Companies that rely on the Internet and have access to any sort of customer information are routinely targeted by cybercriminals. The integrity and security of our clients' data is incredibly important to us as we know it is important to the success of their business.
To stay ahead of new threats, IBM Marketing Cloud is constantly evaluating and improving our applications, systems and processes. Our commitment to security involves a multifaceted approach to mitigate risk and maximize security in support of data privacy and business continuity.
Security Team and Operations Center
The IBM Marketing Cloud Security Team consists of a group of highly skilled security professionals who are leading the industry with the breadth and depth of their experience. Additionally, IBM Marketing Cloud maintains a Security Operations Center, providing 24x7 security monitoring and support throughout the organization.
IBM Marketing Cloud has powerful client security controls, including those that allow clients to do the following:
- Specify the IP addresses individual users are allowed to log in from
- IP address validation
- User-level IP address restriction
- Organizational-level IP address restriction
- Control user actions post-login with multiple permission levels, including:
- User interface access rights
- API access rights
- Individual access rights (add/update/delete contacts, export lists, etc.)
- Functional access rights (send mailings, view reports, administrative, etc.)
- File/Folder access rights
- Database access rights
- Configure password settings to mirror each client's own corporate security practices
- Require multi-factor authentication before granting user access to data
Application Security is also addressed by keeping client data isolated to its own database and separate from the application, providing an audit trail of user actions performed on the system and encrypting passwords.
Additional Security Measures
Additionally, IBM Marketing Cloud has implemented security measures outside of the application specifically designed to prevent unauthorized access to the application and to client data. Additional security controls are implemented under the following categories:
- Secure Architecture: The IBM Marketing Cloud enterprise network uses primarily Cisco and F5 networking equipment. Networking equipment is configured consistent with the manufacturers' best practices for operational stability and security. All networking equipment is owned and operated by IBM Marketing Cloud.
- Secure Transmissions and Sessions: Connection to the IBM Marketing Cloud environment is via SSL 3.0/TLS 1.0 ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login and two-factor authentication required for all communications with IBM Marketing Cloud data centers. We also restrict organizational-level access by IP address and SFTP and 128-bit encryption for FTP file transfers with additional VPN and PGP encryption protection available.
- Network Protection: Perimeter firewalls and edge routers block unused protocols and internal firewalls segregate traffic between the application and database tiers. Intrusion prevention and detection sensors report events to a security event management system for logging, alerts, and reports and internal access control lists segregate traffic between the application and database tiers. A third-party service provider regularly scans the network externally.
- Internal and Third-Party Testing Assessments: IBM Marketing Cloud tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly.
- Monitoring: Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.
- Data Centers: Our service is collocated in dedicated spaces at top-tier data centers.
- Disaster Recovery: IBM Marketing Cloud performs cross data center replication for disaster recovery. Data is transmitted across encrypted links and disaster recovery tests verify our projected recovery times and the integrity of client data.
- Backups: All data is backed up to disk at each data center on a rotating schedule of incremental and full backups. Data is replicated to other data centers via an encrypted tunnel.
- Regulatory Compliance: IBM Marketing Cloud has Safe Harbor certification, and our data center providers have annual SAS70 Type II audits.
More detailed information can be found in our Engage Security Data Sheet.