Finally, at long last, you have reached your marketing automation nirvana. Your web site visitors are being tracked, inquiries are scored and sent over to sales, you are getting great feedback from sales on lead quality. Your teammates in marketing are also seeing good results from their campaign efforts. Time to kick back and relax knowing the business is enjoying the benefits of marketing automation.
Or is it?
If there was ever a topic to raise the ire of marketers, it’s software security. It’s got to be the “un-sexiest” area of marketing effectiveness and in my travels I find that virtually no marketing executive will ever make this an active priority (beyond vague platitudes); some would seemingly rather take a head-in-the-sand approach. Since companies tend to fund and configure their marketing automation platform without any direct involvement from IT, these systems are typically not held to the same level of scrutiny as CRM, SCM, ERP and other mission-critical systems.
Yet in the news headlines we bear witness to data thefts and other security breaches among the world’s most prominent companies and the ensuing negative publicity and loss of goodwill from customers.
Lately, although perhaps it is my imagination, it seems the shift in thinking is finally underway in marketing departments and among marketing automation vendors alike, to take system security more seriously. These innovators are using the same project and security management approaches used by IT to keep their marketing platforms running safely.
Consider for a moment the kinds of actions that everyday users of your marketing software can perform right now. You would never suspect any nefarious behaviour from Mary down the hall, but she might have the ability to download the entire worldwide database of personal information to her hard drive. Bill, our latest hire, couldn’t hurt a fly, but he could certainly email everyone in the database tonight if he wanted to. Imagine the consequences of either of these actions on your brand, reputation and legal liability. Imagine the drama for you personally, as you deliver testimony to senior officials on the question: “Did you take reasonable measures to secure this data?” It’s certainly in everyone’s best interests to secure your systems.
Okay, so you’ve heard the idea before. How well does your operation stack up on these four initiatives below?
Tighten up end-user access. This starts with centralizing control over end-user permissions, and making critical areas of the software off-limits to everyone except the administrators themselves. Take advantage of the native security features in your software and create custom security groups if the default options don’t provide enough control.
Disable access for terminated employees. Simple as it sounds, most administrators I meet do not have a formal provision in place to disable access to the marketing databases upon employee termination. Adding this simple checkpoint to the HR off-boarding process can go a long way to curb the risk of data theft or other breach.
Date-stamp leads when they are sent to sales. A less evident but still critical factor for compliance, you must have a clear understanding when personal information passes from one system to another. If you have not done so already, consider amending your CRM integration program to date-stamp all leads as they enter and exit the sync program. Along with improving your information compliance, this simple enhancement comes in very handy to troubleshoot “missing” leads or correcting other sync errors.
Document the main data model. Marketing automation in most companies is a distributed system that involves several software applications sharing the same data, and therefore the entire system has many fail points. The “openness” of these applications makes it far too easy for mystery fields, custom objects and bogus data to creep in, diluting the marketing team’s ability to develop effective targeting. While documenting the entire system may be “overkill,” certainly every company should maintain a list of its primary data fields, picklist values, integration field mappings, and other core objects and compile these into a Data Definitions (DD) document for internal circulation. This living document becomes the go-to reference guide for control over any future system-level changes.
If you have only 1 or 2 of these items covered, consider performing a formal security audit with some outside help from your software vendor or partner. If you scored 3 or 4, you can get back to relaxing.
If you have other tips to share with readers on how to improve their marketing automation security, feel free to leave comments below.