Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:15 PM
Patrick Kehoe
Patrick Kehoe
Connect Directly
E-Mail vvv

3 Tips For Successfully Running Tech Outside the IT Department

When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.

As veterans of last century enterprises will wistfully recall, there was a time when data was primarily the concern of IT departments. If you were in HR, for example, you were mostly dealing with people, policies, and employment law. If you were in distribution, you focused on packaging, inventory, fleets, and carriers. And if you were in marketing, your attention would center on advertising, promotion, surveys, and sales. That was then.

Today, marketing is all about data. Every aspect of the marketing function leans on enterprise applications for data and insights to create and deliver highly customized messages to reach prospects and customers through the appropriate channels. Terabytes of data on everything — from customer behavior and preferences to buyer intent and engagement touchpoints — keep marketing operating at high levels.

Related Content:

6 Cybersecurity Lessons From 2020

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: How AI Will Supercharge Spear-Phishing

Most of the data and applications are provided by third-party data companies and SaaS technologies that are housed and governed within marketing, not the IT department. There are several reasons behind this extra-departmental trend. More employees are tech-savvy digital natives, less dependent on IT for solutions, plus there aren't enough developers to address the proliferation of marketing data and analyses needed, especially for small businesses. And quite often, marketing/developer mismatches lead managers to look for their own solutions.

The trend, which is not limited to marketing, is pervasive and accelerating. Gartner recently found that applications housed outside of IT (part of what's referred to as shadow IT) represent 30% to 40% of IT spending in large enterprises, and other research by Everett Group suggests that up to 50% is spent outside of IT.  

Unfortunately, marketing and IT are often on different pages when it comes to securing these critical assets. In 2018, a 10-country RSA survey suggested several reasons. The study, which included more than 600 marketing and IT employees in companies with revenues of at least $50 million, revealed significant differences in the perceptions of workers as they applied to the use of "workarounds," security reviews, collaboration, software selection, and security risks. Given the misalignment, it is unsurprising that Gartner projects that fully one-third of all successful attacks that enterprises experience are on their shadow IT resources.

When sensitive marketing data is handled outside of IT, watch out! Peering into the foreseeable future, the data boom and use of powerful solutions offered by third-party vendors are unlikely to wane. Security teams can prepare for this onslaught and manage the changes ahead with these best practices.

First, security should maintain tight oversight of third-party vendors and marketing technology and ensure that all cyber partners and contractors understand and stay in step with the company's data governance policies. Marketing department leaders should be armed with a clear understanding of the company's security requirements before they select vendors and third-party suppliers to work with. 

Make Marketing Part of Incident Response
Security experts can ensure that their incident response plan includes sufficient detail for marketing, covering among other things, when and how the cyber team will work with marketing to communicate a breach. Since it's not a question of if, but rather when, a firm gets breached, it's critical to rehearse with marketing and the other corporate functions what to do when an incident takes place.

Enable a Security Mentality in Marketing
Ensure training on security fundamentals and development and adoption of policies related to customer data management and other marketing activities. One thing to include is a security policy for social media activities, including educating employees on their secure and appropriate uses. Controversial social comments often evoke hacks, but a little training can go a long way. Work with your marketing leads, HR, and risk advisers on appropriate training and integrations.

Considering how data access and data governance are driving customer relationships, it's clear that marketing has a starring role in cyber-risk management that will only command more resources in the years ahead. Decreasing cyber vulnerability in the marketing enterprise is an exercise for both marketing and IT security teams, and collaborations on this front will be crucial for advancing digital transformation initiatives.

Patrick Kehoe is Chief Marketing and Strategy Officer at Coalfire. He has over twenty-five years of experience working with software, hardware, and service providers in High Tech and cybersecurity markets, where he has successfully built and deployed growth strategies and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.