• No results found

Client Security Guide

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Client Security Guide"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Client

SeCurity

Guide

(2)

NEXT GENERATION CLOUD-SECURITY

Companies across the globe are facing continuously evolving threats focused on obtaining an individual’s login credentials in order to gain access to sensitive data.

Built upon our certified enterprise security capabilities, infrastructure, system access controls, real-time system monitoring, and active preventative technologies, Protected by ExactTarget is focused on three key areas:

• Infrastructure and data center security

• Security education for employees, clients, and partners

• Innovation to deliver the next generation of cloud-based security Our next generation cloud-security solutions add to our intuitive technologies to further protect client data. These include limiting access to the ExactTarget system using Two-Factor Authentication, restricting how data can be exported, continuing proactive behavior monitoring and alerting that detects suspicious user activity, and adding a series of advanced enterprise security solutions.

At ExactTarget, the security of your data remains a top priority. Read on to learn more.

3 next generation cloud-security 4 recommended next steps 5 tWo-Factor autHentication 6 tHe importance oF individual

user accounts

7 data export controls

8 additional security controls 9 Be vigilant against

pHisHing attempts 10 Faqs

WhAT'S INSIDE?

As part of our aggressive, multi-layered approach to

protect client data, we are introducing our next generation

cloud-security solutions named Protected by ExactTarget.

(3)

Next geNeratioN cloud-security

NOW AvAILAbLE WIThIN YOUR ACCOUNT

We’re cooperatively working with clients to implement a set of next generation cloud-security solutions. This includes limiting access to the ExactTarget application using Two-Factor Authentication (similar to how financial institutions restrict access to online banking tools), as well as limiting how data can be exported from the ExactTarget application.

AVAILABLE NOW

TWO-FACTOR AUTHENTICATION (pg.5)

DATA EXPORT CONTROLS (pg.7)

LOGIN IP WHITELISTING (pg.8)

WATCHDOG available in the Interactive Marketing Hub (pg.8)

COMING SOON

COMING SOON

Q1 2011

WATCHDOG BEHAVIOR MONITORING

by ExactTarget Security Team (pg.8) ENTERPRISE SINGLE SIGN-ON Available (pg.8)

WANT MORE INFORMATION

BEFORE IMPLEMENTING THESE CONTROLS?

In addition to the information available in this Client Security Guide, you may also access several

security tutorials in 3Sixty or attend one of our upcoming security webinars.

(4)

TO PREPARE FOR

TWO-fACTOR AUThENTICATION

pg.5

TO PREPARE FOR

DATA EXpORT CONTROLS

pg.7

visit the administration panel in the

exacttarget application to configure

settings for identity validation.

Setup > Administration > Security Settings > Identity Validation

make sure each exacttarget user within

your organization is not sharing a login.

make sure each user has a valid

email address.

alert your users about the new

login experience.

consider implementing optional login ip

Whitelisting, which enables your users

to bypass the identity validation process

when coming from approved ip addresses.

turn on identity validation and/or login ip

Whitelisting.

visit the administration panel in the

exacttarget application to configure settings

for data export controls.

Setup > Administration > Security Settings > Data Export Controls

enter your approved list of email addresses

and email domains that can receive data

exports from the exacttarget system.

turn on data export controls.

(5)

two-Factor authentication is

a way to prevent unauthorized

access to the exacttarget

application by requiring

more than a username and

password at login (similar

to how you might access an

online banking account).

TWO-fACTOR AUThENTICATION

ideNtity ValidatioN

HOW THIS IMPACTS YOU

When logging into the ExactTarget application, users will be prompted to “activate their machine” by entering an

activation code sent to the email address associated with the user’s account.

All users must have a

(6)

Criminals are using advanced threats to target individuals in an attempt to compromise an individual’s login credentials and gain access to further sensitive information. ExactTarget is putting a set of next generation cloud-security solutions in place to protect against this targeted threat, as well as increasing the level of scrutiny on user behavior to recognize common threat patterns that occur when an individual user’s credentials have been compromised.

Strong security practices are built on the premise that each individual uses their own login to access the ExactTarget system. The identity validation process requires that each user is an individual and is able to confirm their identity when logging into the application for the first time. therefore, the implementation of these additional security controls means that shared user logins will no longer function normally.

tHe iMPortaNce oF

INDIvIDUAL USER ACCOUNTS

WHAT YOU NEED TO DO

Prepare your team for Two-Factor Authentication by ensuring all ExactTarget users within your organization

are not sharing a login and have a valid email address.

ExactTarget’s Watchdog behavior monitoring system will begin treating “shared user activity” as

suspicious since this is a common pattern of behavior when credentials have been compromised.

(7)

data export controls provide increased

protection against unauthorized data

access by limiting how data can

be exported from the exacttarget

application. this gives administrators

control of the email addresses that are

acceptable for receiving data exports.

