ESP KMS Encryption: The Answer for the Most Sensitive PII

For marketing/communications teams at businesses with especially sensitive customer data and sophisticated encryption needs — financial and healthcare organizations, for instance, or any company with leadership that makes enterprise data security and enterprise data protection a top priority — the attitude toward email marketing often approaches ambivalence.

Because they can’t risk sending any personally identifiable information (PII) up to the cloud, where it’s outside their control and vulnerable to a security breach, they believe they can’t send personalized messaging campaigns. After all, if they can’t afford to allow the data to leave from behind the security of their firewall, how can they do anything more sophisticated with their ESP than spray and pray?

For these marketing teams, there is an answer that can get them back into the email marketing game — KMS (Key Management Service) encryption. This allows organizations to encrypt individual pieces of data across a dataset — PII like email addresses or health and financial information — and not allow even their own data engineers or marketers to see that data as they build audiences and messages.

An encrypted code is all they see, instead of the actual PII data. And a third-party cloud services program like Amazon Web Services (AWS) or Google Cloud hold the key to decrypting that data via a key name that the customer delivers to them along with the data. Decryption occurs only at the moment of launch of an individual campaign.

MessageGears’ approach to security

The MessageGears platform currently uses AWS for KMS encryption, and this allows clients to personalize based upon any attribute in their database without risking that data to exposure either internally or within the cloud. Chick-fil-A uses KMS encryption to keep even their customer email addresses encrypted while the marketing team builds audiences and campaigns in the MessageGears platform, and that provides them with the confidence to send highly personalized messages that key off everything from geolocation to preferred store to most recent order.

This allows them to segment and communicate in a way that’s unique to each individual customer at scale. Meanwhile, they aren’t exposing any PII to their internal teams or to any legacy marketing cloud.

This allows them to communicate in a way that’s unique to each individual customer at scale. Meanwhile, they aren’t exposing any customer PII to the marketing cloud.

Sensitive data remains encrypted “at rest” within Chick-fil-A data systems until decryption of fields is necessary only at the moment of launch an individual campaign. And even then, data transferred to the MessageGears “render and send” cloud environment is deleted once the message has been successfully rendered, leaving no client data residing outside of Chick-fil-A internal systems. 

Chick-fil-A data remains safely within their data stores, and the only data transmitted and decrypted from these sources is the data used to personalize the message, sent as emails, push notifications, text messages, or other outbound messaging.

Another part of what makes KMS encryption with AWS unique is that AWS can, if there’s any remote question as to the security of either their or MessageGears’ system at any time, unilaterally revoke MessageGears’ access to the decrypted data for as long as it takes to re-establish that any problems have been resolved.

This helps to contain breaches from outside a client’s firewall quickly, without negative impact to client data. At MessageGears, we’re also able to add further anonymization to encrypted data, adding a secure hash to the code so even a brute-force attack would fail to determine the full code sequence and gain access to the data.

The importance of keeping data behind the firewall

The key distinction between traditional SaaS solutions and the MessageGears platform is our philosophy of maintaining the client’s data systems as the systems of record, as opposed to building a secondary datasource maintained by the MessageGears platform. As a result, no data needs to be duplicated, replicated, or synchronized outside of the existing client data systems.

The MessageGears platform connects directly to these systems, using the data maintained within them for audience segmentation and message personalization.  This distinction makes MessageGears’ unique in the space, offering a full suite of Marketing Automation features and functionality with the scalability and throughput of a cloud message delivery platform, without requiring the creation of external data silos or expensive data replication.

MessageGears is unique among ESPs in the ability to do this. Because our campaign management software lives behind the client’s firewall, on top of their database, this allows client marketing teams to securely work directly with their live data to build audiences and messages. Because customer data isn’t copied to the cloud — unlike with the legacy marketing cloud solutions — MessageGears clients don’t have to rely on the cloud for anything except the actual rendering and sending of messages. And that means data stays as secure as your firewall can keep it, while subscribers still receive the type of personalized, relevant messages that turn them into loyal, engaged customers.