digital ecosystem - amazon web servicesfipp.s3.amazonaws.com/media/documents/alex calic and...

Digital Ecosystem What you don’t know can hurt you

@TheMediaTrust

About The Media Trust

• 10+ year history monitoring the world wide web – Provide ad quality monitoring and protection services across the online

and mobile advertising ecosystems

• Based in Washington, DC – Infrastructure available in 65+ countries/500 + cities around the world

• Work with the biggest global publishers and their partners

@TheMediaTrust

The State of the Digital Media Ecosystem

• Publishers are putting an ever-increasing amount of 3rd party software code on their websites

– Leads to declining performance

– Increases audience risk exposure to malware infections and consumer data violations

• Consumers are responding – Consume content in news feeds on social networks

– Employ ad-blockers

• Clean-up the user experience and audiences, and revenues, will return

The anatomy of a web page A look under the covers

@TheMediaTrust

The Anatomy of a Web Page

@TheMediaTrust


Articles

@TheMediaTrust


Videos

Articles

@TheMediaTrust


Videos

Articles

Slideshows

@TheMediaTrust


Videos

Articles

Search Slideshows

@TheMediaTrust


Videos

Articles

Search Slideshows

Ads

@TheMediaTrust


Widgets

Ads

Articles

Search Slideshows

Videos

@TheMediaTrust


Then add-in the software code that you don’t see on the page…

• Content delivery networks

• Data & tag management platforms

• Web analytics

• …and more

Malware The ubiquitous menace

@TheMediaTrust

Putting Web-Based Malware into Context

• 400,000 new malicious programs are detected every day1

• 85% of all malware is distributed via the web2

• 58% of malvertisements were delivered through news and entertainment websites3

• 67% of websites distributing malware are legitimate sites that were compromised4

• Traditional security tools miss up to 100% of malware5

1. “Malware Statistics & Trends Report.” AV-TEST Institute, December 2014 2. “Second Annual Cost of Cyber Crime Study: Benchmark Study of US Companies.” Ponemon Institute, August 2011 3. “Endpoint Exploitation Trends 1H 2015” Bromium, Inc. 4. “2014 Internet Security Threat Report,” Volume 19. Symantec 5. “Security tools missing up to 100% of malware, eThreatz testing shows.” CSO Online, January 15, 2015

@TheMediaTrust

How Ad Serving Really Works

Infographic courtesy of Ad Ops Insider: http://www.adopsinsider.com/ad-serving/how-does-ad-serving-work/

What You Should Expect

@TheMediaTrust

How Ad Serving Really Works

Infographic courtesy of Ad Ops Insider: http://www.adopsinsider.com/ad-serving/how-does-ad-serving-work/

What You Should Expect What Actually Happens

@TheMediaTrust

Example of Publishers Affected When Who What

February

2013

Ad server

November

2014

Identity management

tool

October

2015

Anti-adblocking

analytics

Other 3rd Party Code Not Immune to Hacking Either

Performance The need for speed

@TheMediaTrust

Speed Kills (Unless You’re Loading Web Pages)

• 47% of consumers expect a web page to load in 2 seconds or less

• 40% of people abandon a website that takes more than 3 seconds to load

• 1 second delay in page response can result in a 7% reduction in conversions

Data courtesy of Kissmetrics: https://blog.kissmetrics.com/loading-time/

@TheMediaTrust

Real World Examples

Data courtesy of The New York Times: http://www.nytimes.com/interactive/2015/10/01/business/cost-of-mobile-ads.html

Privacy Do you know who has access to your audience?

@TheMediaTrust

A Look At Germany’s Largest Websites

• Websites reviewed: 27 (Alexa Top 500)

• German media companies represented: 12

• Time Period: Week ending March 14th

@TheMediaTrust

Some of Our Findings

Domains Vendors Cookies

High 293 198 142

Average 77 55 50

Low 31 16 4

Advertising &

Publishers

Ad

Operations

Data

Tracking

Content Delivery

& Management

Site Services

& Ad-Ons Suspicious

Under

Review

High 59 116 41 34 16 3 20

Average 10 38 13 7 3 1 4

Low 2 12 1 1 0 0 0

Overview

Domains by classification

@TheMediaTrust

Data Cookie Findings

Cookies with a Lifespan of over 12 months

# of cookies

High 66

Average 20

Low 2

Domains Dropping Data Cookies with the Longest Lifespan Domain Company Lifespan

Acuityplatform.com AcuityAds 68+ years

Skimresources.com Skimbut 30 years

Liverail.com Facebook 27 years

Theadex.com The AdExchange 10 years

Wtp101.com Digilant 8 years

Final Thoughts What should a publisher do?

@TheMediaTrust

Takeaways & Action Items

1. Identify 3rd party vendors for potential exposure points

2. Analyze 3rd party vendor activity for compliance with company and regulatory policies

3. Authorize vendor’s presence/actions and document internal approving party

4. Minimize the number of vendors executing on your public-facing website

5. Ask vendors for security policy, i.e., what are they doing to protect their relationship with your website

6. Understand why an authorized vendor needs to bring in another outside party to execute on your site

7. Review Risk/Legal requirements to determine need for contract/ agreement with 3rd party vendors

8. Terminate and blacklist unsecure and/or unapproved external parties

9. Continuously scan the website for new vendors and impact on overall performance from variety of OS/device, geography and user behavior profiles

10.Generate reports to measure 3rd party vendor ability to meet service level requirements (SLA)

Thank You

@TheMediaTrust

Any Questions?

Alex Calic, Chief Revenue Officer, @alexcalic

Matt O’Neill, GM EMEA, @moneill

digital ecosystem - amazon web servicesfipp.s3.amazonaws.com/media/documents/alex calic and...

Documents