
Organisations that implement secure systems for transferring sensitive data put themselves in a strong position in the event hackers do attack the business.
Given the increasing incidence of cyber crime in Australia and around the world, every business should be investing in a comprehensive strategy to ensure the integrity of its data is maintained.
Jay Muelhoefer is chief marketing officer at Intralinks.