Sie sind auf Seite 1von 12


Helping Marketing to Securely Leverage Social Media | August 2012

the power of
social media
Jrgen Schulze
Chris Wraight

CA Technologies, Security Management

made possible

Helping Marketing to Securely Leverage Social Media

table of contents
executive summary

SECTION 1: Challenge
Safely converting social media users

SECTION 2: Opportunity
Working with marketing, not against them

SECTION 3: Benefits
Single sign-on and federation enables
the conversion



About the authors


Helping Marketing to Securely Leverage Social Media

executive summary
The explosion of social media in recent years means that there are millions of users or fans to reach
and attempt to convert to paying customers. The issue is that information about these fans resides
with the social media sites, preventing your marketing department from efficiently and effectively
marketing to them. Organizations want to safely and securely convert these fans to their systems
and have a better opportunity to convert them to their own customers.

Your marketing department wants to leverage social media fans as a means to grow your organizations
revenue. In order to do so they will be purchasing technology to facilitate this. Yet there is risk that
they may not be aware of, in the form of regulations such as those that relate to data privacy. This
white paper will help you understand marketings challenge and put you in a position to proactively
support marketings desire to convert their social media fans to your own systems and transform them
into customers.

By being proactive and working with the marketing department to enable them to securely and easily
register social media users in their system, you will potentially be in a position to positively influence
revenue growth. In addition, you will help IT turn around marketings traditional perception of IT as a
naysayer. And, this will be accomplished with the ability to meet your objectives, such as conforming
to data privacy laws.

Helping Marketing to Securely Leverage Social Media

Section 1: Challenge

Safely converting social media users

What is a car?
4 wheels
An engine
Gets a person from A to B
With dry head and feet
Everything else is emotion
Emotions and a feeling of status dont come overnight. The process to reach out to consumers, to
emotionalize them and to convert emotions into something that can be measured (such as a purchase
decision) has reached both new heights as well as a new degree of complexity thanks to the advent of
social media. Social media represents a new way of doing business, and requires methods unthoughtof in the old analog times.
Just one year ago, Because everyone else is doing it was probably the worst of all answers to the
question Why do you do social media? Today, this answer is spot on. The question is not whether or
not; it is when? and how? With Facebook sitting on a cash reserve of nearly $US8b after the
largest IPO in years, there is a lot of noise in this space to be expected in the near future. Facebook will
be increasing their marketing activities to grow their user base (currently at nearly 1 billion users).
Organizations need be in a position to leverage Facebooks (and other social media sites) user growth.
Also, in short order the younger generation, which has been indoctrinated to spend their life in the
social Web, will reach an age where companies have to build brand awareness with them. The social
Web is now an important part of a mix of communication/interaction channels that has to be
maintained in order to keep present and future consumers close.
Your marketing department wants to leverage social media fans as a means to grow your
organizations revenue. Yet there is risk that they may not be aware of, in the form of regulations such
as those that relate to data privacy. This white paper will help you understand the forces driving
marketings initiative and put you in a position to proactively support marketings desire to convert
their social media fans to your own systems and convert them to customers.
Marketing Wants to Own Social Media Customers
To socialize future clients with a brand, load them with emotions in daily life and be with them beyond
the sale was unthinkable only ten years ago. Now, your organization may have millions of social media
fans. While an impressive accomplishment, the fact is that information about those fans does not
belong to your organization. Instead, this information is the property of a third party and this makes it
extremely difficult, if not impossible, for your marketing department to efficiently reach them and
conduct its own custom marketing. Thus, your marketing department wants to bring those fans from
the third-party social media system to their own.

Helping Marketing to Securely Leverage Social Media

The following diagram outlines the business process:

Figure A.
The marketing social
media cycle.

1. Social Web. Based upon the initial social media analysis, a presence will be built in selected
(social) networks in order to create a relevant base of fans. These fans will Like your company/
product and help to spread the word.
However, your organizations access to these fans personal information will be controlled by the
social media host where they reside; your marketing department wont be able to access and use
the information. Other than distributing generic information, e.g. about a new product, the ability
to market to these fans on a personal level is non-existent.
2. Own Ecosystem. By moving the fans into your own ecosystem (i.e. a CRM system) your marketing
department can now build a more targeted and meaningful relationship with your fans. However,
you are now responsible for safeguarding their personal data. And, this conversion must be easy
for the fans, or else they will abandon you.
3. Marketing Automation. For example, marketing could create a campaign supporting the launch
of a new product; by finding fans in your system that meet a certain demographic (e.g. income,
geographic area, have liked a product), they could specifically target a set of fans that they
believe would be the most likely to purchase.
4. $. Greater control of the fans information allows the creation and execution of more effective
marketing programs, which in turn leads to revenue growth.

