0

I am wondering what methods are used by big companies to protect customer email addresses in their databases. They usually have salespeople all over the world and multiple third-parties (Salesforce, transactional emails, etc.) also need to access the data and need to be able to send emails to customers, making regular encryption methods not really practical.

I am working on a project where we will have to store and interact with a large amount of customers via email and I can't find a solution other than storing their email addresses in plain text in order to be accessible to third-parties and our salespeople. But that doesn't seem very compliant and safe as a data leak could create a serious impact for our customers (phishing, use it to login, etc.).

Improve this question
1
  • 1
    I'll let you on a secret, big companies rarely care about it. Sales people pretend they don't have any email addresses and excel files are flying around on intranets.
    – nethero
    Commented Jun 25, 2021 at 13:20

4 Answers 4

Reset to default
1

As schroeder says, if there is a requirement for people to have access to that data then grant them that access. However its quite trivial to add in an anonymization tier that maps any email address to a local email address then provision a forwarding service at the receiving end of the generated address which forwards to the intended recipient. Gumtree, for example, does this. However it can be rather irksome.

Improve this answer
1

You need to identify your threats and risks (risk assessment, threat analysis etc.) to identify how an attacker might steal the information, and what that would mean for your organization (what is the business impact). You mention "all over the world", which makes your case a little special. It means that you should be aware of security and privacy regulations around the world. For example in Europe (GDPR) an email address is considered personal information, in other countries that may not be the case. Any personal information has to be protected with adequate measures. Encryption is one of them; if you have good reason not to have encryption, then you must enhance other measures to compensate for this, and analyze the risks. You must consider the 3 security parameters: technology (encryption, perimeter security, keys management etc.), processes (what people do, roles, access control, audits, reviews etc.) and people (awareness, training, exercises, inside attack etc.).

Improve this answer
0

The controls required are about granting appropriate access. Just like any data, you want to authenticate users/processes that need legitimate access, audit it, and be able to revoke access. Bonus points for only allowing access to the specific data required by the user/process to perform their approved function.

This is no different from the basics of any file system or database:

  • encrypt the media (to protect from physical theft)
  • user accounts
  • role-based access
  • enable auditing
  • review and adjust access and permissions regularly

So, what do large orgs do? They use a database. It's simple, easy to manage, and has all the controls you need. And there are a million types to choose from to meet your needs.

More specifically, it simply sounds like you need a CRM. A SaaS CRM tool allows you to enter email addresses into a database and you allow 3rd parties to compose and send emails. The 3rd parties don't actually "have" the emails, they just access them in your account. Some CRMs allow you to hide the email database so that the 3rd parties are dealing with named lists, not named individuals.

Improve this answer
0
-1

At the company I work for, we send a daily dump of all of our customers' email addresses to a 3rd party company who send out our marketing emails.

We cannot encrypt the emails, as the 3rd party company cannot send an email to an encrypted email address. The best you can do is send the emails to the 3rd party company in a secure way. We use SFTP, which assuming you do it right is secure.

Improve this answer
5
  • 1
    No, this is not the "best you can do". There are multiple CRMs that allow you to control the email database, and the 3rd party simply composes and times the emails in the CRM tool. This approach has been available for over a decade. Your approach has multiple issues that will run into problems with GDPR, for instance, which is one of the tags in the question.
    – schroeder
    Commented Jul 26, 2021 at 9:19
  • Could you give me a link where this is explained in more detail? At my company, we store our customers in our own database, and everyday we send our customer data to the third party. Given that this third party must physically send these emails from its own email server infrastructure, I can't see how they could do that WITHOUT the actual emails.
    – Weare Mwam
    Commented Jul 26, 2021 at 13:02
  • Get a better 3rd party? I mean CRMs and CRM APIs have been around for a long time. If your 3rd party requires a csv with the emails, then that's what you need to do with those particular constraints, but that is far from the best you can do.
    – schroeder
    Commented Jul 26, 2021 at 13:05
  • I am still having trouble understanding how this could work. This 3rd party company has to send emails to our customers. How can it send an email without the email address? If your answer is that it can get the email address through an "api" into our system, how is that any more secure than sending a CSV over SFTP? Also, having an API into our customer database sounds frightening.
    – Weare Mwam
    Commented Jul 26, 2021 at 22:25
  • There are 3 parties: you, the CRM, and the marketing company. You control the emails in the CRM, the marketing company accesses the CRM with whatever access you provide.. Welcome to the cloud.
    – schroeder
    Commented Jul 26, 2021 at 22:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .