Social media channels have become some of the best ways for companies to engage with their audiences. Key messaging can be delivered to people on the channels that they want to use, whenever and wherever they happen to be. Feedback from these campaigns can be instant and measurable. However, while marketing teams have often fretted about how to control these campaigns, they have only considered company reputation and not the channels themselves.

This is an oversight. During 2013, big media organisations such as The Financial Times, The Press Association and The Guardian have had their social media presences hijacked by hackers linked to the Syrian Electronic Army, while companies like HMV saw their social channels controlled by disgruntled staff members during stressful situations.

Security for those social media channels is therefore an important consideration. Almost every marketing department uses cloud applications as well as services from public Web sites that offer a variety of login methods. The nature of marketing departments also makes this more challenging, as teams often include employees, agencies, clients, freelance designers, and optimisation experts.

When you have a distributed team of both internal and external users to consider, managing usernames and passwords for them is a real problem. Yet for most of us, handing over the security and administration of these services to central IT is not an option. We’ve grown accustomed to the freedom and agility that comes with having direct control over the procurement and management of our marketing applications. However, with that freedom and agility also comes increased responsibility.

The role of central IT

We understand that when employees join our marketing team, IT assigns them their email addresses and login credentials to the company’s core business applications. The new employee uses the corporate email address to sign into various systems such as email, the CRM system and file sharing. When that individual’s employment ends, the organisation must have access to and control over the data produced by the employee, while ensuring that he or she can no longer access the data.

The ability to use a single set of credentials to sign into multiple applications is known as single sign-on (SSO). This is often a function of a larger corporate system called identity management. Identity management software is used to manage authorisation and privileges across applications.

The challenge for marketing is that many of the cloud applications we use to get our jobs done fall outside of IT’s identity management infrastructure. It’s not IT’s fault. Traditional on-premise identity management systems were never intended to handle today’s burgeoning number of cloud applications. Furthermore, IT may not even be aware of all of the applications we use on a daily basis to run our department. However, as senior executives we must take responsibility in understanding the risks and taking the appropriate steps to secure these applications.

How to take control

There are five signs that you can look out for in order to prevent security problems around social media channels. Watch out for the following:

1. Employees use the same password for all their applications and never change them.
2. Users manage their passwords in spreadsheets or on sticky notes on their monitors.
3. People can still access your data after they leave the company.
4. Usernames and passwords get forgotten on a daily basis.
5. Teams share passwords for applications such as Twitter, Facebook, and LinkedIn; these don’t get changed when people leave the company.

If you recognise any of these problems, then the most important step is to take control of the situation.

Most companies use a directory to manage what IT assets users can get access to. Commonly, this will be Microsoft Active Directory or LDAP alongside an on-premise identity management system. One of the main benefits of these systems is that they can help enforce good password policy or eliminate the use of passwords with an SSO protocol such as SAML. SAML uses digital certificates to authenticate users and is supported by many cloud applications. There are also free SAML plug-ins available for most of the open-source content management systems including Drupal, Joomla and WordPress.

However, your existing on-premise infrastructure may not provide your marketing department with the agility, coverage, or provisioning requirements needed for all of your apps. The good news is that there are now cloud-based identity management systems that can provide marketing with the best of both worlds – the right level of control over access as well as the ability to use the tools that are needed.

Almost every marketing department uses cloud applications as well as services from public Web sites that offer a variety of login methods. Cloud-based identity management is a great way to secure these
applications and partner with IT, but without slowing down your ability to get work done quickly.

 

By Elias Terman, Vice President of Product Marketing at OneLogin.

 

Connect with on Google+

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus