{"id":1029,"date":"2011-04-06T23:52:56","date_gmt":"2011-04-07T03:52:56","guid":{"rendered":"http:\/\/brickstreetsoftware.com\/content\/?p=1029"},"modified":"2013-04-22T13:09:20","modified_gmt":"2013-04-22T17:09:20","slug":"alternatives-to-low-security-esps","status":"publish","type":"post","link":"https:\/\/brickstreetsoftware.com\/content\/posts\/opinions\/alternatives-to-low-security-esps\/","title":{"rendered":"Alternatives to Low Security ESPs"},"content":{"rendered":"<p><b>If you cannot accept the occasional security breach, what is the alternative to ESPs?<\/b><\/p>\n<p>On 1 April 2011,\u00a0<a href=\"http:\/\/www.securityweek.com\/massive-breach-epsilon-compromises-customer-lists-major-brands\" target=\"_blank\">Epsilon disclosed<\/a>\u00a0that they had suffered a security breach and that a &#8220;subset&#8221; of their clients&#8217; customer data had been exposed.<\/p>\n<p><img decoding=\"async\" title=\"More...\" alt=\"\" src=\"http:\/\/blog.brickstreetsoftware.com\/wp-includes\/js\/tinymce\/plugins\/wordpress\/img\/trans.gif\" \/><\/p>\n<ul>\n<li>Several\u00a0<a href=\"http:\/\/www.magillreport.com\/Epsilon-Valdez-How-Bad-Might-it-Get\/\" target=\"_blank\">experts<\/a>\u00a0<a href=\"http:\/\/krebsonsecurity.com\/2011\/04\/epsilon-breach-raises-specter-of-spear-phishing\/\" target=\"_blank\">observed<\/a>\u00a0that this breach will lead to a rash of targeted spear phishing attacks: since the attackers got customer databases from several brands, they should now be able correlate your behavior across these databases.<\/li>\n<li>People within the email marketing industry are generally calling for restraint. Email Service Providers (ESPs) are all vulnerable to these attacks and the Epsilon breach is just the latest in a series of data security breaches at SaaS vendors.<\/li>\n<\/ul>\n<p style=\"text-align: center;\"><a href=\"http:\/\/brickstreetsoftware.com\/content\/wp-content\/uploads\/2011\/04\/epsilon-esp-tweet-20110405-300x70.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1032 aligncenter\" alt=\"tweet\" src=\"http:\/\/brickstreetsoftware.com\/content\/wp-content\/uploads\/2011\/04\/epsilon-esp-tweet-20110405-300x70.png\" width=\"300\" height=\"70\" \/><\/a><\/p>\n<p>If you start looking, you quickly find that these breaches occur\u00a0<a href=\"http:\/\/www.theregister.co.uk\/2010\/12\/15\/silverpop_breach_probe\/\" target=\"_blank\">with<\/a>\u00a0<a href=\"http:\/\/itknowledgeexchange.techtarget.com\/security-bytes\/salesforcecom-and-the-debate-over-saas-security-email-confidentiality\/\" target=\"_blank\">depressing<\/a>\u00a0<a href=\"http:\/\/news.cnet.com\/8301-27080_3-20051038-245.html\" target=\"_blank\">regularity<\/a>.\u00a0<a href=\"http:\/\/blog.wordtothewise.com\/2011\/04\/time-for-a-real-security-response\/\" target=\"_blank\">As Laura Atkins points out<\/a>, the problem is systemic in the ESP industry:<\/p>\n<blockquote><p>ESPs do not have sufficient security in place to prevent hackers from getting into their systems and stealing their customers\u2019 data.<\/p><\/blockquote>\n<p>If you compare ESPs with banks, the approach to security is night and day. Banks generally don\u2019t have these kinds of security breaches, while they are all too common among SaaS vendors. The ESPs might claim that their security is comparable to a bank, but that is empty posturing because they could never afford it.<\/p>\n<p>So if you cannot accept the occasional security breach, what is the alternative to ESPs? The main alternative is to bring email marketing in-house, so that your data never leaves your premises. On-premise applications generally do not suffer from the security problems that seem to plague SaaS vendors. A case in point is that\u00a0<a href=\"http:\/\/brickstreetsoftware.com\/products\/connect\" target=\"_blank\">our Connect application<\/a>\u00a0has been running in-house at large B2C marketers for nearly 10 years and has never suffered a security breach.<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/brickstreetsoftware.com\/content\/wp-content\/uploads\/2013\/04\/connect-arch-wboard-20110405-300x144.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1030 aligncenter\" alt=\"CONNECT whiteboard\" src=\"http:\/\/brickstreetsoftware.com\/content\/wp-content\/uploads\/2013\/04\/connect-arch-wboard-20110405-300x144.png\" width=\"300\" height=\"144\" \/><\/a><\/p>\n<p>There are two reasons for this track record.<\/p>\n<ul>\n<li>One reason is the Connect architecture. In Connect, the customer database is kept in a secure subnet and is never exposed to the public internet. The work of sending messages and handling results is done by workers deployed in an exposed subnet. ESPs typically cannot use this kind of architecture because they have to provide access to their clients on the public internet.<\/li>\n<li>However, the main reason for Connect\u2019s security track record is our customers: they care deeply about data security and don\u2019t trust anyone but themselves to do it right.<\/li>\n<\/ul>\n<p>Our prediction is that the top brands will re-evaluate their decision to do business with ESPs and many will decide to move the function in house, especially in financial services. If you decide to outsource and compete with a brand that has an in-house ESP, you may eventually be stuck with damage control after the next breach, while your competitor takes market share.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you cannot accept the occasional security breach, what is the alternative to ESPs? On 1 April 2011,\u00a0Epsilon disclosed\u00a0that they had suffered a security breach and that a &#8220;subset&#8221; of their clients&#8217; customer data had been exposed. Several\u00a0experts\u00a0observed\u00a0that this breach will lead to a rash of targeted spear phishing attacks: since the attackers got customer [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-1029","post","type-post","status-publish","format-standard","hentry","category-opinions","entry","odd"],"_links":{"self":[{"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/posts\/1029","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/comments?post=1029"}],"version-history":[{"count":7,"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/posts\/1029\/revisions"}],"predecessor-version":[{"id":1033,"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/posts\/1029\/revisions\/1033"}],"wp:attachment":[{"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/media?parent=1029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/categories?post=1029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brickstreetsoftware.com\/content\/wp-json\/wp\/v2\/tags?post=1029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}