Client
SeCurity
Guide
NEXT GENERATION CLOUD-SECURITY
Companies across the globe are facing continuously evolving threats focused on obtaining an individual’s login credentials in order to gain access to sensitive data.
Built upon our certified enterprise security capabilities, infrastructure, system access controls, real-time system monitoring, and active preventative technologies, Protected by ExactTarget is focused on three key areas:
• Infrastructure and data center security
• Security education for employees, clients, and partners
• Innovation to deliver the next generation of cloud-based security Our next generation cloud-security solutions add to our intuitive technologies to further protect client data. These include limiting access to the ExactTarget system using Two-Factor Authentication, restricting how data can be exported, continuing proactive behavior monitoring and alerting that detects suspicious user activity, and adding a series of advanced enterprise security solutions.
At ExactTarget, the security of your data remains a top priority. Read on to learn more.
3 next generation cloud-security 4 recommended next steps 5 tWo-Factor autHentication 6 tHe importance oF individual
user accounts
7 data export controls
8 additional security controls 9 Be vigilant against
pHisHing attempts 10 Faqs
WhAT'S INSIDE?
As part of our aggressive, multi-layered approach to
protect client data, we are introducing our next generation
cloud-security solutions named Protected by ExactTarget.
Next geNeratioN cloud-security
NOW AvAILAbLE WIThIN YOUR ACCOUNT
We’re cooperatively working with clients to implement a set of next generation cloud-security solutions. This includes limiting access to the ExactTarget application using Two-Factor Authentication (similar to how financial institutions restrict access to online banking tools), as well as limiting how data can be exported from the ExactTarget application.
AVAILABLE NOW
TWO-FACTOR AUTHENTICATION (pg.5)DATA EXPORT CONTROLS (pg.7)
LOGIN IP WHITELISTING (pg.8)
WATCHDOG available in the Interactive Marketing Hub (pg.8)
COMING SOON
COMING SOON
Q1 2011
WATCHDOG BEHAVIOR MONITORINGby ExactTarget Security Team (pg.8) ENTERPRISE SINGLE SIGN-ON Available (pg.8)
WANT MORE INFORMATION
BEFORE IMPLEMENTING THESE CONTROLS?
In addition to the information available in this Client Security Guide, you may also access several
security tutorials in 3Sixty or attend one of our upcoming security webinars.
TO PREPARE FOR
TWO-fACTOR AUThENTICATION
pg.5
TO PREPARE FOR
DATA EXpORT CONTROLS
pg.7
visit the administration panel in the
exacttarget application to configure
settings for identity validation.
Setup > Administration > Security Settings > Identity Validation
make sure each exacttarget user within
your organization is not sharing a login.
make sure each user has a valid
email address.
alert your users about the new
login experience.
consider implementing optional login ip
Whitelisting, which enables your users
to bypass the identity validation process
when coming from approved ip addresses.
turn on identity validation and/or login ip
Whitelisting.
visit the administration panel in the
exacttarget application to configure settings
for data export controls.
Setup > Administration > Security Settings > Data Export Controls
enter your approved list of email addresses
and email domains that can receive data
exports from the exacttarget system.
turn on data export controls.
two-Factor authentication is
a way to prevent unauthorized
access to the exacttarget
application by requiring
more than a username and
password at login (similar
to how you might access an
online banking account).
TWO-fACTOR AUThENTICATION
ideNtity ValidatioN
HOW THIS IMPACTS YOU
When logging into the ExactTarget application, users will be prompted to “activate their machine” by entering an
activation code sent to the email address associated with the user’s account.
All users must have a
Criminals are using advanced threats to target individuals in an attempt to compromise an individual’s login credentials and gain access to further sensitive information. ExactTarget is putting a set of next generation cloud-security solutions in place to protect against this targeted threat, as well as increasing the level of scrutiny on user behavior to recognize common threat patterns that occur when an individual user’s credentials have been compromised.
Strong security practices are built on the premise that each individual uses their own login to access the ExactTarget system. The identity validation process requires that each user is an individual and is able to confirm their identity when logging into the application for the first time. therefore, the implementation of these additional security controls means that shared user logins will no longer function normally.
tHe iMPortaNce oF
INDIvIDUAL USER ACCOUNTS
WHAT YOU NEED TO DO
Prepare your team for Two-Factor Authentication by ensuring all ExactTarget users within your organization
are not sharing a login and have a valid email address.
ExactTarget’s Watchdog behavior monitoring system will begin treating “shared user activity” as
suspicious since this is a common pattern of behavior when credentials have been compromised.
data export controls provide increased
protection against unauthorized data
access by limiting how data can
be exported from the exacttarget
application. this gives administrators
control of the email addresses that are
acceptable for receiving data exports.
DATA
EXpORT
CONTROLS
HOW THIS IMPACTS YOU
When exporting data to an email address, users will only be able to export data to an email address
that is whitelisted.
Administrators will be able to set up an approved list of emails within the
TWO-FACTOR
AUTHENTICATION WHITELISTINGLOGIN IP
ADVANCED SECURITY SOLUTIONS (Single Sign-on) DATA EXPORT
CONTROLS
WATCHDOG MONITORING AND ALERTS
Identity Validation and Data Export
Controls are only
part
of ExactTarget’s
next generation cloud-security solutions.
You may also implement controls to limit
system access by IP address, use additional
enterprise security controls, and access
our real-time administrative monitoring
and alerting technology, Watchdog, via the
Interactive Marketing Hub.
ADDITIONAL SECURITY CONTROLS
loGin iP WhiteliStinG:
IP Whitelisting enables you to only allow approved computer and network addresses
to access the ExactTarget application. (Available now.)
WatChdoG:
Watchdog is ExactTarget’s proactive behavior-monitoring system and detects threat patterns and
suspicious activity that could potentially lead to unauthorized access to ExactTarget accounts.
enterPriSe SinGle SiGn-on:
ExactTarget’s SAML 2.0 Support enables enterprises to setup ExactTarget as
a service provider within a federated identity solution.
ADDITIONAL SECURITY CONTROLS
in order to set up these new security controls, you will always be required to log in to your account
directly. We will not ask you to provide any information outside of the exacttarget application.
make sure users remain aware.
bE vIGILANT
agaiNst PHisHiNg atteMPts
REMEMBER: ExactTarget will NEVER ask you for your username and password or other sensitive information outside the application.
NEvER
click on links in suspicious emails,
Facebook posts, or tweets—even if they
seem legitimate.
NEvER
download or open files unless you
are 100% sure they’re safe to open.
NEvER
share your passwords with
anyone—ever.
never
provide sensitive information like
passwords or account numbers to others
unless you visit a trusted website by typing
the web address into the browser yourself.
alWayS
keep your web browser and
antivirus software up-to-date.
1 4
2
5 3
fREQUENTLY ASKED QUESTIONS
What is Two-Factor Authentication?
Two-Factor Authentication is a way to prevent unauthorized access to systems by requiring more than a username and password at login (similar to how you might access your online banking account).
What is Identity Validation?
Identity Validation requires users to verify who they are by entering an activation code sent to their email address, which activates their machine and enables them to continue the login process.
What are Data Export Controls?
Data Export Controls provide clients increased protection against unauthorized data access. The Email Whitelisting feature ensures exported data is sent only to approved email addresses.
What is Login IP Whitelisting?
Login IP Whitelisting enables clients to only allow approved computer and network addresses to access the ExactTarget application.