I have to share an inspiring IT-marketing experience with you.
I’ve advocated before that IT doesn’t need to own and implement all technology in an organization in order to provide valuable guidance and oversight. Instead, the CIO can provide governance on independently operated technology projects much in the same way that the CFO provides financial governance for other departments — while still letting those groups wield their budgets without micromanagement.
Or, more broadly, how the Board of Directors of a company provides corporate governance on behalf of the shareholders — while still letting the CEO run the organization with a minimum of interference.
But would, could such utopia — marketers running their own technology projects with IT simply providing useful governance — actually exist in the real world?
Yes, it can. Because I just witnessed it first-hand.
Although I cannot reveal the specific company involved, I recently worked with a large, financial industry customer that had just subscribed to my company’s post-click marketing SaaS platform. The purchase was made directly by marketing, to enable them to create new digital marketing campaigns and optimization programs — outside of the company’s own IT department.
However, being a large, financial industry firm, it’s important for the organization to be secure and compliant with all relevant regulations when it comes to data collection and information publishing. So, a member of the company’s information security team intervened to review.
We’re from the government and we’re here to help
Now, many marketers shudder when they hear the phrase “IT review” because it sometimes seems like code for “the option for IT to unilaterally kill any project they disagree with.” It often comes across as a process of erecting barriers rather than a way of overcoming them — some impenetrable blend of CYA and NIH.
But that was not what happened in this case.
The company’s information security analyst started with their boilerplate list of review questions and topics — many of which were not applicable to our particular application. Uh-oh.
But whereas others might have stonewalled there and balked at any contextual subtlety (“one policy to rule them all!”), this analyst was genuinely eager to understand the nature of our software and how the marketer was going to actually use it. He quickly adjusted his questions — throwing out irrelevant ones, clarifying others — and then tailored a suite of software and network scans accordingly.
Yes, you can be secure and competitive
At every step, he described their rationale and invited discussion for ways we could address their objectives in ways that made sense in context. Sometimes the answers were simply choices of how the marketer would want to use our software. Not everything was black-and-white: risk management is inherently a matter of degree, balancing several competing trade-offs. (Hey, for maximum security a company can shut down all Internet access entirely — but that’s going to have a few deleterious side effects on their business…) This analyst proactively worked to find the ideal balance for this specific project.
Throughout the process, he was thorough, efficient, and responsive. Most of all, his approach was a positive one — his default position on any concern was how to find a workable solution and to meet the needs of the marketer.
In the end, the marketer launched with our software quickly, adopting several good suggestions on operational parameters. We took away several great recommendations on how to make our platform better suited to more regulated environments, which we’re currently adding to our product.
The whole process went incredibly smoothly and it achieved three huge benefits for them:
- It got the marketer up and running quickly with the application of their choice.
- It assured the company that there were no immediate security risks in doing so.
- It positively influenced the vendor’s (our) development agenda moving forward.
As far as I’m concerned, this experience is now my gold standard for IT governance of independent marketing technology.