Security by Design
Guidelines (PDF) Press Release
Leaders Release Security Framework for
Interactive Messaging Ecosystem
Best Practices to Protect Data Assets,
Curb Identity Theft and Improve Online Trust
Seattle, Washington – April 20, 2011 – The Online Trust Alliance (OTA) today
announced the release of its
Design Framework and a set of security practices for the interactive
messaging ecosystem. As cybercriminals have targeted businesses with
increasing malice and precision, interactive marketers, their service
providers, and others in the messaging ecosystem need to recognize their
valuable data assets are at risk. Left unchecked, data breach incidents can
trigger a meltdown in consumer trust, jeopardizing consumer privacy and the
viability of online communications and commerce.
To help combat these threats, the OTA has joined with other leading industry
organizations, service and technology providers and major brands, to
accelerate adoption of effective security measures. The ‘Security by Design
Framework’ and its recommended practices are intended to provide a basis for
immediate action. It’s predicated on the belief that all members of the
messaging community have a stake in the preservation of consumer trust, data
stewardship, and privacy. Creating a culture of security is a critical
priority for the industry.
"As an online marketer, threats to trust are of great concern. It is
incumbent on all involved in the online ecosystem, Marketers and service
providers alike to take responsibility for the data that is collected and
treat it like the precious commodity that it is. The steps laid out by OTA
serve as a foundation for businesses assess their own data security needs.
The recent data breaches underscore the need to make this an important
initiative for 2011 and beyond not only for technology teams, but business
leaders as well", said Sal Tripi, Sr. Director of Operations, Privacy and
Compliance, Publishers Clearing
“The Security by Design Framework transcends technology and requires that
all organizations foster collaboration within their corporate and partner
ecosystem. By adopting these best practices, organizations will not just
challenge their own security constructs but also ensure that prospective
vendors and partners are adhering to the same high standards,” said David
Daniels, CEO and Co-Founder of
The Relevancy Group.
“Trust is at the cornerstone of our business. While starting with the trust
customers place in us, it extends to every interaction we have with each
other as well. So regardless of our role in the messaging ecosystem, we all
have a contribution to make and a stake in the outcome of proving ourselves
to be good custodians of customer data. As a messaging technology leader,
we’re actively participating in this OTA initiative and encourage others to
do the same,” said Dave Lewis, Chief Marketing Officer,
“As marketers are increasingly collecting sensitive and personal data,
'security by design' needs to become part of the industry’s DNA for every
new service, feature and process,” said Craig Spiezle, Executive Director
and President of the Online Trust Alliance. "This collaborative effort
demonstrates a commitment to online trust and confidence and the vitality of
the internet. The
willingness of businesses to make systemic changes while recognizing their
role as data stewards, demonstrates leadership and a commitment to
self-regulation. We call on all organizations to embrace these efforts and
help put trust back in email."
Supporting this initiative are a broad range of industry and business
leaders who share a belief in the needs for increased security and data
stewardship. Committee members include the Anti-Phishing Working Group,
Constant Contact, Datran Media, DigiCert*, eCert, Internet Identity,
Intersections*, LashBack, Mark Monitor*, Marketo, Message Systems*,
Microsoft, Publishers Clearing House*, Return Path*, The Relevancy Group,
Stopbadware.com, Symantec*, TRUSTe*, and TrustSphere*.
Steps to Effective "Security by Design
Create a cross-functional security team headed by a
chief security officer (or equivalent) as a single point of authority
with security accountability.
Map the data workflows within your organization and
vendors to identify points of vulnerability. Examine how you handle
data, from collection and storage to transmission, usage and
destruction. Define who should have access to the data, how and why.
Include security review milestones in the
product development process, from concept development, functional
specification development, design, testing and launch.
Audit your network infrastructure, mapping both
internal and external facing sites and all points of connection.
Implement processes to monitor your network and data assets to detect
unauthorized access or unusual patterns of activity.
Develop an incident response plan and team. Include
pre-defined action items and communication strategies that can be easily
executed should a breach occur.
About The Online Trust Alliance
Formed in 2004,
the Online Trust Alliance (OTA) is a global non-profit organization
representing the Internet ecosystem, supporting user choice and controls,
protection of critical infrastructure, privacy and data governance,
promoting marketing best practices and self-regulation. The OTA’s mission is
to develop and advocate best practices and public policy which mitigate
emerging privacy, identity and security threats to businesses, online
services, brands, government agencies, organizations and consumers, thereby
enhancing online trust and confidence.