Customer data platforms step up to the challenge of cyber crime
We’ll send you a myFT Daily Digest email rounding up the latest Big Data news every morning.
Understanding customers’ needs has been a challenge for businesses since the dawn of commerce. Covid restrictions, at least, made obvious their growing desire for digital transactions. But this shift means companies must now replace existing customer relationship management software with something that can handle multichannel online interactions.
Many companies have chosen to replace or supplement their existing systems with customer data platforms, which enable them to automatically collect data from any “touchpoint” — including social media, company websites, email and text messages.
This has led to the rise of platforms such as Twilio Segment, which is now used by more than 20,000 businesses, including Levi’s, IBM, and Fox.
These platforms, which give companies a single repository of customer data, use artificial intelligence and data analytics to help companies understand their customers, acquire new ones and carry out personalised marketing.
The technology can also make it easier to manage customer data and privacy preferences.
“If you know where . . . [customer] data is, you’re one step ahead of a lot of companies,” says Sheryl Kingstone, research director specialising in customer experience at the advisory firm 451 Research. “Many companies don’t even know where all their customer data is.”
But the consolidation of data — including names, addresses, financial data and contact details — creates a tempting target for hackers.
“If you put all your data in one place, then that becomes a very lucrative target for cyber criminals, for economic disruption or theft for monetisation,” says Duncan Brown, vice-president of enterprise research, Europe, at research company IDC. “[Customer data platforms] are essentially banks for data.”
Security threats can include “phishing” — whereby cyber criminals pose as legitimate organisations to trick consumers into disclosing passwords and payment details — and “ransomware” attacks, which involve the use of “malware” to encrypt data and then hold the data owners to ransom.
Ransomware is now increasingly being used against retailers, according to research from software company Sophos.
Even if the information on a customer data platform is anonymised, it may not be safe. Skilled cyber criminals may be able to piece together connections within large amounts of anonymised data — for example, using postcodes, medical and financial records and voting preferences — to “re-identify” an individual or, narrow it down to about five people, warns Brown.
However, the companies using customer data platforms say they strengthen, rather than weaken, their cyber security.
Gap, the US clothing retailer, says it is using an unnamed data platform as a “central repository for business data”, for marketing, demand forecasting, and making its supply chain more efficient.
A company spokeswoman explains that it employs “access management” — technology that restricts access to an IT system — as well as encryption and anonymised data to protect its platform from cyber threats, thereby reducing the overall cyber security risks.
In the UK, Jardine Motors Group, a luxury car dealership with more than 2,700 employees, is using a customer data platform from Informatica as part of a digital transformation programme.
Alex Brown, the company’s head of digital marketing and transformation, says it can control employees’ access to customer data stored on the platform and keep an audit trail of changes made to that data.
Cyber risks can be further reduced if companies store most of their customer data in a vast cloud-based data warehouse, according to Tom Strachan, senior vice-president of sales and marketing at Lytics, a platform supplier. Such facilities are supplied by companies including Google and Amazon.
Under this arrangement, a platform can send a query to the data warehouse — for example, “tell me which customers bought a blue cycle helmet in the past 30 days” — which will extract the relevant anonymised and encrypted customer details, including a “hashed” customer email.
This information is added to a customer profile in the customer data platform and, using separate software, used to generate personalised offers and marketing campaigns.
However, regardless of how much data a platform stores, its security will only be as strong as the other IT systems it connects to, experts point out.
“The real challenge around cyber security . . . is that [it] is quite difficult to get right,” says Frank Ford, head of the global cyber security practice at Bain & Company, a consultancy. “The overall level of cyber security across industry is generally not good.”
Security could be further tested by a rapid rise in internet-connected devices, the so-called “Internet of Things”. Machine-to-machine communication, including interaction with a customer data platform, could be hard to monitor and police, experts say.
“How do you know [if an] application . . . is authorised to view this customer data and — more importantly — what parts of the data can it access?” says Bharat Mistry, technical director, UK and Ireland at Trend Micro, which provides cyber security technology and services.
Experts advise companies to follow best practice in information security, including the “security by design” concept — using software and hardware that is designed to be secure and whose security is tested during and after an installation. They also recommend monitoring technology to flag suspicious activity — such as an employee extracting a large amount of customer data from the platform outside of normal office hours.
“Build a profile of what a typical user does with their [customer] data,” advises Peter Gooch, a partner in cyber risk services at Deloitte, a consultancy.
To maximise the marketing benefits of customer data platforms without jeopardising highly sensitive information, most companies will need to install additional safeguards and review their overall cyber security, advisers add.
“Think of it like Lego building blocks,” says Mistry. “The [customer data platform] is almost like a house that’s already been built for you. What you have to think about now is the . . . fence and the gate and the door lock before you get to the house.”