Media Trust CEO: Most of what happens on your web site is not controlled by you
And this third-party code, says Chris Olson, results in dozens of cookies for each user, security vulnerabilities and performance hits.
“Most companies are still afraid of everyone’s web site but their own.”
In other words, The Media Trust CEO Chris Olson told me recently, most brands are focused on competitors’ threats, when they should first be looking at the threats in their own sites and apps.
The upcoming General Data Protection Regulation (GDPR), he added, will show them that they “have to be afraid of their own assets.”
His company helps web sites and app publishers with ad verification and regulatory compliance. To do that, The Media Trust pulls back the curtain and lets publishers see the dozens, if not hundreds, of third-party software programs that are running in their properties.
This includes cloud-based content management systems, ad platforms, tag management systems, personalization services, analytics vendors, geolocation providers and so on. And those services are calling other services.
Olson estimates that perhaps only ten percent of the code that renders on a typical brand’s site was actually developed by that brand. The rest is third-party.
‘Haven’t really known you’
New clients are often entirely focused on their own code and the resulting data, he said, until The Media Trust shows how many third-party providers are living in their houses, so to speak.
With so many outsiders in your property, Olson noted that GDPR compliance needs to take into account whether those vendors are compliant. And the same for compliance with HIPPA or COPPA, or for protecting against malware and bots.
Most of the regulatory violations — including, he predicts, most of the GDPR violations — come from bad practices or outright malicious activity by third-party providers.
Other issues include page loading issues and vulnerabilities to malware. As an example, he noted that both of the recent Equifax data losses involved, at least in part, vulnerabilities in third-party code.
“If an enterprise doesn’t know who they do business with,” he said, “that’s where the violations come from.”
While The Media Trust and similar firms provide assistance for monitoring outside code executing on a brand’s property, Olson agreed that the current smattering of best practices, protocols and standards could eventually become a kind of certificate or seal that your third-party providers apply for, not unlike how the Trustworthy Accountability Group (TAG) is now providing its imprimatur to fight fraud among ad providers.
In effect, Olson said, brands need to tell their third-party providers: “For years, I haven’t really known you, but now we have to be compliant together.”