Hilary Givens is an Associate Product Marketing Manager at Salesforce. This post is part of our Moment Makers series, which takes a deep dive into how marketers use technology to build data-driven customer experiences that feel natural, relevant, and right on time.
The modern marketer moonlights as a data security professional. One Salesforce data expert shares advice for protecting your customers’ information.
When you’re living through a global pandemic, the last thing you want to think about is the safety of your data. But as news stories about security hacks and data breaches surface regularly, it’s no wonder 86% of consumers want more transparency around how their information is used, and 59% believe their information is vulnerable to a breach.
Businesses should pay attention to these signals. Not only do they rely on customer data to personalize their marketing, they pull from more sources than ever to do it. Case in point: Marketers went from eight to 10 data sources in 2020, and that number is expected to grow to 12 in 2021.
As the pandemic continues and we navigate a holiday season where more shopping will occur online than ever before, marketers have a responsibility to manage customer data securely and with compliance.
That’s why innovators like Saikat Saha, Director of Product Management and Security for Salesforce Marketing Cloud, build security layers and solutions that keep our digital marketing platforms secure.
I recently chatted with Saikat about the data security and privacy landscape and the role marketers play in supporting these efforts. Here’s what he had to share.
What are the biggest data security and privacy issues brands face today?
In recent years, we’ve seen a wave of data breaches and account takeovers impact major brands and their customers. As a result, security concerns over data confidentiality and integrity are top of mind for today’s consumer, and privacy regulations like General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) are being passed to better protect customer data.
These regulations and concerns impact brands in a big way. Companies run highly personalized digital marketing campaigns to reach the right customer with the right message at the right time. Running these campaigns involves a lot of customer data.
Customers care more about security now than they used to; 91% say they’re more likely to trust a brand with their information if the brand shows commitment to protecting it.
If brands collect data, they must make security and privacy a priority. It’s critical to protecting your brand, but more important, it’s the right thing to do to earn and keep your customers’ trust.
How do you see these issues at work in digital marketing?
Think about the data you need to run a successful marketing campaign. Email addresses and mobile numbers, for sure, but you’re probably storing a lot of other personal information to segment and engage your audience according to their interests and demographics: location including physical address; gender identity; age for healthcare needs; preferences like clothing or style; and so on.
When any of this data is compromised, it puts your customers at risk for identity theft, viruses, and more, and severely undermines their trust in your brand.
You have to understand the potential threat factors for your platform and work with your IT and security teams to make or improve solutions that head hackers off at the pass.
Security is a broad topic, so it helps to think about it in three “buckets”:
- Identity and access management: This is about authenticating everyone who uses your marketing technology platforms. Usernames and passwords are the obvious examples here, but these credentials alone can’t prevent phishing attacks, credential stuffing, or account takeover fraud. So you need a verification method hackers can’t impersonate.
- Data security control: Marketers transfer a lot of data in their digital marketing platforms. You need built-in functions to secure the data as it moves from the environment where you create your campaign assets to the marketing platform where you execute those campaigns. Companies host virtual private networks (VPNs) to provide secure access to their network from a public internet connection. VPNs are especially important right now since so many people are working remotely. You want to confirm your marketing platform has adequate security controls and encryption technologies to protect data at rest.
- Compliance: Compliance, simply, is third-party validation. It confirms your administrative processes have been vetted by an independent entity and you’re following the laws, regulations, standards, and ethical practices that apply to your organization. For instance, marketing data platforms should comply with ISO 27001, HIPAA, HITECH, and/or SOC 2 regulations.
Marketers are doing a much better job in all three of these areas compared to a few years ago. They’re adopting more encryption, identity controls, and other security features. This doesn’t apply just to highly regulated industries like financial services or healthcare. Everyone is ramping up.
How is Salesforce helping marketers boost their data security and privacy practices?
We just added multi-factor authentication (MFA) to our Marketing Cloud, Pardot, and Datorama platforms. MFA is one of the safest and easiest ways to protect data against unauthorized account access. It works by requiring users to prove who they are by providing two or more pieces of evidence — “factors” — when logging in. Those factors need to combine:
- something you know, like a username and password.
- something you have, like an authenticator app or USB security key.
If the “something you know” gets compromised, another security layer will protect your information. And since the “something you have” is a physical device, it’s much harder to steal or guess.
We have multiple security controls in place beyond MFA. Marketing leaders can designate access levels according to someone’s role. Administrators can limit access to Marketing Cloud from a defined range of IP addresses. We follow strict data retention policies. Plus, our applications have audit trails, which give customers a full view into everyone that interacts with their account. They can extract that data anytime to look for anomalies.
For companies that use an identity provider for single sign-on, Marketing Cloud supports this, too. It improves productivity because users don’t have to keep logging in to various applications, and employers can manage their identities and credentials in a single, secure place.
What can marketers do to keep their data safe?
In security, there’s not a single solution for protecting customer information. That’s why you need so many layers of protection. It’s like an onion; if one layer gets compromised, the next one kicks in.
Consider this: The majority of data breaches stem from simple errors. Verizon’s 2020 Data Breach Investigations Report showed phishing was the top threat in 2019, contributing to 32% of confirmed breaches and 78% of cyber-espionage incidents. By adopting protocols like MFA industry wide, we can limit this type of exposure.
But we can make the biggest difference by making our platforms “secure by design.” Then marketers can run campaigns without thinking about security because it’s built into the system. As we refine our marketing technology, it’s a great guiding principle. For a deeper dive:
- Look at the Marketing Cloud MFA demo to see how it works in Email Studio, Mobile Studio, and Journey Builder.
- Check out the four principles for putting responsible marketing into practice.
- Watch our Marketing Cloud security webinar to learn more about available security features.
Marketing Cloud offers solutions for digital marketing, email marketing, social media marketing, customer journey mapping, marketing analytics, marketing automation, and B2B marketing to help you personalize customer communications across every digital touchpoint — from anywhere.