Tag Archives: digital publishing

The Blind Spot in Enterprise Security

by in Enterprise and tagged , , , , , , , , | 2 Comments

Website security is overlooked in most IT governance frameworks. 

website security blindspot

Managing a website isn’t as easy as you think. Sure, you test your code and periodically scan web applications but this only addresses your first-party owned code. What about third-party code?

Considering more than 78% of the code executing on enterprise websites is from third-parties, IT/ website operations departments cannot truly control what renders on a visitor’s browser. This inability to identify and authorize vendor activity exposes the enterprise to a host of issues affecting security, data privacy and overall website performance. And, your website isn’t immune.

Masked vulnerability: What you don’t know can hurt you

The fact that the majority of the code executing on an enterprise website is not seen, let alone managed, does not absolve the enterprise from blame should something go wrong—and it does.

Much publicized stories about website compromises and digital defacement point to the embarrassing reality that websites are not easy to secure. But that’s not all.

Digital property owners—websites and mobile apps—are beholden to a series of regulations covering consumer privacy, deceptive advertising, and data protection. The U.S. Federal Trade Commission U.S. has dramatically stepped up enforcement of deceptive advertising and promotional practices in the digital environment over the past few years and recently signaled interest in litigating enterprises found to be violating the Children’s Online Privacy Protection Act (COPPA).

Data privacy regulations don’t only apply to minors accessing the website. The recent overturning of EU-US Safe Harbor and resulting EU-US Privacy Shield framework calls attention to the need to understand what data is collected, shared and stored via enterprise digital operations.

Don’t forget that these third parties directly affect website performance. Problematic code or behavior—too many page requests, large page download size, general latency, etc.—render a poor experience for the visitor. Potential customers will walk if your website pages take more than two seconds to load, and third parties are usually the culprits.

The problem is that the prevalence of third-party code masks what’s really happening on a public-facing website. This blindness exposes the enterprise to unnecessary risk of regulatory violations, brand damage and loss of revenue.

Seeing through the camouflage

This is a serious issue that many enterprises come to realize a little too late. Third-party vendors provide the interactive and engaging functionality people expect when they visit a website—content recommendation engines, customer identification platforms, social media widgets and video platforms, to name a few. In addition, they are also the source of numerous back-end services used to optimize the viewing experience—content delivery network, marketing management platforms, and data analytics.

Clearly, third parties are critical to the digital experience. However, no single individual or department in an organization is responsible for everything that occurs on the site—marketing provides the content and design, IT/web operations makes sure it works, sales/ecommerce drives the traffic, etc. This lack of holistic oversight makes it impossible to hold anyone or any group accountable for when things go wrong that can jeopardize the enterprise.

Case in point: can you clearly answer the following:

  • How many third-party vendors executing on your website?
  • How did they get on the site, i.e., were they called by another vendor?
  • Can you identify all activity performed by each vendor?
  • What department authorized and takes ownership of these vendors and their activity?
  • How do you ensure vendor activity complies with your organization’s policies as well as the growing body of government regulations?
  • What is the impact of individual vendor activity on website performance?
  • What recourse do you have for vendors that fail to meet contractually-agreed service level agreements (SLA)?

Questions like these highlight the fact that successfully managing an enterprise website requires a strong command of the collective and individual technologies, processes and vendors used to render the online presence, while simultaneously keeping the IT infrastructure secure and in compliance with company-generated and government-mandated policies regarding data privacy.

Adopting a Website Governance strategy will help you satisfy these requirements.

Take back control

What happens on your website is your responsibility. Don’t you think you should take control and know what’s going on? It’s time you took a proactive approach to security. The Media Trust can shine a light on your entire website operation and alert you to security incidents, privacy violations and performance issues.

 

Ad Ops can rest a bit easier with malware resolution strategies

by in Ad Tech, Publishing and tagged , , , , , , ,

Sharing of malware incident information proving a success

Ad Ops can rest easy

The continuous threat of malware in the advertising ecosystem keeps many advertising operations professionals awake at night. The speed at which ads are bought and served and the number of players involved comes at a steep price—vulnerability to malware. For years, The Media Trust has tackled this vulnerability head on by detecting malware in our clients’ digital ecosystems and providing the critical details that allow the malware to be located and shut down. Impacted clients then communicated these details with the specific partner serving the infected ad. This daisy-chain process involves a series of communications with upstream partners, a process that can take up to 72 hours while the malicious ad continues to circulate.

To minimize the daisy-chain effect, The Media Trust introduced Media Scanner’s Resolution Services, an information sharing service that provides for simultaneous communication of malware alert details among partners. Announced in April, Media Scanner’s Resolution Services has proven to be a resounding success with 20 digital publishers and more than 20 ad tech partners enrolled in just under six months.

Reaping what you sow

Media Scanner’s Resolution Services is a SaaS-based service that provides real-time information sharing with upstream and downstream business partners about malicious ads detected in a client’s advertising operation. As part of the Media Scanner product family, this solution is available as a complimentary add-on to existing clients with significant ad tag volume.

Designed for publishers, ad networks, ad exchanges, demand platforms and paid-content engines, the service’s continuous, real-time information sharing compresses cycle times for malware detection, notification and remediation from several days to mere seconds, drastically reducing infected tags’ ability to harm site visitors and the site’s brand reputation. By compressing this cycle time, companies can speed incident remediation, protect revenue by ensuring ad tags stay active and strengthen business relationships.

Real-time, actionable malvertising intelligence delivers a host of benefits to the entire digital ecosystem.

  • Revenue continuity: By sharing malware incident data with the upstream party serving the malware, bad ads are removed more quickly thereby allowing ad tags to remain active and generating revenue.
  • Improved incident response: By allowing Media Scanner to send an alert to clients and their mutually-impacted business partners, everyone realizes a shorter cycle time to resolve the issue across the entire advertising value chain.
  • Streamlined incident handling: Once an anomalous ad tag is detected and confirmed, The Media Trust automatically notifies all impacted partners throughout the advertising ecosystem, which ensures the ad can be removed and then permanently blocked.
  • Enhanced security posture: 24/7 access to information on malicious ad tags improves not only the health of a publisher’s advertising operation, but also strengthens their organization’s security posture, bridging the gap across ad ops, sales, marketing, site operations and security teams.
  • Strengthened relationships among partners: Real-time communication and cooperation generates a positive network externality that improves the overall health of the entire online and mobile advertising ecosystems and severely limits malware’s success rate.

In the past few months, this solution simultaneously communicated hundreds of malware incidents to impacted publishers and their authorized ad tech partners, greatly accelerating the termination of malware, removing hours—sometimes days—from the cycle. This increased speed of malware incident resolution exponentially improves the level of protection across the greater online and mobile advertising ecosystem. But more can be done.

An eye to the future

Ad tech providers want to get into the game and initiate this program with their buying partners, attesting to the true value of Media Scanner’s Resolution Services. The Media Trust is now working with ad tech clients to share incidents with authorized agency media buyers and trading desks—a critical step to tackling malware as it enters the advertising environment. Malvertising will never be eradicated, but, limiting its ability to rapidly propagate throughout the digital ecosystem helps everyone rest a bit easier.