Who’s watching the security of your martech stack?

There are more than 15,000 martech tools available on the market today, and each of them is a potential risk for your organization. 

As with any software product, the applications themselves — and the data they store and process — are targets for the dark forces of the tech world. And as marketing organizations whipped out their credit cards and deployed SaaS app after SaaS app over the years, you have to wonder, who was looking out for the security?

In larger organizations, the IT and data teams will have some input into the security and governance of martech tools and data. That’s especially true for businesses in highly regulated industries. 

In this episode of Conversations with MarTech, we speak with Rob Stacey, CRO of content management vendor Forrit, about the realities and risks of securing your martech stack and the data it contains. 

Stacey says collaboration between IT and marketing is increasingly the norm, helping businesses make decisions that help marketers do their jobs while IT meets its security needs. 

It’s a far cry from the turf wars we’ve heard about in the past.

Episode guide

1:02: Meet Rob Stacey
2:15: IT, data and marketing teams: Turf wars vs. strategic cooperation
3:38: Has awareness of security risks increased among marketers?
5:33: How does IT feel about the explosion of SaaS apps in martech stacks?
7:36: The business advantages of a secure martech stack you don’t often think about.

Episode transcript

[00:00:00] Mike Pastore, Editorial Director, MarTech: There are more than 15,000 MarTech tools available today, and a lot of them are fairly inexpensive SaaS tools that marketing teams can purchase with a credit card and quickly deploy. In the past that’s been a problem. IT organizations are usually tasked with information security, and today some organizations have data teams that keep tabs on what data is used, where throughout the organization.

[00:00:26] Our guest today says the turf wars of days past have largely faded, and a spirit of collaboration mostly rules these relationships, but the question remains. Who’s watching the security of your MarTech stack?

[00:00:50] Welcome to Conversations with MarTech. I’m Mike Pastore, editorial director at MarTech, and today I am joined by Rob Stacey, CRO at Forrit. Rob, why don’t you take a couple minutes to introduce yourself. 

[00:01:02] Rob Stacey, CRO, Forrit: Thanks Mike. Great to be here. I’m Rob Stacy. I’m the Chief Revenue Officer at ForrIt. We are a secure and scalable content management system provider, very much focused into the regulated sectors such as financial services, healthcare, energy, utilities, and big gov.

[00:01:20] I actually started my career back in FMCG. About, I’m not, I’m not gonna fully disclose, but roughly around 20 years ago. And I was at Kellogg’s for six to seven years, working in a combination of sales and marketing functions, mostly marketing. I stayed in FMCG with the next role, but I then moved into Telco.

[00:01:39] So I’ve had direct telco experience. I moved into retail. I’ve been abroad, I’ve been in Microsoft, so I’ve had a whole range of marketing roles in B2C and B2B. So I guess I’ve seen the practice in multiple forms. I’ve seen it evolve. I’ve seen. The good, the bad, and the ugly.

[00:02:00] And so alongside my career and obviously wanting to make a success of it, I guess I’ve been a bit of a crusader as well for the practice and we’re, I think we’re in a very interesting time now with the influx of technology, and I think that’s something we’re gonna talk about today.

[00:02:15] Mike Pastore: Security and data governance, those have long been part of IT’s responsibilities in a lot of organizations and especially the highly regulated organizations that you mentioned. As marketers are increasingly rely on data though, are they being forced to bring it into the conversations about their martech stack?

[00:02:35] And is this, how’s this shaken out? Is this another turf war or is there actually strategic collaboration that’s going on these days? 

[00:02:43] Rob Stacey: I don’t think it, it should be a turf war by any stretch. I’m sure it is in, in some companies, but what we are seeing is more collaboration than ever, and I think it has to be this way.

[00:02:54] As I just said, there’s such an influx of technology, not just into marketing actually across organizations. It is pervasive. There are so many big decisions that get made now around the tech stack. There really has to be that collaboration and convergence. We’re seeing this explosion of RevOps currently, which is sales, marketing, customer success, coming together — about time.

[00:03:17] That’s something I was preaching 20 years ago, but I really see that it will be the next cab of the rank here and, and they will be the, the next addition to RevOps as that evolve. So, you know, it’s happening. It’s probably not happening as quickly, um, as I would like, but there is a recognition that it needs to happen.

[00:03:35] I think that’s a good thing. 

[00:03:38] Mike Pastore: Are marketers more aware of the security risks that are lurking in their martech tools than they were maybe five, 10 years ago? And have the, have the regulations around data privacy and compliance increased the vigilance in that area. 