Helping Marketing to Securely Leverage Social Media

Seamless conversion

Figure B.
Customers dont want
to fill out information

Several years of Web marketing has taught marketing departments to recognize the importance of
making the online user experience as easy as possible. Especially in social media, user experience
is crucial to eliminate dropout rates and improve user experience. Your organizations marketing
department will probably know that as they attempt to convert their fans from the third party social
media site to their own, they cannot force them to login multiple times, or fill out several forms with
the same information. If they do, those fans will probably stop their efforts and then your organization
will not have their information. And this inconvenience cannot be present if they do successfully
register with your organization; it needs to continue should they become a paying customer and
frequently return.

Helping Marketing to Securely Leverage Social Media

Section 2: Opportunity

Working with marketing, not against them

Figure C.
Marketing controls
the budget for over
a third of marketing
Gartner, Inc.,
Maverick Research:
Marketing Is the New
IT Buying Powerhouse
Laura McLellan,
7 October 2011

It is likely that your organizations marketing department might obtain software on their own that
would facilitate the conversion of their fans to their own marketing system. In fact, as seen by the
chart in Figure C, marketing controls the budget for over a third of marketing technology. However, it is
also very likely that they would do this on their own, without IT involvement, and this has the potential
for catastrophe. There are limitations that were unthinkable ten years ago. Regulations, advertising
rules, various data privacy acts, cookie laws, just to name a few. Security solutions should not prevent
this process, but rather, enable it.

Helping Marketing to Securely Leverage Social Media

The reason that marketing chooses to work on their own is their negative perception of IT. As seen
in Figure D, to marketing, IT is an Expense, Moves Slowly, Says No, and Prefers Stability. In
contrast, marketing is driven by Revenue, Moves Fast, and Says Yes while Embracing Change.

Figure D.
Example of
marketings perception
of it and marketing
Gartner, Inc.,
Maverick Research:
Marketing Is the New
IT Buying Powerhouse
Laura McLellan,
7 October 2011

This is an area where IT has an outstanding opportunity to be seen as a hero by proactively assisting
marketing, supporting their business objectives, and helping grow revenue by bringing a proven
solution to the table. And this can be accomplished while meeting its security needs (i.e. protecting
consumer data).

Section 3: Benefits

Single sign-on and federation enables the conversion

Securely converting existing fans from a social media platform to your organizations marketing system
delivers extra value and at the same time prevents dropout rates in a business workflow. Software to
do this has been around for several years, referred to as single sign-on (SSO) software. However, as
user needs expanded to include securely interacting w/ partners, applications, and a desire to utilize
social media user identities on other sites, the need for federation software also arose.

Helping Marketing to Securely Leverage Social Media

There are multiple open standards that social identity providers and applications are using. From social
identity providers, OpenID and OAuth are the most dominant standards. And OpenID Connect is a
potential future-looking standard in the same space. From the application side, it is usually, SAML,
sometimes WS-Fed, but in many cases the application development teams just like to trust HTTP
headers and cookies.
Because there are so many options, different implementations, different development environments,
and different providers, this is a complex problem to solve and you should look for a reliable, secure
middleware product that can shield you from all the complexity of open standards and help you deliver
to your marketing department and business owners easy access to what they need. This includes
personal information about the fans, regardless if they register to the site directly, or use their Google
ID or Facebook ID.
Putting It to Work:
As an example a car vendor can use SSO features for a fans secure use of their Facebook login
credential to register directly with the car vendor and provide additional critical demographic
information. With that information in hand, the car vendor can put a marketing program together
to support the launch of a new model.
They first might want to look through their database of millions of fans and create a target profile for
a certain geographic area: Suppose they are looking for potential customers with household income of
greater than /$150,000, no children, age greater than 45, and has Liked early news stories about the
new model. They can then conduct a test drive marketing campaign directly to those users that meet
the ideal profile.
For example, they might email out an offer that consists of Dear Ms. Smith, I see you have liked our
new model during its announcement. I am pleased to inform you that it is now available in dealer
showrooms. Would you like to schedule a test drive at the dealer Forward, Inc.? They are only ten
kilometers/miles from you. Please click here to set up your time.
If the fans are interested they come to the car vendors site and login with their social media
credentials, i.e. Facebook. By using SSO and federation software, they will be able to securely link to
partner sites such as a marketing company that is managing the registrations for the test drive, link to
their nearest dealer, and further along the buying process, to an online configurator, and perhaps even
a financing company if they decided to purchase the car.
In all cases the user will not be presented with an extra login screen to interact. If there is a stored SSO
cookie saved on the users application, the user will be able to login the next time without having to fill
in their username and password again. It should not make a difference which social media platform
the user uses, instead, a solution like CA SiteMinder and CA SiteMinder Federation that supports open
standards is capable of coping with multiple domains in the same logon ticket. If your organization
is using a different application for Customer Relationship Management (CRM) data and the fan orders
a test drive, say on the marketing companys website, CA SiteMinder will protect all connected Web
resources and through SSO you would be able to display different datasets to the users browser or
mobile application.

