Is Your Marketing Cloud Leaking Data to Competitors?
October 26, 2015 – Evidon Team
Do you know what’s going on in your marketing cloud? Learn how to identify & fix potential weak spots leaking sensitive user data to your competitors?
As the market of third-party marketing technologies explodes – 2,000 at last count – your business colleagues are likely requesting to use a handful (or more) on your company’s website. While these technologies can positively impact site conversions and deliver other measurable benefits, they can also become conduits for leaking sensitive data.
The potential pain of piggyback tags
The collection of digital technologies that power, measure, socialize, and optimize website performance is controlled by a wide range of companies that often gain access to your site through a single tag. This legitimately deployed tag oftentimes shares the site data it collects with all its partners’ tracking servers. To do this, the original tags introduce tags for the additional technologies, in what are commonly referred to as piggyback tags. In most cases, WebOps has no idea about or control over these piggyback tags. The third-party marketing technology on your site calls these other tags in what can be a long chain. During that time, your site’s data may be shared with those lacking explicit permission to access the data.
Ideally you should prevent all this piggybacking but it’s just not practical in most cases. At the very least, define policies such as “Marketing must confirm that the tags associated with any third-party marketing technologies we deploy meet our data-sharing requirements.” You can then use a tool to identify any of these piggyback vulnerabilities so you can quickly plug them.
Data leakage and theft are real threats
Many third-party marketing technologies pass along personal data gathered from a company’s website. In some cases, the data can be a personally identifiable information (PII), which could include sensitive details such as a social security number. When this data is transmitted across the Internet in an insecure manner, it’s at risk of being exposed. For instance, man-in-the-middle attacks are launched to intercept data as it’s being transmitted by these third-, fourth-, fifth-party tags. Or some of the vendors piggybacking their tags on your site can leak your company’s data to competitors. One of your competitors could use this intercepted data to its advantage, such as by retargeting ads to your company’s customer base.
To address this, take advantage of technology that audits your site to see who has access to it directly and indirectly. You should document the data being collected by third-party technology vendors and how it is being passed and used. And finally, be sure to properly manage and secure all tags.
The reality is that your business is going to continue relying on third-party marketing technologies. Clearly the more transparent that marketing cloud, the better. Just don’t expect anyone to clear the clouds for you. The key is to remain aware and vigilant about the potential dangers floating around out there and take measures to stop them in their tracks.
To learn more about common website security blind spots and findings from a Evidon security study, tune into this 27-minute recorded webinar.