digital ecosystem - amazon web servicesfipp.s3.amazonaws.com/media/documents/alex calic and...
TRANSCRIPT
Digital Ecosystem What you don’t know can hurt you
@TheMediaTrust
About The Media Trust
• 10+ year history monitoring the world wide web – Provide ad quality monitoring and protection services across the online
and mobile advertising ecosystems
• Based in Washington, DC – Infrastructure available in 65+ countries/500 + cities around the world
• Work with the biggest global publishers and their partners
@TheMediaTrust
The State of the Digital Media Ecosystem
• Publishers are putting an ever-increasing amount of 3rd party software code on their websites
– Leads to declining performance
– Increases audience risk exposure to malware infections and consumer data violations
• Consumers are responding – Consume content in news feeds on social networks
– Employ ad-blockers
• Clean-up the user experience and audiences, and revenues, will return
The anatomy of a web page A look under the covers
@TheMediaTrust
The Anatomy of a Web Page
@TheMediaTrust
The Anatomy of a Web Page
Articles
@TheMediaTrust
The Anatomy of a Web Page
Videos
Articles
@TheMediaTrust
The Anatomy of a Web Page
Videos
Articles
Slideshows
@TheMediaTrust
The Anatomy of a Web Page
Videos
Articles
Search Slideshows
@TheMediaTrust
The Anatomy of a Web Page
Videos
Articles
Search Slideshows
Ads
@TheMediaTrust
The Anatomy of a Web Page
Widgets
Ads
Articles
Search Slideshows
Videos
@TheMediaTrust
The Anatomy of a Web Page
Then add-in the software code that you don’t see on the page…
• Content delivery networks
• Data & tag management platforms
• Web analytics
• …and more
@TheMediaTrust
The Result
78% of the code that renders on a web page is outside your control!
Video
Zeitun
g
BREAKING
NEWS
World | Local | Finanzen | Sport | Politik | Verbraucher | Video |
Spaß
WETTER
UMFRAGE
BORSENTICK
ER
World
Global
Finanzen Local
“Omar der
Tschetschene” offenbar
vom US-Militär
13-Jähriger erschlägt
Gleichaltrigen: Das sagt
das
Scharapowa löst
Ansturm auf Doping-
Mittel aus
Sport Verbrauch
er
Politik
Zentralbank-konto von
bangladesch per
Überweisung
Bahnt Sich Unter
Kretschmann Politische
Amazon Echo gadget
ging aufgrund von Funk
Schelm
Startseite | Support | Hilfe Zeitung
World | Local | Finanzen | Sport | Politik | Verbraucher | Video | Spaß
BORSENTICKER
Malware The ubiquitous menace
@TheMediaTrust
Putting Web-Based Malware into Context
• 400,000 new malicious programs are detected every day1
• 85% of all malware is distributed via the web2
• 58% of malvertisements were delivered through news and entertainment websites3
• 67% of websites distributing malware are legitimate sites that were compromised4
• Traditional security tools miss up to 100% of malware5
1. “Malware Statistics & Trends Report.” AV-TEST Institute, December 2014 2. “Second Annual Cost of Cyber Crime Study: Benchmark Study of US Companies.” Ponemon Institute, August 2011 3. “Endpoint Exploitation Trends 1H 2015” Bromium, Inc. 4. “2014 Internet Security Threat Report,” Volume 19. Symantec 5. “Security tools missing up to 100% of malware, eThreatz testing shows.” CSO Online, January 15, 2015
@TheMediaTrust
How Ad Serving Really Works
Infographic courtesy of Ad Ops Insider: http://www.adopsinsider.com/ad-serving/how-does-ad-serving-work/
What You Should Expect
@TheMediaTrust
How Ad Serving Really Works
Infographic courtesy of Ad Ops Insider: http://www.adopsinsider.com/ad-serving/how-does-ad-serving-work/
What You Should Expect What Actually Happens
@TheMediaTrust
Example of Publishers Affected When Who What
February
2013
Ad server
November
2014
Identity management
tool
October
2015
Anti-adblocking
analytics
Other 3rd Party Code Not Immune to Hacking Either
Performance The need for speed
@TheMediaTrust
Speed Kills (Unless You’re Loading Web Pages)
• 47% of consumers expect a web page to load in 2 seconds or less
• 40% of people abandon a website that takes more than 3 seconds to load
• 1 second delay in page response can result in a 7% reduction in conversions
Data courtesy of Kissmetrics: https://blog.kissmetrics.com/loading-time/
@TheMediaTrust
Real World Examples
Data courtesy of The New York Times: http://www.nytimes.com/interactive/2015/10/01/business/cost-of-mobile-ads.html
Privacy Do you know who has access to your audience?
@TheMediaTrust
A Look At Germany’s Largest Websites
• Websites reviewed: 27 (Alexa Top 500)
• German media companies represented: 12
• Time Period: Week ending March 14th
@TheMediaTrust
Some of Our Findings
Domains Vendors Cookies
High 293 198 142
Average 77 55 50
Low 31 16 4
Advertising &
Publishers
Ad
Operations
Data
Tracking
Content Delivery
& Management
Site Services
& Ad-Ons Suspicious
Under
Review
High 59 116 41 34 16 3 20
Average 10 38 13 7 3 1 4
Low 2 12 1 1 0 0 0
Overview
Domains by classification
@TheMediaTrust
Data Cookie Findings
Cookies with a Lifespan of over 12 months
# of cookies
High 66
Average 20
Low 2
Domains Dropping Data Cookies with the Longest Lifespan Domain Company Lifespan
Acuityplatform.com AcuityAds 68+ years
Skimresources.com Skimbut 30 years
Liverail.com Facebook 27 years
Theadex.com The AdExchange 10 years
Wtp101.com Digilant 8 years
Final Thoughts What should a publisher do?
@TheMediaTrust
Takeaways & Action Items
1. Identify 3rd party vendors for potential exposure points
2. Analyze 3rd party vendor activity for compliance with company and regulatory policies
3. Authorize vendor’s presence/actions and document internal approving party
4. Minimize the number of vendors executing on your public-facing website
5. Ask vendors for security policy, i.e., what are they doing to protect their relationship with your website
6. Understand why an authorized vendor needs to bring in another outside party to execute on your site
7. Review Risk/Legal requirements to determine need for contract/ agreement with 3rd party vendors
8. Terminate and blacklist unsecure and/or unapproved external parties
9. Continuously scan the website for new vendors and impact on overall performance from variety of OS/device, geography and user behavior profiles
10.Generate reports to measure 3rd party vendor ability to meet service level requirements (SLA)
Thank You
@TheMediaTrust
Any Questions?
Alex Calic, Chief Revenue Officer, @alexcalic
Matt O’Neill, GM EMEA, @moneill