[00:03:52] Rob Stacey: Yes, absolutely, Mike. I mean that’s one of the reasons I think, in a number of instances, marketers have experienced direct CMS attacks.

[00:04:01] We did a survey quite recently, over 50% had, so I think a lot have got firsthand experience. And then there’s just the wider macro climate raising awareness. Obviously the likes of M&S, Co-op Harrods in the news massively at the moment here in the U.K., with significant cyber attacks taking place in retail.

[00:04:24] I just think it’s raising awareness. The, the awareness of security issues is being raised in multiple ways, in multiple levels. And I think if we’re gonna get sort of really kind of macro about it, I almost think we’re entering this age of security. You know, if we were in the digital age for the last 20, 25 years, certainly at a kind of mid to large size organization level, we are entering this sort of phase of more conservatism.

[00:04:52] Growing the top line is becoming increasingly difficult. So we’re entering this phase of cost saving and looking at different angles to deliver that. And I almost see security is the beacon. You know, that not having the right security software protocols inside your organization will swifake you down the wrong path. And as I say, we’re seeing that with events in the news recently and the cost implications of that. So to answer your question, yeah, we are seeing marketeers increasingly becoming aware of security and the security risks involved in their tech stack.

[00:05:33] Mike Pastore: You mentioned the digital age that we’ve been in for a while now, for a big chunk of that time, marketing was sort of free to go out and buy SaaS products that fulfilled all sorts of needs within the marketing organization. How does the IT side feel about the security aspect of all of those applications and is there a more security conscious approach that IT would prefer marketing take rather than going out and buying all these SaaS apps?

[00:06:05] Rob Stacey: I’m, first to say state SaaS is not a bad thing. It’s absolutely right for a number of organizations. I think as you allude to there, Mike, it’s more the quantity of SaaS products and suddenly IT are tasked with managing multiple providers. That inherently becomes more difficult operationally.

[00:06:25] It does increased security risks. You have concerns over disaster recovery where data is held. So it does start to open up concerns as the number of SaaS providers increases. That’s very much why we lead with a platform as a service solution. So we find that, again, organizations in regulated industries in particular that are mid to large in size prefer the CMS to be built inside their own tenants.

[00:06:52] So that allows the IT team to exact greater control and alignment to their policies. It also allows ’em to scale quicker. Imagine if you want to stand up a site or a micro site, you raise a ticket, it goes into the SaaS vendor. You go into a queue, you get hit with some hidden costsy ou weren’t budgeting for.

[00:07:11] All of this can be done in-house and, and very, very quickly. So as I say, you know, PaaS is not for everyone, but for those large organizations, particularly regulated, we find it, it gets real traction. 

[00:07:25] Mike Pastore: Obviously, there are penalties for failing to comply with all sorts of regulations. There’s brand damage when there’s an incident, like you referred to earlier, when there’s a data breach.

[00:07:36] What are the business advantages of having a secure martech stack beyond avoiding those penalties? 

[00:07:44] Rob Stacey: Funny enough, actually, I did a keynote quite recently called “Security: The Personalization, ROI Blindspot,” and that was clearly leveraging a topic in personalization that’s probably been the No. 1 sought-after goal for markets in the last two to three years.

[00:08:04] And actually, I did it with a CTO from a security company, and we talked at length as to why getting security measures in place is important to personalization, and part of it is the big impact as you described there, Mike, clearly, if you are hacked and your brand is defamed, that is not gonna be a good thing for personalization, but it’s smaller things as well.

[00:08:26] Making the customer feel like they are entering a secure website with secure payment gateways. Transparent privacy policies, SSL certificates. There are things you can do that makes the customer feel more secure and thereby happier to share personal details and engage in richer personalized experiences.

[00:08:48] Data fidelity is another one. Again, there’s definitely an increasing awareness amongst marketers around bot attacks, and depending on publications you read, that could be up to 40% of your traffic is bots. Now that has a huge impact, not just only on the personalization experiences you serve up, but also the data fidelity that you share back into the organization.

[00:09:09] And ultimately it’s also time saved. So the less time you are worrying or having to deal with cyber attacks, the more time you are spending on positive, rich customer experiences, which is what all marketers want to do.

[00:09:27] Mike Pastore: All right, Rob Stacy, CRO at Forrit. Thanks so much for joining us on conversations with MarTech. 

[00:09:33] Rob Stacey: Thanks Mike.