December is a popular month for year-end lists and ‘best of’ compilations. One list that no company wants to appear on, though, is a year-end summation of the worst data breaches. A cloud storage company, a Fortune 500 financial services company, and Facebook are among the half dozen companies that make the Security Boulevard list of the worst 2019 breaches, affecting roughly 4.3 billion customer records worldwide.
With the California Consumer Protection Act (CCPA) taking effect in January and other state data privacy rules in legislation, 2020 will be a watershed year for marketers to resolve privacy and compliance challenges in a cloud or hybrid infrastructure without risking security or sacrificing the ability to provide a personalized customer experience.
There’s a lot at stake, which makes it important to understand what people mean when they talk about a cloud environment. Traditionally, a “hosted” environment meant that an organization entrusted their data to an external vendor, either in a dedicated data center (i.e., Acxiom), private cloud or public cloud, the latter of which being equivalent to a software-as-a-service (SaaS) application. Conversely, the classic definition of on-premise simply meant that data resided inside an organization’s own data center.
The traditional lines between on-premise and cloud have blurred, however. Decisions about cloud or on-premise deployments are not really about who hosts or manages a company’s data. Rather, they’re about who owns and controls the security perimeter.
Why Perimeter Control Matters for Customer Engagement
Organizations entrust marketing cloud vendors with their customer data because they make an assessment that the reward – the delivery of a personalized customer experience – outweighs the risk. The calculation that there is some acceptable level of risk demonstrates the critical importance that marketing gets customer experience right. According to a much-referenced Frost & Sullivan report, 2020 will be the year that customer experience supplants price and product as the most important factor for customers when making a purchasing decision.
The problem for organizations is that while potential rewards are increasing, so too is the risk – as GDPR, CCPA and other data privacy regulations make clear. Simply put, organizations are reluctant to give up control of the security perimeter, and are trying to find a way to strike an equilibrium between providing a differentiated customer experience while still safeguarding customer data in a cloud deployment.
Traditionally, the SaaS value proposition was one of convenience; ceding control of the security perimeter was balanced by outsourcing some functions of an organization’s IT department to the vendor. But in addition to rising security concerns, the convenience of a public cloud is less of a selling point because SaaS applications have evolved to become functionally specialized and industry-specific, which locks companies into pre-defined functionality and prevents changes to a data model. For marketers striving for innovative customer engagement strategies, data model restrictions and unintegrated customer data in various niche SaaS applications are non-starters antithetical to the notion of personalizing the customer experience.
Control and Security – the Best of Both Worlds
The argument from marketing cloud vendors justifying ceding control of the security perimeter is, in a word, trust. They claim the highest levels of dev and cloud security, along with unparalleled SLA, RTO, and RPO levels that inspire peace of mind.
There are two problems with the argument. First is the lack of an absolute guarantee; a contract might stipulate compensation for a data breach, an “act of God”, or other failure, but that’s shutting the barn door after the horse has left. Risk can be minimized but not eliminated. Second, and more importantly for the purpose of customer engagement, is the concern over a perimeter breach is a separate discussion from control over the data once it’s inside the perimeter. Putting your application inside of someone else’s security perimeter cedes a level of control over how the data will be used, where it’s used, and who has access. Further, it prevents full integration of the martech stack and enterprise functionality.
For enterprise companies, owning and controlling the cloud security perimeter is quickly becoming the default option in response to tightening regulations. SME companies are at a different decision point, especially if they do not fall under CCPA (or GDPR) jurisdiction. But if enterprise-grade security without sacrificing enterprise functionality is the path you want, RedPoint eliminates the need to balance security concerns with providing a personalized customer experience with a hybrid cloud solution that sits inside of a company’s own security perimeter, akin to a private version of a SaaS deployment.
RedPoint clients can manage their own security perimeter encompassing their own cloud subscription, and provide RedPoint with permission to access and update the software without having to move data outside of the perimeter. This deployment model mitigates risk and meets enterprise-grade security requirements while preserving the control and integration needed to provide a hyper-personalized customer experience that drives revenue.
Editor’s Note: A follow-up blog will explore in greater detail benefits of having a holistic, consistent security operation without the need to cross security perimeter boundaries.