A CMO’s Guide to Managing Cloud Apps

January 10th, 2013   |     |  Smarter Identity

Almost every marketing department uses cloud applications as well as services from public Web sites that offer a variety of login methods. Cloud-based identity management is a great way to secure these applications and partner with IT, but without slowing down your ability to get work done quickly.

It takes a village to run a marketing department—a village that often includes employees, agencies, clients, freelance designers, and optimization experts.

It also takes a village of cloud apps. If you’ve launched a Web site in the past two years, then you know what I’m talking about. I was recently charged with the relaunch of our own Web site, and I was struck by the number of cloud apps we leveraged—17—to create and run the new site.

These apps are fantastic. Managing usernames and passwords for them is not—especially when you have a distributed team of both internal and external “villagers.” Yet for most of us, handing over the security and administration of these services to central IT is not an option. We’ve grown accustomed to the freedom and agility that comes with having direct control over the procurement and management of our marketing applications. However, with that freedom and agility also comes increased responsibility.

Cloud Application Security Is A Shared Responsibility

We understand that when employees join our marketing team, central IT assigns them email addresses and login credentials to the company’s core business applications. The new employee uses the corporate email address to sign into various systems, such as email, the CRM application, and file sharing. It’s well-understood that when the individual’s employment ends, the organization must have access to and control over the data produced by the employee, while ensuring that he or she can no longer access the data.

The ability to use a single set of credentials to sign into multiple applications is known as single sign-on (SSO), which is often a function of a larger corporate system called identity management. Identity management software is used to manage authorization and privileges across applications.

Identity management used to be the purview of only large companies, but just as marketing departments now procure and run their own applications instead of relying heavily on IT, they are also playing a larger role in the administration and security of these same applications.

The challenge for marketing is that many of the cloud applications we use to get our jobs done fall outside of IT’s identity management infrastructure. It’s not IT’s fault. Traditional on-premise identity management systems were never intended to handle today’s burgeoning number of cloud applications. Furthermore, IT may not even be aware of all of the applications we use on a daily basis to run our department. However, as senior executives we must take responsibility in understanding the risks and taking the appropriate steps to secure these applications.

Signs Your New Cloud Apps Are Putting Your Marketing Department At Risk

This past summer, Mashable reported that the Facebook Pages of the New York Yankees and eight other MLB teams had been hacked. Embarrassing posts, such as the one from the San Diego Padres page saying that handicap attendance at Petco Park was “STRONGLY DISCOURAGED,” are a CMO’s worst nightmare. It turned out that the MLB gave many employees access to the company’s social-media accounts without much oversight.

Is your marketing department at risk in the way it uses cloud applications? If any of these five signs apply to your internal or external marketing department, then you could be at risk for an embarrassing situation or, worse, a security breach. Watch out if your employees:

    1. Use the same password for all applications and never change them.
    1. Manage passwords in spreadsheets or on sticky notes.
    1. Can still access your data after employee no longer work for you.
    1. Forgets usernames and passwords on a daily basis.
    1. Shares and never changes passwords for applications, such as Twitter, Facebook, and LinkedIn.

Most companies use Microsoft Active Directory or LDAP as well as an on-premise identity management system to manage users and application access. One of the main benefits of these systems is that they can help enforce good password hygiene or eliminate the use of passwords with an SSO protocol, such as SAML. SAML uses digital certificates to authenticate users and is supported by many cloud applications. There are also free SAML plug-ins available for most of the open-source content management systems, including Drupal, Joomla, and WordPress.

However, as previously mentioned, your existing on-premise infrastructure may not provide your marketing department with the agility, coverage, or provisioning requirements needed for all of your apps. The good news is that there are now cloud-based identity management systems that can provide marketing with the best of both worlds—a fast way to secure all our marketing applications, but without ceding control to central IT.

A cloud-based identity management solution gives you complete flexibility on how you want to manage cloud-app access without having to modify or adhere to your on-premise security model. For example, let’s say we have an external graphic designer. If he were an internal employee, then he might belong to the marketing group in Active Directory. However, we want the contractor to have access only to a subset of the internal marketing team’s applications. Furthermore, we want to impose stricter security policies for outside consultants than we would for regular employees. Rather than having to modify Active Directory and create a new permission structure that supports this requirement, a nontechnical administrator with your marketing department can do this directly in the cloud-based identity management system—outside of Active Directory. This has tremendous implications for providing marketing with the ability to be both agile and secure.

As we embarked on our own Web site relaunch project, we created a “Web site” role within our cloud-based identity management solution, and provided team members with one-click access to the services they needed to build our new site.


Almost every marketing department uses cloud applications as well as services from public Web sites that offer a variety of login methods. Cloud-based identity management is a great way to secure these applications and partner with IT, but without slowing down your ability to get work done quickly.

About the Author

Elias Terman is a seasoned product and marketing leader with over 20 years of technology marketing experience including IT Security, enterprise software, and SaaS startups in the U.S. and abroad. Prior to OneLogin, he ran product marketing for SnapLogic, where he helped establish them as the leading independent cloud integration vendor. At OneLogin, He is responsible for product and partner marketing, as well as press and analyst relations.

View all posts by Elias Terman

Secure All Your Apps, Users, and Devices