Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:15 PM
Patrick Kehoe
Patrick Kehoe
Connect Directly
E-Mail vvv

3 Tips For Successfully Running Tech Outside the IT Department

When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.

As veterans of last century enterprises will wistfully recall, there was a time when data was primarily the concern of IT departments. If you were in HR, for example, you were mostly dealing with people, policies, and employment law. If you were in distribution, you focused on packaging, inventory, fleets, and carriers. And if you were in marketing, your attention would center on advertising, promotion, surveys, and sales. That was then.

Today, marketing is all about data. Every aspect of the marketing function leans on enterprise applications for data and insights to create and deliver highly customized messages to reach prospects and customers through the appropriate channels. Terabytes of data on everything — from customer behavior and preferences to buyer intent and engagement touchpoints — keep marketing operating at high levels.

Related Content:

6 Cybersecurity Lessons From 2020

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: How AI Will Supercharge Spear-Phishing

Most of the data and applications are provided by third-party data companies and SaaS technologies that are housed and governed within marketing, not the IT department. There are several reasons behind this extra-departmental trend. More employees are tech-savvy digital natives, less dependent on IT for solutions, plus there aren't enough developers to address the proliferation of marketing data and analyses needed, especially for small businesses. And quite often, marketing/developer mismatches lead managers to look for their own solutions.

The trend, which is not limited to marketing, is pervasive and accelerating. Gartner recently found that applications housed outside of IT (part of what's referred to as shadow IT) represent 30% to 40% of IT spending in large enterprises, and other research by Everett Group suggests that up to 50% is spent outside of IT.  

Unfortunately, marketing and IT are often on different pages when it comes to securing these critical assets. In 2018, a 10-country RSA survey suggested several reasons. The study, which included more than 600 marketing and IT employees in companies with revenues of at least $50 million, revealed significant differences in the perceptions of workers as they applied to the use of "workarounds," security reviews, collaboration, software selection, and security risks. Given the misalignment, it is unsurprising that Gartner projects that fully one-third of all successful attacks that enterprises experience are on their shadow IT resources.

When sensitive marketing data is handled outside of IT, watch out! Peering into the foreseeable future, the data boom and use of powerful solutions offered by third-party vendors are unlikely to wane. Security teams can prepare for this onslaught and manage the changes ahead with these best practices.

First, security should maintain tight oversight of third-party vendors and marketing technology and ensure that all cyber partners and contractors understand and stay in step with the company's data governance policies. Marketing department leaders should be armed with a clear understanding of the company's security requirements before they select vendors and third-party suppliers to work with. 

Make Marketing Part of Incident Response
Security experts can ensure that their incident response plan includes sufficient detail for marketing, covering among other things, when and how the cyber team will work with marketing to communicate a breach. Since it's not a question of if, but rather when, a firm gets breached, it's critical to rehearse with marketing and the other corporate functions what to do when an incident takes place.

Enable a Security Mentality in Marketing
Ensure training on security fundamentals and development and adoption of policies related to customer data management and other marketing activities. One thing to include is a security policy for social media activities, including educating employees on their secure and appropriate uses. Controversial social comments often evoke hacks, but a little training can go a long way. Work with your marketing leads, HR, and risk advisers on appropriate training and integrations.

Considering how data access and data governance are driving customer relationships, it's clear that marketing has a starring role in cyber-risk management that will only command more resources in the years ahead. Decreasing cyber vulnerability in the marketing enterprise is an exercise for both marketing and IT security teams, and collaborations on this front will be crucial for advancing digital transformation initiatives.

Patrick Kehoe is Chief Marketing and Strategy Officer at Coalfire. He has over twenty-five years of experience working with software, hardware, and service providers in High Tech and cybersecurity markets, where he has successfully built and deployed growth strategies and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s):,,,
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.