Google, Salesforce and others develop security baseline

Marketing organizations are by no means alone in working with third-party vendors and cloud-based SaaS solutions. Those relationships can hardly be seamless without allowing some degree of access to data and systems. While cloud-based software is no longer generally regarded as less secure than on-prem applications, security risks do exist.

That’s why a consortium of tech companies, including Google, Salesforce, Slack and Okta, the secure identity platform, have worked together to develop a Minimum Viable Secure Product standard, setting out a vendor-neutral baseline of product security. One aim is to reduce the need to negotiate security practices with each individual vendor a business uses. The baseline requirements would be incorporated in the RFP process for maximum transparency.

The concise checklist of requirements covers elements such as frequency of patching, incident handling, password policy and disaster recovery. It is based on an analysis of existing model vendor security contracts used by companies such as Google and Dropbox.

Why we care. So security is one thing that is not owned by marketing. Very true, but marketing generally does own responsibility for the marketing technology stack and is involved in evaluating vendors and solutions. Baseline security is the interest of the business as a whole and this initiative seems to be a positive step in the direction of ensuring it — even if some businesses are going to require more stringent security levels and will be adding further requirements to the standard.

About The Author

Kim Davis

Kim Davis is the Editorial Director of MarTech. Born in London, but a New Yorker for over two decades, Kim started covering enterprise software ten years ago. His experience encompasses SaaS for the enterprise, digital- ad data-driven urban planning, and applications of SaaS, digital technology, and data in the marketing space. He first wrote about marketing technology as editor of Haymarket’s The Hub, a dedicated marketing tech website, which subsequently became a channel on the established direct marketing brand DMN. Kim joined DMN proper in 2016, as a senior editor, becoming Executive Editor, then Editor-in-Chief a position he held until January 2020. Prior to working in tech journalism, Kim was Associate Editor at a New York Times hyper-local news site, The Local: East Village, and has previously worked as an editor of an academic publication, and as a music journalist. He has written hundreds of New York restaurant reviews for a personal blog, and has been an occasional guest contributor to Eater.