MarTech Today: Companies are afraid of everyone’s website but their own

iStock_000001511231_Small

Article appeared in MarTech Today, Nov. 16, 2017

Read article

The Media Trust CEO: Most of what happens on your web site is not controlled by you

And this third-party code, says Chris Olson, results in dozens of cookies for each user, security vulnerabilities and performance hits.

 

Ecommerce–What’s happening on your site?

Wayward third-party vendors impact site performance, collect first-party data and expose site visitors to malware

Online shopping is now a primary revenue source for many retailers, and its growth trajectory is forecast to continue its double-digit growth rate. With their high-volume traffic and access to consumers’ credit cards, these sites also serve as revenue sources for hackers and fraudsters, who find retailers’ reliance on third-party vendors especially appealing. They gain access to sites by compromising legitimate third-party vendors.

Pinpointing the third-party vendors

Everyday ecommerce sites are rife with third-party vendors, many of them not clearly visible to site owners. These services provide the interactive and engaging experience consumers have come to expect and also enable the site to be monetized. Unbeknownst to many retailers, the third-party vendors they use to render these critical services—product reviews, content recommendation engines, payment systems, automated marketing services, analytics, content delivery networks, social media tools and more—can unintentionally function as a conduit for a host of unsavory activities including malware drops, first-party data collection, and latency-causing actions.

The challenge is to quickly identify the point of compromise, yet most ecommerce site operators don’t have a clear grasp of the vendors actively executing on their digital properties. The following infographic of a typical ecommerce site provides clues to where vendors can be found.

Ecommerce–What's happening on your site?

[Get your pdf copy at www.TheMedia.Trust]

Check yourself before you wreck yourself

How do you control these vendors and what they do on your site? The ability to effectively manage an ecommerce site requires intricate command of the technology, processes and vendors needed to render pages that not only meet revenue goals, but do so without compromising the user experience. This means the site must be free of malware, performance-sapping vendors and privacy-violating data collection activity.  To protect against third-party code’s inherent risks, ecommerce teams must work with their IT, information security, and legal teams to constantly monitor—in real time—the code executing on their sites. Otherwise, a host of activities can be underway without your knowledge which can negatively impact the user experience, your brand and your revenue stream.

Guess what? Corporate websites are out of your control

Recognizing how websites and mobile apps have transformed business models

website shadow IT

Marriott. Toys R Us. Darden Restaurants. Wal-Mart. Kraft. Neiman Marcus. Dell. What do these diverse companies have in common? They are all digital publishers.

As highlighted in a recent article, Dell spends millions of dollars each year developing content for their public-facing website. From placing advertisements to writing stories about women in technology to creating informative videos, Dell recognizes the power of digital content as an important part of the sales process. And their public-facing website serves as the primary communication channel to their most valuable asset—the customer. Dell isn’t alone.

Once relegated to traditional media companies, the concept of a digital publisher has morphed to encapsulate any organization that uses digital channels to promote their business—either directly with coupons, product reviews and ecommerce capabilities or indirectly via promotional videos, polls and recipes. In effect, any firm with a digital property—website or mobile app—should consider themselves a digital publisher.

Digital content is outside your control

Digital content and the channels through which it is acquired and delivered requires a new approach to security.

High-quality, informative websites and mobile apps attract visitors, and this attention draws evildoers. Looking to capitalize on your hard-won customers and website traffic, these bad actors mine for poor web code to exploit. They redirect visitors outside your page, launch malware downloads, and steal valuable visitor data, to name a few actions that no reputable business wants. In fact, online and mobile channels are the primary vectors for malware, with 85% of all malware distributed via the web.

Securing public-facing digital properties should be easy, right? The challenge is that most of the code delivering the interactive and engaging user experience that renders on the site visitor’s browser is from a third party and therefore outside your control. As a matter of fact, third-party code makes up more than 78% of the code found on Fortune 1000 websites. Think about it. Almost every corporate website uses video, blog, talent acquisition and social media tools in addition to the standard backend data analytics and marketing platforms. Though incorporated into your website design, these third-party providers execute outside your website’s technical operation thereby minimizing your ability to control their security or activity. And they are often compromised. (Read more about third-party code providers.)

Responsibility of Securing public-facing digital properties

Viewed from a digital publisher lens, strategic business growth depends on delivering a top-notch user experience to website visitors and mobile apps users—customers and employees. Securing these digital properties means closely monitoring third-party activities to ensure they are not dropping malware, collecting unauthorized user data or negatively impacting site performance.

With digital publishing comes responsibility. Embrace it.