About Us Membership Resources OTA Members Login

Anti-Malvertising  l   Data Breach   l   DNSSEC  l   Email Authentication    I    EV SSL Certs   l    Messaging Ecosystem Security 

SECURITY BY DESIGN

Security by Design Guidelines (PDF)        Press Release        Supporting Organizations        Top 20 Questions        Resources   

Supporting the OTA "Security by Design" initiative is a broad range of industry and business leaders who share a belief in the need for increased security and data stewardship.  Committee members include American Greetings Interactive, Anti-Phishing Working Group, Campaigner, Constant Contact, Cypra Media, Datran Media, Delivera, DigiCert*, eCert, e-dialog, Epsilon, Exact Target, FedEx, GetResponse, Iconix, Internet Identity, Intersections*, LashBack, MailChimp, MarkMonitor*, Marketo, Message Systems*, Microsoft, National Cyber Forensics & Training Alliance, PayPal*, Publishers Clearing House*, Return Path*, The Relevancy Group, Responsys, Reputy, QuePasa, Secunia, SilverPop, SimplyCast, Stopbadware.com, SubscriberMail, Symantec*, TRUSTe*, TrustSphere*, WhatCounts and Zynga.   * OTA Board member.

"As spear phishing and other forms of cybercrime continue to grow, now more than ever we need to apply security best practices.  Businesses and consumers depend on email as a form or reliable and trusted communications and the recent breaches targeting email marketers significantly undermine online trust.  OTA’s “Security by Design” initiative and guidelines represents a significant step toward hardening defenses, David Jevans, Chairman Anti-Phishing Working Group, and CEO IronKey.

“At Constant Contact, helping our small business and organization customers find success is our greatest priority. They are just as vulnerable to data theft and infrastructure breach as big corporations, and we’re dedicated to keeping their data safe and secure. We’re proud to support the OTA’s “Security by Design Framework,” and applaud the efforts by OTA members to protect their own networks and promote best practices throughout the industry.”  Sam Silberman, Director of Standards, Constant Contact.

“We are proud to once again join OTA and fellow leaders across the industry in an effort to advance the integrated technology, business and legal best practices required to best protect data and improve online trust.” said Tony D’Anna, President of Datran Media’s digital marketing technology and compliance businesses.

"The email industry came together in the mid-2000's to debate, define and implement authentication standards. At the same time, online marketers were educated on the need for best practices in email, reinforced by the deployment of reputation systems. Unfortunately, all this hard work done to ensure the viability and trustworthiness of email as a commercial medium is threatened today by something we in the industry control - the physical and online security of our systems and business processes. It's imperative we come together and define the minimum acceptable security standards for our industry - before we lose the trust of consumers. The OTA Security by Design guidelines serve as a critical tool to spur dialog.  Now is the time to review your security standards and practices!", said Des Cahill, CEO Element Group

"It is more important than ever to restore trust to online communications. eCert is proud to work with OTA in developing these important security best practices to help prevent wide-scale attacks and keep consumers safe and secure. With our front line experience working with leading financial institutions, we are pleased to be able to help companies leverage authentication capabilities to stop phishing emails before they reach their customers and employees," said Kelly Wanser, CEO of eCert.

"Epsilon strongly supports the OTA guidelines around data security.  Having reviewed those standards before they were released publicly, we find ourselves aligned with the concept of integrating privacy into every stage of product development, and, more importantly, we support the fluid vision of privacy that OTA puts forth—privacy must adjust to the evolving threats and companies must constantly re-evaluate how they treat consumer data, how long data is maintained, and what security safeguards should be put in place given the market realities.   The OTA privacy standards go beyond what we believe will be the legal requirements, and this is something Epsilon will embody."

"Trust is the lifeblood of our business and we work hard every day to keep our customers' data safe and secure. With rampant breaches threatening the industry, email security is now more important than ever before. For too long this industry has considered spam as its only threat, while neglecting other security aspects. GetResponse is proud to work with OTA and to support the "Security by Design" initiative. This framework paves the way for safer and more secure email marketing" said Simon Grabowski, CEO of GetResponse.

