Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/11/2020
04:15 PM
Patrick Kehoe
Patrick Kehoe
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

3 Tips For Successfully Running Tech Outside the IT Department

When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.

As veterans of last century enterprises will wistfully recall, there was a time when data was primarily the concern of IT departments. If you were in HR, for example, you were mostly dealing with people, policies, and employment law. If you were in distribution, you focused on packaging, inventory, fleets, and carriers. And if you were in marketing, your attention would center on advertising, promotion, surveys, and sales. That was then.

Today, marketing is all about data. Every aspect of the marketing function leans on enterprise applications for data and insights to create and deliver highly customized messages to reach prospects and customers through the appropriate channels. Terabytes of data on everything — from customer behavior and preferences to buyer intent and engagement touchpoints — keep marketing operating at high levels.

Related Content:

6 Cybersecurity Lessons From 2020

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: How AI Will Supercharge Spear-Phishing

Most of the data and applications are provided by third-party data companies and SaaS technologies that are housed and governed within marketing, not the IT department. There are several reasons behind this extra-departmental trend. More employees are tech-savvy digital natives, less dependent on IT for solutions, plus there aren't enough developers to address the proliferation of marketing data and analyses needed, especially for small businesses. And quite often, marketing/developer mismatches lead managers to look for their own solutions.

The trend, which is not limited to marketing, is pervasive and accelerating. Gartner recently found that applications housed outside of IT (part of what's referred to as shadow IT) represent 30% to 40% of IT spending in large enterprises, and other research by Everett Group suggests that up to 50% is spent outside of IT.  

Unfortunately, marketing and IT are often on different pages when it comes to securing these critical assets. In 2018, a 10-country RSA survey suggested several reasons. The study, which included more than 600 marketing and IT employees in companies with revenues of at least $50 million, revealed significant differences in the perceptions of workers as they applied to the use of "workarounds," security reviews, collaboration, software selection, and security risks. Given the misalignment, it is unsurprising that Gartner projects that fully one-third of all successful attacks that enterprises experience are on their shadow IT resources.

When sensitive marketing data is handled outside of IT, watch out! Peering into the foreseeable future, the data boom and use of powerful solutions offered by third-party vendors are unlikely to wane. Security teams can prepare for this onslaught and manage the changes ahead with these best practices.

Oversight 
First, security should maintain tight oversight of third-party vendors and marketing technology and ensure that all cyber partners and contractors understand and stay in step with the company's data governance policies. Marketing department leaders should be armed with a clear understanding of the company's security requirements before they select vendors and third-party suppliers to work with. 

Make Marketing Part of Incident Response
Security experts can ensure that their incident response plan includes sufficient detail for marketing, covering among other things, when and how the cyber team will work with marketing to communicate a breach. Since it's not a question of if, but rather when, a firm gets breached, it's critical to rehearse with marketing and the other corporate functions what to do when an incident takes place.

Enable a Security Mentality in Marketing
Ensure training on security fundamentals and development and adoption of policies related to customer data management and other marketing activities. One thing to include is a security policy for social media activities, including educating employees on their secure and appropriate uses. Controversial social comments often evoke hacks, but a little training can go a long way. Work with your marketing leads, HR, and risk advisers on appropriate training and integrations.

Considering how data access and data governance are driving customer relationships, it's clear that marketing has a starring role in cyber-risk management that will only command more resources in the years ahead. Decreasing cyber vulnerability in the marketing enterprise is an exercise for both marketing and IT security teams, and collaborations on this front will be crucial for advancing digital transformation initiatives.

Patrick Kehoe is Chief Marketing and Strategy Officer at Coalfire. He has over twenty-five years of experience working with software, hardware, and service providers in High Tech and cybersecurity markets, where he has successfully built and deployed growth strategies and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23727
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).
CVE-2020-28175
PUBLISHED: 2020-12-03
There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges
CVE-2020-13524
PUBLISHED: 2020-12-03
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim n...
CVE-2020-13525
PUBLISHED: 2020-12-03
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-23726
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).