We’ve been making social scalable for large organizations since Spredfast was founded in 2008 and we’ve watched the social landscape evolve and mature in a variety of ways. Since the start, our customers in regulated industries – like Financial Services and Pharmaceuticals – have focused on ensuring that their social engagement activities comply with their industry guidelines. These companies were the early drivers of Spredfast capabilities like approval workflows and audit trails.
In the last year, we have seen an increasing trend with all of our larger customers. As Spredfast becomes a system of record for social engagement across the enterprise, customers are asking for more security – whether they are in regulated industries or not. We believe this is because an SMMS like Spredfast is increasingly being viewed as a “first class” mission-critical platform – not just a tool used by a few marketers. With this increased enterprise usage comes increased requirements for compliance – not just with external regulations but also with internal security guidelines.
The result is that in the last two quarters, we have been steadily adding new capabilities to our platform that give our customers unmatched security for their social engagement. Below are the highlights.
Rigorous Access Management
Each organization is different, so our customers need various controls to maintain network security while providing their users with access to Spredfast.
Enhanced Password Management: We offer customizable password management. This functionality allows account administrators to set requirements for strong passwords, customized expiration dates, enabling CAPTCHA after a user specified number of tries.
Single Sign-On (SS0): Spredfast supports Single Sign-On using the SAML 2.0 protocol. Instead of forcing customers to use a specific identity provider, supporting the SAML standard allows our customers to use their existing identity provider for centralized security and SSO.
IP Restrictions: We can restrict application access to whitelisted IP addresses or ranges as needed. This allows customers to define which locations and which employees can access Spredfast– a critical control for companies with employees (and agency partners) distributed all over the world.
Compliance in Social Conversations
With the hundreds of conversations happening over social channels everyday, our customers need robust yet flexible methods to handle each conversation in an organized fashion. Spredfast not only make it possible for large teams to execute social strategy, but our customers can get complete audit histories of who approved which posts and when.
Approval Workflows: Spredfast allows users to create a post, select the channels and accounts that the post should be published from, and schedule the time of day/days the post should go out. Depending on who creates the post and which social accounts they’re posting to, the appropriate approval teams are automatically added to that post. This requires the approval teams to review the post, add notes if necessary, and approve the content before it can be posted to any social site ensuring appropriateness of all communications.
Conversation Histories: Some companies engage in hundreds of conversations over social channels every day. Because of this, they need a central repository for social engagement. Spredfast creates detailed records of each post and provides insights that are not available through the social networks – including a full audit trail, internal comments, internal classifications, and all of the engagement that sprung from the post.
Enterprise Class Data Security
Our customers in regulated industries such as financial services often have more extensive security requirements than other organizations. We expect many of these needs to expand to other industries as companies increasingly view their social data as key corporate assets. For those that want it, Spredfast is available in a high security deployment with the following attributes.
Virtual Private Cloud: Spredfast customers can be deployed within Amazon’s Virtual Private Cloud (VPC), which allows for a layered security DMZ approach. The VPC allows us to isolate network server traffic and restrict communication between servers to appropriate custom IPs/ports. External access to the environment is restricted via a VPN Gateway or by an Internet Gateway.
Data Encryption: Sensitive data can be encrypted in transit and at rest using 256-bit AES encryption.
Backup Encryption: Spredfast can provide backups encrypted in transit, using SSL and GnuPG.
Secure Exports: Spredfast customers have the ability to integrate their secure social media data into their existing security infrastructure.
As SMMS transitions to a tool for a chosen few in Marketing to a platform used to manage engagement across all social channels throughout the company, we anticipate security to become a higher priority for most large organizations. With so many different security options available in Spredfast, our customers no longer have to be concerned with meeting regulations and requirements. They can now meet both internal and external regulatory requirements, making it easier than ever to scale social engagement in a secure way.
Tags: access // approval // compliance // control // data encryptions // enterprise // financial services // IP // management // password // pharmaceutical // scale // security // single sign on // SMMS // social media // workflow