Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:15 PM
Patrick Kehoe
Patrick Kehoe
Connect Directly
E-Mail vvv

3 Tips For Successfully Running Tech Outside the IT Department

When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.

As veterans of last century enterprises will wistfully recall, there was a time when data was primarily the concern of IT departments. If you were in HR, for example, you were mostly dealing with people, policies, and employment law. If you were in distribution, you focused on packaging, inventory, fleets, and carriers. And if you were in marketing, your attention would center on advertising, promotion, surveys, and sales. That was then.

Today, marketing is all about data. Every aspect of the marketing function leans on enterprise applications for data and insights to create and deliver highly customized messages to reach prospects and customers through the appropriate channels. Terabytes of data on everything — from customer behavior and preferences to buyer intent and engagement touchpoints — keep marketing operating at high levels.

Related Content:

6 Cybersecurity Lessons From 2020

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: How AI Will Supercharge Spear-Phishing

Most of the data and applications are provided by third-party data companies and SaaS technologies that are housed and governed within marketing, not the IT department. There are several reasons behind this extra-departmental trend. More employees are tech-savvy digital natives, less dependent on IT for solutions, plus there aren't enough developers to address the proliferation of marketing data and analyses needed, especially for small businesses. And quite often, marketing/developer mismatches lead managers to look for their own solutions.

The trend, which is not limited to marketing, is pervasive and accelerating. Gartner recently found that applications housed outside of IT (part of what's referred to as shadow IT) represent 30% to 40% of IT spending in large enterprises, and other research by Everett Group suggests that up to 50% is spent outside of IT.  

Unfortunately, marketing and IT are often on different pages when it comes to securing these critical assets. In 2018, a 10-country RSA survey suggested several reasons. The study, which included more than 600 marketing and IT employees in companies with revenues of at least $50 million, revealed significant differences in the perceptions of workers as they applied to the use of "workarounds," security reviews, collaboration, software selection, and security risks. Given the misalignment, it is unsurprising that Gartner projects that fully one-third of all successful attacks that enterprises experience are on their shadow IT resources.

When sensitive marketing data is handled outside of IT, watch out! Peering into the foreseeable future, the data boom and use of powerful solutions offered by third-party vendors are unlikely to wane. Security teams can prepare for this onslaught and manage the changes ahead with these best practices.

First, security should maintain tight oversight of third-party vendors and marketing technology and ensure that all cyber partners and contractors understand and stay in step with the company's data governance policies. Marketing department leaders should be armed with a clear understanding of the company's security requirements before they select vendors and third-party suppliers to work with. 

Make Marketing Part of Incident Response
Security experts can ensure that their incident response plan includes sufficient detail for marketing, covering among other things, when and how the cyber team will work with marketing to communicate a breach. Since it's not a question of if, but rather when, a firm gets breached, it's critical to rehearse with marketing and the other corporate functions what to do when an incident takes place.

Enable a Security Mentality in Marketing
Ensure training on security fundamentals and development and adoption of policies related to customer data management and other marketing activities. One thing to include is a security policy for social media activities, including educating employees on their secure and appropriate uses. Controversial social comments often evoke hacks, but a little training can go a long way. Work with your marketing leads, HR, and risk advisers on appropriate training and integrations.

Considering how data access and data governance are driving customer relationships, it's clear that marketing has a starring role in cyber-risk management that will only command more resources in the years ahead. Decreasing cyber vulnerability in the marketing enterprise is an exercise for both marketing and IT security teams, and collaborations on this front will be crucial for advancing digital transformation initiatives.

Patrick Kehoe is Chief Marketing and Strategy Officer at Coalfire. He has over twenty-five years of experience working with software, hardware, and service providers in High Tech and cybersecurity markets, where he has successfully built and deployed growth strategies and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...
PUBLISHED: 2021-05-13
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attri...
PUBLISHED: 2021-05-13
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.