“While many organizations believe the biggest security risks hide behind the firewall, they really exist ‘out there’ with the hundreds of partners that enterprises do business with everyday,” said IID (Internet Identity) President and CTO Rod Rasmussen. "With the Security By Design Framework, the OTA is taking an important step to help organizations protect against Internet assaults aimed at their extended enterprise."

“These email security threats underscore that we are at risk.  Our job at Lashback is to build technologies that allow responsible marketers to proactively enforce consumer safety through email compliance.  Data stewardship is the essence of sustainable commerce.  OTA’s efforts to bring the industry and business community together is a significant step which benefits both consumers as well as the email marketing industry that services them.  Organizations that fail to protect the customers whom have entrusted their data with them are doing a disservice to their industry and to the reputation of their brand” said LashBack CEO, Brandon Phillips

"It's incumbent upon all service providers — email or otherwise — to protect the information of customers and partners as if it were their own.  Marketo makes significant investments in dedicated personnel, leading-edge technology and third-party assessments to safeguard our customers. We're glad the OTA has put together this forum for some of the best experts in the industry to share best practices and improve the industry as a whole”, said Josh Aberant, Director of Privacy, Marketo.

“Trust is at the cornerstone of our business.  While starting with the trust customers place in us, it extends to every interaction we have with each other as well.  So regardless of our role in the messaging ecosystem, we all have a contribution to make and a stake in the outcome of proving ourselves to be good custodians of customer data. As a messaging technology leader, we’re actively participating in this OTA initiative and encourage others to do the same,” said Dave Lewis, Chief Marketing Officer, Message Systems.

"As marketers are increasingly collecting sensitive and personal data, 'security by design' needs to become part of the industry’s DNA for every new service, feature and process,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance.  "This collaborative effort demonstrates a commitment to online trust and confidence and the vitality of the internet.  The willingness of businesses to make systemic changes while recognizing their role as data stewards, demonstrates leadership and a commitment to self-regulation.  We call on all organizations to embrace these efforts and help put trust back in email."

"As an online marketer, threats to the trust in email channel are of great concern. Consumer trust in the email channel is critical to continued success of the channel. It is vitally important to the viability of the channel to restore and maintain trust. It is incumbent on all involved in the online ecosystem, Marketers and service providers alike need to take responsibility  for the data that is collected and treat it like the precious commodity that it is. The concepts and steps laid out by OTA is a good foundation for businesses to work with as they assess their own data security needs. The recent data breaches underscore the need to make this an important initiative for 2011 and beyond not only for technology teams, but business leaders as well", Sal Tripi, Sr. Director of Operations, Privacy and Compliance, Publishers Clearing House

The concept of "Building Security In" is one that marketers and brands of all verticals must address at the core of their operations.  This includes ensuring the security of public facing applications and servers.  Businesses of any size need to build a strong internal security posture through adoption of best practices and regular, reinforced employee and user education.  Participating in collaborative efforts to establish best practices gives companies additional frameworks to fortify their infrastructure, better protect their brand and even the perception of their collective industry”, said Sam Masiello, Chief Security Officer & General Manager, Anti-Phishing Services, Return Path

“The Security by Design Framework transcends technology and requires that all organizations foster collaboration within their corporate and partner ecosystem.  By adopting these best practices, organizations will not just challenge their own security constructs but also ensure that prospective vendors and partners are adhering to the same high standards,” said David Daniels, CEO and Co-Founder of The Relevancy Group.

"Information security is a shared responsibility," said Maxim Weinstein, executive director of StopBadware. "These best practices will help the email marketing community understand the part they can—and should—play to strengthen the security of the ecosystem."

Symantec Blog >

"Trust is critical to ensuring the vitality of online services. Without consumer and business trust in such services, the underlying infrastructure itself becomes meaningless.  Those of us who have responsibility for online infrastructure have an obligation to secure and protect the data and technology which underpin it.   Building a secure environment rarely occurs by accident, rather it is generally built by design.  OTA’s guidelines represent a significant step to achieving this goal.  Proactively ensuring security simply cannot be overstated. This applies to all organizations involved in delivering the online ecosystem", Manish Goel, Chairman OTA, CEO TrustSphere. 

 

 

 

 

 

 

Revised April 20, 2011