Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/11/2020
04:15 PM
Patrick Kehoe
Patrick Kehoe
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

3 Tips For Successfully Running Tech Outside the IT Department

When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.

As veterans of last century enterprises will wistfully recall, there was a time when data was primarily the concern of IT departments. If you were in HR, for example, you were mostly dealing with people, policies, and employment law. If you were in distribution, you focused on packaging, inventory, fleets, and carriers. And if you were in marketing, your attention would center on advertising, promotion, surveys, and sales. That was then.

Today, marketing is all about data. Every aspect of the marketing function leans on enterprise applications for data and insights to create and deliver highly customized messages to reach prospects and customers through the appropriate channels. Terabytes of data on everything — from customer behavior and preferences to buyer intent and engagement touchpoints — keep marketing operating at high levels.

Related Content:

6 Cybersecurity Lessons From 2020

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: How AI Will Supercharge Spear-Phishing

Most of the data and applications are provided by third-party data companies and SaaS technologies that are housed and governed within marketing, not the IT department. There are several reasons behind this extra-departmental trend. More employees are tech-savvy digital natives, less dependent on IT for solutions, plus there aren't enough developers to address the proliferation of marketing data and analyses needed, especially for small businesses. And quite often, marketing/developer mismatches lead managers to look for their own solutions.

The trend, which is not limited to marketing, is pervasive and accelerating. Gartner recently found that applications housed outside of IT (part of what's referred to as shadow IT) represent 30% to 40% of IT spending in large enterprises, and other research by Everett Group suggests that up to 50% is spent outside of IT.  

Unfortunately, marketing and IT are often on different pages when it comes to securing these critical assets. In 2018, a 10-country RSA survey suggested several reasons. The study, which included more than 600 marketing and IT employees in companies with revenues of at least $50 million, revealed significant differences in the perceptions of workers as they applied to the use of "workarounds," security reviews, collaboration, software selection, and security risks. Given the misalignment, it is unsurprising that Gartner projects that fully one-third of all successful attacks that enterprises experience are on their shadow IT resources.

When sensitive marketing data is handled outside of IT, watch out! Peering into the foreseeable future, the data boom and use of powerful solutions offered by third-party vendors are unlikely to wane. Security teams can prepare for this onslaught and manage the changes ahead with these best practices.

Oversight 
First, security should maintain tight oversight of third-party vendors and marketing technology and ensure that all cyber partners and contractors understand and stay in step with the company's data governance policies. Marketing department leaders should be armed with a clear understanding of the company's security requirements before they select vendors and third-party suppliers to work with. 

Make Marketing Part of Incident Response
Security experts can ensure that their incident response plan includes sufficient detail for marketing, covering among other things, when and how the cyber team will work with marketing to communicate a breach. Since it's not a question of if, but rather when, a firm gets breached, it's critical to rehearse with marketing and the other corporate functions what to do when an incident takes place.

Enable a Security Mentality in Marketing
Ensure training on security fundamentals and development and adoption of policies related to customer data management and other marketing activities. One thing to include is a security policy for social media activities, including educating employees on their secure and appropriate uses. Controversial social comments often evoke hacks, but a little training can go a long way. Work with your marketing leads, HR, and risk advisers on appropriate training and integrations.

Considering how data access and data governance are driving customer relationships, it's clear that marketing has a starring role in cyber-risk management that will only command more resources in the years ahead. Decreasing cyber vulnerability in the marketing enterprise is an exercise for both marketing and IT security teams, and collaborations on this front will be crucial for advancing digital transformation initiatives.

Patrick Kehoe is Chief Marketing and Strategy Officer at Coalfire. He has over twenty-five years of experience working with software, hardware, and service providers in High Tech and cybersecurity markets, where he has successfully built and deployed growth strategies and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21321
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...
CVE-2021-21322
PUBLISHED: 2021-03-02
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing...
CVE-2021-21320
PUBLISHED: 2021-03-02
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messag...
CVE-2021-27730
PUBLISHED: 2021-03-02
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
CVE-2021-25306
PUBLISHED: 2021-03-02
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.