Client Security Guide NEXT GENERATION CLOUD-SECURITY www.exacttarget.com
NEXT GENERATION CLOUD-SECURITY Companies across the globe are facing continuously evolving threats focused on obtaining an individual s login credentials in order to gain access to sensitive data. As part of our aggressive, multi-layered approach to protect client data, we are introducing our next generation cloud-security solutions named Protected by ExactTarget. Built upon our certified enterprise security capabilities, infrastructure, system access controls, real-time system monitoring, and active preventative technologies, Protected by ExactTarget is focused on three key areas: Infrastructure and data center security Security education for employees, clients, and partners Innovation to deliver the next generation of cloud-based security Our next generation cloud-security solutions add to our intuitive technologies to further protect client data. These include limiting access to the ExactTarget system using Two-Factor Authentication, restricting how data can be exported, continuing proactive behavior monitoring and alerting that detects suspicious user activity, and adding a series of advanced enterprise security solutions. At ExactTarget, the security of your data remains a top priority. Read on to learn more. What's Inside? 3 next generation cloud-security 4 recommended next steps 5 TWO-FACTOR AUTHENTICATION 6 The importance of individual user accounts 7 data export controls 8 Additional security Controls 9 Be vigilant against phishing attempts 10 faqs 2 www.exacttarget.com
Next generation cloud-security Now available within your account We re cooperatively working with clients to implement a set of next generation cloud-security solutions. This includes limiting access to the ExactTarget application using Two-Factor Authentication (similar to how financial institutions restrict access to online banking tools), as well as limiting how data can be exported from the ExactTarget application. Q1 2011 WATCHDOG BEHAVIOR MONITORING by ExactTarget Security Team (pg. 8) AVAILABLE NOW TWO-FACTOR AUTHENTICATION (pg. 5) DATA EXPORT CONTROLS (pg.7) LOGIN IP WHITELISTING (pg.8) COMING SOON ENTERPRISE SINGLE SIGN-ON Available (pg. 8) COMING SOON WATCHDOG available in the Interactive Marketing Hub (pg.8) WANT MORE INFORMATION BEFORE IMPLEMENTING these CONTROLS? In addition to the information available in this Client Security Guide, you may also access several security tutorials in 3Sixty or attend one of our upcoming security webinars. 3 www.exacttarget.com
Recommended next steps: To prepare for Two-factor Authentication pg.5 Visit the Administration panel in the ExactTarget Application to configure settings for Identity Validation. Setup > Administration > Security Settings > Identity Validation Make sure each ExactTarget user within your organization is not sharing a login. Make sure each user has a valid email address. Alert your users about the new login experience. To prepare for Data Export Controls pg. 7 Visit the Administration panel in the ExactTarget Application to configure settings for Data Export Controls. Setup > Administration > Security Settings > Data Export Controls Enter your approved list of email addresses and email domains that can receive data exports from the ExactTarget system. Turn on Data Export Controls. Consider implementing optional Login IP Whitelisting, which enables your users to bypass the Identity Validation process when coming from approved IP addresses. Turn on Identity Validation and/or Login IP Whitelisting. 4 www.exacttarget.com
TWO-FACTOR AUTHENTICATION Identity Validation Two-Factor Authentication is a way to prevent unauthorized access to the ExactTarget application by requiring more than a username and password at login (similar to how you might access an online banking account). HOW THIS IMPACTS YOU When logging into the ExactTarget application, users will be prompted to activate their machine by entering an activation code sent to the email address associated with the user s account. All users must have a valid email address associated with their account. 5 www.exacttarget.com
THE IMPORTANCE OF INDIVIDUAL USER ACCOUNTS ExactTarget s Watchdog behavior monitoring system will begin treating shared user activity as suspicious since this is a common pattern of behavior when credentials have been compromised. Criminals are using advanced threats to target individuals in an attempt to compromise an individual s login credentials and gain access to further sensitive information. ExactTarget is putting a set of next generation cloud-security solutions in place to protect against this targeted threat, as well as increasing the level of scrutiny on user behavior to recognize common threat patterns that occur when an individual user s credentials have been compromised. Strong security practices are built on the premise that each individual uses their own login to access the ExactTarget system. The identity validation process requires that each user is an individual and is able to confirm their identity when logging into the application for the first time. Therefore, the implementation of these additional security controls means that shared user logins will no longer function normally. WHAT YOU NEED TO DO Prepare your team for Two-Factor Authentication by ensuring all ExactTarget users within your organization are not sharing a login and have a valid email address. 6 www.exacttarget.com
DATA EXPORT CONTROLS Data Export Controls provide increased protection against unauthorized data access by limiting how data can be exported from the ExactTarget application. This gives administrators control of the email addresses that are acceptable for receiving data exports. HOW THIS IMPACTS YOU When exporting data to an email address, users will only be able to export data to an email address that is whitelisted. Administrators will be able to set up an approved list of emails within the administration panel. 7 www.exacttarget.com
ADDITIONAL SECURITY CONTROLS Identity Validation and Data Export Controls are only part of ExactTarget s next generation cloud-security solutions. You may also implement controls to limit system access by IP address, use additional enterprise security controls, and access our real-time administrative monitoring and alerting technology, Watchdog, via the Interactive Marketing Hub. TWO-FACTOR AUTHENTICATION DATA EXPORT CONTROLS LOGIN IP WHITELISTING WATCHDOG MONITORING AND ALERTS ADVANCED SECURITY SOLUTIONS (Single Sign-on) Login IP Whitelisting: IP Whitelisting enables you to only allow approved computer and network addresses to access the ExactTarget application. (Available now.) Watchdog: Watchdog is ExactTarget s proactive behavior-monitoring system and detects threat patterns and suspicious activity that could potentially lead to unauthorized access to ExactTarget accounts. Enterprise Single Sign-On: ExactTarget s SAML 2.0 Support enables enterprises to setup ExactTarget as a service provider within a federated identity solution. 8 www.exacttarget.com
BE VIGILANT Against PHISHING ATTEMPTS remember: ExactTarget will NEVER ask you for your username and password or other sensitive information outside the application. In order to set up these new security controls, you will always be required to log in to your account directly. We will not ask you to provide any information outside of the ExactTarget application. Make sure users remain aware. NEVER click on links in suspicious emails, Facebook posts, or Tweets even if they seem legitimate. 1 4 2 3 NEVER download or open files unless you are 100% sure they re safe to open. NEVER share your passwords with anyone ever. 5 NEVER provide sensitive information like passwords or account numbers to others unless you visit a trusted website by typing the web address into the browser yourself. ALWAYS keep your web browser and antivirus software up-to-date. 9 www.exacttarget.com
FREQUENTLY ASKED QUESTIONS What is Two-Factor Authentication? Two-Factor Authentication is a way to prevent unauthorized access to systems by requiring more than a username and password at login (similar to how you might access your online banking account). What is Identity Validation? Identity Validation requires users to verify who they are by entering an activation code sent to their email address, which activates their machine and enables them to continue the login process. What are Data Export Controls? Data Export Controls provide clients increased protection against unauthorized data access. The Email Whitelisting feature ensures exported data is sent only to approved email addresses. What is Login IP Whitelisting? Login IP Whitelisting enables clients to only allow approved computer and network addresses to access the ExactTarget application. 10 www.exacttarget.com
www.exacttarget.com