Since the end of March, the biggest buzz among email service providers and their clients has been the Epsilon security breach. There has been plenty written about it by people far closer to it than I, but there is an aspect to this from an ESP customer standpoint that I have not seen discussed.
Loss of data through email service providers is just a single facet of what is going on. In today’s world, consumers expect to be able to access and update their profiles online, in real time. They expect to be able to shop, track shipments, book flights, hotels, and car rental, perform bank transactions, and receive real-time email notifications for it all.
These activities require web-based interfaces to backend databases containing personal information. In addition, the integration of different vendors and systems requires the implementation of web-services’ APIs. Think of these as web interfaces for computers to speak to each other directly.
When I started working in the IT sector at the end of the 1980s, attitudes to data security were enormously different to today. At that time, no enterprise would even consider making their house database accessible over a public network. The mere suggestion of it would have been seen as a serious error of judgment. It was well-understood that the only truly secure computer system was one that had been switched off and placed in a safe and that convenience and security are antagonists.
In part, this may have been because I was working in the United Kingdom for a phone company that still remembered being part of the government, but I also believe attitudes have changed. Twenty years, and the growth of the commercial Internet has had a profound impact on customer expectations, which in turn have impacted how companies do business.
Real-time integration requires real-time access to data. Private networks, or even virtual private networks (VPNs), are too cumbersome, time-consuming, and costly to set up for all these integration points, and so the public Internet (the cloud) is used. This makes some amazing functionality possible, but it also involves removing some longstanding safeguards for personal data.
The result is that the amount of data that is accessible over the Internet has been rising year-on-year. Almost every request for proposal (RFP) that I see today includes not only web-based access to personal data but also API-based access. The requirement to be able to retrieve and update subscriber lists, demographic, preference, and behavioral data at the click of a mouse is commonplace.
So what’s the point of this history lesson? An email marketer that chooses to use an ESP is a consumer of cloud-based services. Such services have substantial business benefit. The ability to utilize incredibly powerful systems and software though a highly cost-effective service model is enormously valuable. However, such services also come with some security risks.
I am not providing a checklist of things to do or steps to take to protect your data. Understanding your security risk is far more complex and far too important to leave to a brief checklist in an online article.
What I do want to make clear though is that the question is not limited to whether your service provider has good security. Security has to be end-to-end. Your own systems are an important link in the chain and the requirements you place on your providers can substantially impact your overall exposure.
Though we often focus on system security, attacks are made against people as much as against systems. That’s both your provider’s people and your own. Unfortunately, people can be gullible, forgetful, fallible, and deceitful. Even the best can be caught out.
While this is perhaps the largest and certainly the most public breach yet, it is not the first and will be far from the last. For as long as there have been things of value there have been people trying to steal them. The result is that there is, and will always be, risk. The key is to understand what level of risk you’re taking for what business benefit and to decide if that risk/benefit calculation is right for your organization. If it isn’t, you may need to make changes not just to providers and systems, but to the business processes driving them.
Many companies use SMS, email and push notifications to deliver updates to customers and stakeholders, and such notifications are especially important to publishers ... read more
Online presence requires a lot of work. Your team has to be keeping an eye on search rankings, competitors, security, web mentions, website performance, trends, and so much more. Here are five multi-purpose tools that can manage every aspect of digital marketing and save your team time and money.
Email marketing is nothing new, but as our ability to harness big data improves, so does email’s potential as a marketing channel. In this article, we discuss data-driven personalization, what it means for email marketing, and how to deliver 1:1 communications at scale.
Email marketing automation may be the secret to a successful marketing strategy, provided that you know how to use it. Here’s how to get started.