Google, Salesforce and others develop security baseline

Marketing organizations are by no means alone in working with third-party vendors and cloud-based SaaS solutions. Those relationships can hardly be seamless without allowing some degree of access to data and systems. While cloud-based software is no longer generally regarded as less secure than on-prem applications, security risks do exist.

That’s why a consortium of tech companies, including Google, Salesforce, Slack and Okta, the secure identity platform, have worked together to develop a Minimum Viable Secure Product standard, setting out a vendor-neutral baseline of product security. One aim is to reduce the need to negotiate security practices with each individual vendor a business uses. The baseline requirements would be incorporated in the RFP process for maximum transparency.

The concise checklist of requirements covers elements such as frequency of patching, incident handling, password policy and disaster recovery. It is based on an analysis of existing model vendor security contracts used by companies such as Google and Dropbox.

Why we care. So security is one thing that is not owned by marketing. Very true, but marketing generally does own responsibility for the marketing technology stack and is involved in evaluating vendors and solutions. Baseline security is the interest of the business as a whole and this initiative seems to be a positive step in the direction of ensuring it — even if some businesses are going to require more stringent security levels and will be adding further requirements to the standard.