Helping Marketing to Securely Leverage Social Media

Now, having your business processes in place, the CRM system will provide the users data set to the
registrants and dealers application. The dealer can react immediately on the users request in a
relevant way and this application can post a confirmation of the test ride to Facebook. Additionally,
all this activity is updated in the marketing departments system profile of the user.
And it doesnt stop there. Once they become a customer, they can continue to use their social media
credentials to make service appointments and other types of business. It is this type of complex
interaction that CA SiteMinder has the ability to support in an easy-to-use fashion for both the end
user as well as the IT administrator.
In addition, CA SiteMinder helps you to meet your security requirements and comply w/ regulations
like data privacy laws and helps prevent outright theft of user information. Its centralized management
and built-in logging and reporting make it easy to generate proof of compliance.
Other security needs:
Data privacy laws are not the only regulations you must comply with. PCI, ISO 27002, and Sarbanes
Oxley are also applicable and require your compliance. In addition to SSO, you should also consider the
use of advanced authentication to verify the users are who they say they are which will help to avoid
data breaches. Due to the fact that consumers are accessing the Web from mobile devices and any
location, there may be a need to verify their identity. CA AuthMinder and CA RiskMinder are two
solutions that address this need. Integration between CA RiskMinder and CA SiteMinder exists that
passes a risk score from CA RiskMinder to CA SiteMinder.

Figure E.
Use the appropriate
consumer identity


Helping Marketing to Securely Leverage Social Media

Regulations also exist to ensure that privileged users dont gain unauthorized access to private
consumer data. Typically, these users are difficult to control as they need unfettered access to do their
job. However, CA ControlMinder excels at controlling these privileged users, while allowing them the
access they need to execute their tasks.
Access and usage of the data itself must also be controlled. CA DataMinder can do this, by classifying
the type of data, and then determining who has access, and what they are allowed to do with the data.

Section 4:

By understanding the need to securely convert social media fans to your organizations systems,
you can proactively reach out to marketing and suggest a secure SSO solution to accomplish this.
This support of marketing will help to dispel marketings negative perception of IT, as an obstacle.
Instead, IT will be viewed as a hero, a partner, for helping meet marketings business objectives.
You avoid marketing implementing rogue technology that could jeopardize your organizations
compliance with data privacy laws and other regulations.
You should seek a solution that can implement complex open standards for allowing the use of social
media identity providers and maintain compatibility while shielding your staff from the need to
understand the technical details of these open standards. This can then help speed application
development and deployment as well as make ongoing maintenance less onerous.
For more information about CA SiteMinder and CA SiteMinder Federation as well as other
CA Technologies security solutions please visit


Helping Marketing to Securely Leverage Social Media

Section 5:

About the authors

Jrgen Schulze has spent 28 years in the information technology world in various international
management positions in channel marketing, product marketing, business development and strategic
sales; during the last ten years with a strong focus on IT security. In the past four years, he has
dedicated significant efforts to all aspects of social media in the business space, with a strong focus
on use cases, monetization, information security and privacy protection. At CA Technologies, hes
a Director for Security Solution Sales, EMEA.
Chris Wraight has spent 30 years in the technology world in various positions of product management,
product marketing, channel marketing, and sales. At CA Technologies, his roles have included CA threat
product marketing, sales enablement best practices, and CA Access Control product marketing. He is
currently responsible for CA SiteMinder in the Security Solutions CSU. Chris has a B.S. in Management
with Computer Applications from WPI.

CA Technologies (NASDAQ: CA) provides IT management solutions that help

customers manage and secure complex IT environments to support agile
business services. Organizations leverage CA Technologies software and
SaaS solutions to accelerate innovation, transform infrastructure and secure
data and identities, from the data center to the cloud. Learn more about
CA Technologies at

Copyright 2012 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective
companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the
information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation,
any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage,
direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is
expressly advised in advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any software product
referenced herein serves as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive,
standard, policy, administrative order, executive order, and so on (collectively, Laws)) referenced herein or any contract obligations with any third
parties. You should consult with competent legal counsel regarding any such Laws or contract obligations.