Unbounce Now More Secure Than Ever: Introducing Single Sign-on, Audit Logs, and 2FA Authentication
Imagine you run a successful digital agency, and suddenly get an urgent email from the IT department.
Turns out, an account manager who left the company months ago has continued to log into your software, moved tons of high-value clients to a sub-account, and has shut you out completely—effectively stealing your hard-earned rolodex of clients as his own.
Or, you work in a marketing team and IT has discovered an unauthorized person has logged into your SaaS tools and now has access to all of your data, payment details, and even your customers’ data, too.
Considering many businesses now run almost entirely on the internet (and the average marketer uses anywhere from 12-31 different tools), the above scenarios aren’t just unsettling—they’re not as far fetched as we’d hope. Sure they may not happen everyday, but as a marketer you need to ensure they don’t happen to you.
Whether it’s protecting your data or that of your customers, today we’re taking a closer look at security, data privacy (including the upcoming GDPR), and sharing what we’ve rolled out at Unbounce to make sure our platform doesn’t leave you scrambling.
Making your life easier, and more secure
Us marketers tend to love inviting as many users into our SaaS tools as needed (faster workflows for the win!), but user management, and other potential threats involving passwords and more can be a nightmare waiting to happen in the eyes of IT. Overall, we all need to be especially careful choosing software tools that IT can stand behind.
At Unbounce, we know you may not have the time or resources to ensure you have the latest security measures in place. And you want to be able to focus on building incredible marketing, anyway (not fretting about security).
So we’ve spent the last few months making sure we’re one of most secure conversion platforms out there with industry-leading security features.
We’ve rolled out a few new features to ensure you can breathe easy and focus on conversions. And we think your IT team will love them.
Introducing single sign-on
IT administrators often need centralized platforms. Being centralized helps keep track of all of the users of a given account, especially as you scale. And now you can do this with Unbounce via Google Single Sign-on (SSO).
Available on all plans, this means you can use your Google account and credentials to log into Unbounce.
In short, you can now easily manage verified users of your Unbounce account from one, central directory. Your IT manager will be over the moon 🙂
More built-in safeguards
Connected to single sign-on, as marketers we rarely need to consider the importance of authentication or how it works, but it roughly boils down to password requirements, access, and how IT can confirm it’s actually you logging into an app and not someone else.
Back in a less secure time, a typical password requirement workflow depended on two factors:
- Something you are – i.e. your identity , confirmed via email address, and
- Something you know – i.e. your password, or a security question if you’ve forgotten.
But many of the things you know, someone else might know too. Moreover, 80% of people reuse passwords across several sites. A password shared with just one site that’s been breached can be used to gain access to another site (something you need to ensure can’t happen).
Fortunately there’s a way to effectively ban this by adding a third factor to the equation with two-factor authentication (2FA). The idea behind 2FA is that accessing especially secure software now requires one extra thing:
- Something you have – i.e. an authentication code you have access to via an app on your phone, for example.
Intended to make it difficult for attackers to exploit vulnerabilities (like password reuse and phishing), 2FA is the option to authenticate users’ identity with their mobile device in addition to their username and password.
Available on our Enterprise plans and above, you can now add an extra layer of protection to the login flow with an authenticator app.
Google Authenticator is very popular (accessed via your phone), but you can use any of the following in line with your company’s IT policies:
- HDE OTP
- Authenticator Plus
- Sound Login Authenticator
We’re now one of the only conversion marketing platforms with two-factor authentication built right in (so you don’t have to go through integrations or workarounds to comply with your IT manager’s wishes!)
Wait, who did that? (Audit logs, your new lifesaver)
Beyond accessibility to software, it’s important your organization gets complete visibility and control of user actions in the tools you use.
As one of our agency clients once joked about with us, they’d invited a client into Unbounce to preview their pages, but this particular client was always trying to get edit-access to their landing pages to make sneaky changes to suit their preferences on the fly. This was, of course, not malicious but the account owners were later scratching their heads as to why pages were magically changing, and why so many integrations were suddenly broken.
The lesson here is that, beyond being able to assign user capabilities, you need to have a high-level breakdown of what’s going on in your SaaS tools, including who does what, and when.
This is why we’ve recently introduced audit logs on enterprise plans or higher to provide admins with a detailed trail of account activity. Used in tandem with our version control feature, you can now both identify changes made to your Unbounce creations and roll back any undesired changes to previously saved pages.
Overall, an audit trail can be used to detect suspicious activity or to playback account activity during an incident review and it can be very helpful for you to have for harmless rollbacks, or larger security-related infringements.
Data privacy and the GDPR
Up ‘til now, we’ve largely covered security in this post, but we’d be remiss to not mention data privacy too. The two tend to get grouped together, but there is a difference.
While security largely tends to involve your brand’s protection, data privacy relates more holistically to the protection of the collection and dissemination of data (often related to your customers or lead’s data in a marketing context).
This is especially relevant for you because, when running virtually any marketing campaign, you collect information from individuals and then process that information.
In the case of running landing pages, popups, or sticky bars in Unbounce, we each play a role. You as the controller, and Unbouncer as a processor:
- Unbounce’s Customers as Controllers
You make decisions on what data you’d like to solicit and how that data is used. As the creator of a form, you’re not only deciding on what data to collect but how you plan to use that data with your marketing stack.
- Our Role as a Processor
Unbounce will process data on behalf of our Customers. When you use an Unbounce Form, Unbounce is doing the “behind the scenes work” to store and transfer that data.
Why is this important?
Privacy concerns exist wherever personal data is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues, and it’s up to you to ensure both your data collection and the software you use to collect data is compliant.
Data privacy is especially timely now concerning GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new data privacy law which will come into effect on May 25, 2018, impacting how businesses collect and process data from individuals who live in the European Union (EU). It’s the most significant piece of data protection legislation to be introduced in the EU in 20 years, and will replace the 1995 Data Protection Directive.
GDPR is currently a hot topic, and understandably as it will have a major impact on Unbounce and our customers. So we’re doing everything we can to keep you all up to speed on our efforts on becoming fully compliant.
Hey, I’m not in the EU, does GDPR affect me?
Yes — if you have customers in the EU, plan to have customers in the EU, or process personal data from the EU, this applies to you.
Unbounce takes data privacy very seriously, and we view the GDPR as an opportunity to further enhance our commitment to data protection for the benefit our customers.
Right now we’re completing a comprehensive audit of the GDPR’s requirements and identifying where we need to make modifications to our platform, contracts, and documentation.
Our top priority is ensuring that our customers have confidence in our product, and that data you collect and process in our platform for your marketing campaigns meets the GDPR, complying by the date of enforcement.
On a whole, security or data privacy threats involving SaaS tools are like insurance. You hope you never have to worry about them, but you need to be prepared all the same.
We’re excited to be able to provide industry-leading security for you, and we’ll always work to alleviate issues of security and data privacy, so you can focus on campaigns.