DATA

EXpORT

CONTROLS

HOW THIS IMPACTS YOU

When exporting data to an email address, users will only be able to export data to an email address

that is whitelisted.

Administrators will be able to set up an approved list of emails within the

(8)

TWO-FACTOR

AUTHENTICATION WHITELISTINGLOGIN IP

ADVANCED SECURITY SOLUTIONS (Single Sign-on) DATA EXPORT

CONTROLS

WATCHDOG MONITORING AND ALERTS

Identity Validation and Data Export

Controls are only

part

of ExactTarget’s

next generation cloud-security solutions.

You may also implement controls to limit

system access by IP address, use additional

enterprise security controls, and access

our real-time administrative monitoring

and alerting technology, Watchdog, via the

Interactive Marketing Hub.

ADDITIONAL SECURITY CONTROLS

loGin iP WhiteliStinG:

IP Whitelisting enables you to only allow approved computer and network addresses

to access the ExactTarget application. (Available now.)

WatChdoG:

Watchdog is ExactTarget’s proactive behavior-monitoring system and detects threat patterns and

suspicious activity that could potentially lead to unauthorized access to ExactTarget accounts.

enterPriSe SinGle SiGn-on:

ExactTarget’s SAML 2.0 Support enables enterprises to setup ExactTarget as

a service provider within a federated identity solution.

(9)

ADDITIONAL SECURITY CONTROLS

in order to set up these new security controls, you will always be required to log in to your account

directly. We will not ask you to provide any information outside of the exacttarget application.

make sure users remain aware.

bE vIGILANT

agaiNst PHisHiNg atteMPts

REMEMBER: ExactTarget will NEVER ask you for your username and password or other sensitive information outside the application.

NEvER

click on links in suspicious emails,

Facebook posts, or tweets—even if they

seem legitimate.

NEvER

download or open files unless you

are 100% sure they’re safe to open.

NEvER

share your passwords with

anyone—ever.

never

provide sensitive information like

passwords or account numbers to others

unless you visit a trusted website by typing

the web address into the browser yourself.

alWayS

keep your web browser and

antivirus software up-to-date.

1 4

2

5 3

(10)

fREQUENTLY ASKED QUESTIONS

What is Two-Factor Authentication?

Two-Factor Authentication is a way to prevent unauthorized access to systems by requiring more than a username and password at login (similar to how you might access your online banking account).

What is Identity Validation?

Identity Validation requires users to verify who they are by entering an activation code sent to their email address, which activates their machine and enables them to continue the login process.

What are Data Export Controls?

Data Export Controls provide clients increased protection against unauthorized data access. The Email Whitelisting feature ensures exported data is sent only to approved email addresses.

What is Login IP Whitelisting?

Login IP Whitelisting enables clients to only allow approved computer and network addresses to access the ExactTarget application.

(11)

References

Download now ( PDF - 11 Page - 1.28 MB )

Related documents

Out-of-plane shear strength of steel-concrete sandwich panels

1) Similar shear-transfer actions can be identified in SCS members as in RC although their contribution to the shear resistance can be different due to the influence of the shear

Transcription factor NFYB-1 regulates mitochondrial function and promotes longevity induced by mitochondrial impairment

Nuclear respiratory factors govern the expression of nuclear encoded mitochondrial genes required for oxidative phosphorylation (OXPHOS) as well as the expression

Investigation and evaluation of the impacts of the proposals related with the Golden Horn Cultural Valley Project on Galata area

Bu çalışma; “Kültür Vadisi” olarak tanımlanmış olan Haliç ve çevresinin temizlenerek, tarihi ve doğal değerleri ile birlikte yeniden kültürel ve sosyal

INDEX Usp 39

Guaifenesin and codeine phosphate oral, Neomycin and polymyxin B sulfates and Potassium gluconate and potassium citrate. 4165 gramicidin ophthalmic, 5034

Improving 7-Day Forecast Skill by Assimilation of Retrieved AIRS Temperature Profiles

Global mean 7-day forecast skill is improved over the Control by four hours by assimilation of AIRS QC'd values of T(p) without radiosonde or aircraft temperatures.. Joel Susskind

The Comparison between the Modern Science of Plants and KāLidāSa s Plants

If the plant has one seed leaf it is called Monocots otherwise the two or more seed leaf plant is called Dicots The plants mentioned in Sanskrit works are also the subjects of

he applicant, H&S Rogers, LLC, is seeking a Permit of Approval (POA) for the purpose of

The application DOES MEET the statutory requirements for the Population based Methodology for issuance of a Permit of Approval to construct a new seventy (70) bed nursing home

Oregon Needs Stronger Leadership, Sustained Focus to Improve Delinquent Debt Collection

In addition to reporting, we also focused on “assignment” of debt, accounts sent by agencies to private collection firms or the Other Agency Accounts unit (OAA) at the Department