Are You a Cyber Aware CMO?

It's been years now since Harvard Business Review published an article stating, "CEOs say that digital marketing is now the most important technology-powered investment their firms can make." The article, The Rise of the Chief Marketing Technologist, summarized the requirement for a new technical role, the CMT, who is effectively the Marketing Business Unit's CTO. While the technology is moving fast and roles are changing rapidly, are we keeping up with the implications of what we are adopting?

The basis of a modern marketing engine revolves around a web platform and the supporting systems, marketing/customer databases, automation, operations, analytics tools and connections to CRM, ERP, and a whole host of other systems. There are bells and whistles galore that can be used to capture, score, manage, nurture, clean, append, correlate, analyze, and connect customer and prospect data for the purpose of promoting, selling, enabling selling, syndicating, replicating, or socially promoting anything you can imagine. There's a whole lot of technical stuff under that hood, and I agree, the person current playing the role of the Chief Marketing Technologist on my team is worth her weight in gold!

The HBR article summarizes how marketing and IT collaborate to ensure the marketing system adheres to IT policies. However, marketing must also consider building a security strategy in conjunction to building the marketing technology strategy in this new age of cyber attacks. This is especially true since we work with so many third- and fourth-parties, which bring risk to the entire marketing supply chanin.

If our commerce engine or our website is the most critical way we engage customers, and the most important technology-powered investment a firm can make, it's vulnerable to a threat actor looking for ways to penetrate weaknesses in our digital infrastructure. Refer to my previous post Is your MarTech Stack Vulnerable? for why it may be more vulnerable than you think it is.

We must build our modern marketing infrastructures with security in mind, partnering directly with the CIO or CSO on it. It is important that we drive a conversation about how the IT security teams can better protect the marketing infrastructure and respond in the event of a breach. We must also insist that vendors go through security audits and that we ask as many questions as we can about their ability to protect and defend our data and any possible entry points into our environment that can affect other parts of the business.

The cornerstone of modern marketing is technology and data, marketers can have access to highly confidential information, making them potential targets. However, there is a bigger concern that marketing poses. Given the increased utilization of applications and services, marketing controls a number of technology decisions, whether it be solutions that are hosted in the cloud or purchased through third-party providers. Marketers need to proactively bring IT and the security teams together (if they are in separate groups) to manage data security more than ever. This can often be a herculean task.

More than once in my career I've experienced push-back when discussing why IT needs to allocate a resource to do a security assessment of the new web platform (which may include a combination of a dozen or so applications) before it goes live. IT and security teams can range in maturity on how they approach things and depending on how the teams are organized you can find yourself literally begging for someone to care about it.

As you well know, marketing generally creates and/or utilize large sets of data, and therefore firms must understand best practices around data use and security in the context of the marketing engine. Beyond regulatory requirements, data use policies, or opt-in permissions, there is a whole strategy that must be considered when adopting new cloud technologies or transforming marketing infrastructure and operations to a modern marketing model that is as secure as it can possibly be. Or, at least being monitored should there be an intrusion.

I would therefore argue that there needs to be a fundamental shift in the way we - marketing leaders and brand stewards - think about our role in protecting the infrastructure we build from advanced threats. If we are thinking technology, we also need to be thinking security. With great power comes great responsibility. CMO's need to become CyberCMOs and CMT's need to add an 'S' to their title; for both 'security' and for 'superpower.'