Founded in 2001, Crownpeak is a privately-owned global corporation that has evolved to provide the leading, enterprise-grade, cloud-first Digital Experience Management (DXM) platform globally. For publishers who still rely heavily on programmatic and use a large volume of ad network partners, the company also provides the tools to secure sites from malicious vendors or tags. WNIP caught up with Crownpeak’s Director of Product and Digital Governance, Gabe Morazan, to find out more…
Can you give us some background about your company?
We are headquartered in the U.S., and our DXM platform empowers Fortune 2000 companies to create, deploy, and optimise customer experiences quickly across global digital touchpoints at scale.
Besides featuring content management, personalisation, search, and hosting, it is the only digital experience platform that includes built-in Digital Quality Management (DQM) to ensure brand integrity, best practices, and web accessibility compliance.
Crownpeak is also the leading provider of simple technical solutions for complex digital Governance, Risk & Compliance (GRC) challenges. These solutions, including the Universal Consent Platform and TagControl, are designed to help companies comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other new country and state privacy regulations.
What business problem is your company addressing?
Specifically, in publishing, we aim to provide visibility for the complex marketing stack – in particular, the programmatic advertising partners that the publishers and brands use to fulfill their marketing needs. We offer solutions to a number of things, such as, who are all of the third parties that are collecting and aggregating pick up in the publisher’s chain of advertising partners? What type of security mechanisms or internal processes do companies or brands have in place to avoid the type of malicious ads that might be injected through third-party solutions?
And how do businesses ensure they’re complying with regulation such as GDPR and CCPA – directly and via third parties? This isn’t a new problem – there have been calls for greater transparency in recent years, and we have actually been applying consent options since 2009. But emerging regulation is introducing stipulations such as the ‘do not sell’ option, and businesses need to ensure they properly comply, even when using third-party solutions.
Those are really the high-level issues we are looking to solve. And they are particularly relevant for those brands and companies that are heavily reliant on advertising technology.
For publishers who still rely heavily on programmatic and use a large volume of ad network partners in the chain we provide the tools to be able to secure their site from malicious vendors or tags. The type of third-party vendors who might add messages like ‘click here for a free iphone’ can compromise a site, but they can be blocked using our technology.
It’s an opportunity to understand who your third parties are and audit them – obtaining in-depth information relating to their privacy policies, their data retention, and the data they capture. Then you have the necessary controls in place with our tools to be able to block any third party vendors that you want to blacklist. Whether they’re constantly slowing down your system or have previously injected mal-advertising, and however they’re accessing your site.
What is your core product addressing this problem?
We have a tool called TagControl to address this problem. While publishers are generally familiar with the partners they work with, because they all work with many different solutions connected with different DMPs, it’s difficult for them to have a full vision of all parts of the chain.
By using TagControl, we start with a scan of the customer’s website over the course of several days to identify how many partners use tags on the site and what is being injected as part of the real-time bidding (RTB) process. We then map exactly how they enter the site. So for example, if we see OpenX appearing on a customer’s site but they know that they interact with them within their tag manager, then we know that OpenX came in from LiveRamp, which came in from an ad exchange, from one of their other partners. We have the technology to trace back where the vendors came from. If the publisher needs to decide they don’t want them, we know exactly where to go to turn that off or in the case of TagControl we can turn it off within their solution.
Can you give some examples of publishers successfully using your solutions?
As well as major media companies in the US, we work with a number of well-known publications in the UK, all of whom successfully protect themselves from unwanted access by third parties and achieve high levels of trust as a result. NDA’s preclude us from identifying them by name.
Because our technology scans a website, and collects, aggregates and ties the solutions back to a vendor database we have created, the price is largely based on how many sites or pages we are scanning. When a customer calls up and says, ‘hey tell us about your solutions’, we have to first understand whether they’re a small publisher with one site, or a global publication with multiple sites and pages across different countries. As a result the pricing is really dependent on the number of sites and the amount of traffic those sites generate.
What are other people doing in the space and why?
So how does it work? Well, when we scan a website we take the code that is in any of the scripts and match it to the code of the companies on our database. Once we have a match to a tag, such as OpenX, we can then say “here is what we know about OpenX”. Having collected and aggregated information over the past ten years, we have an extensive understanding of each company – giving us the edge over the competition, particularly from a compliance and legal point of view.
As an ad operation or compliance team creates the data processing agreement they need to secure and safeguard that information, and have a deep understanding of the data protection policies these companies have, their data retention, where they store the data and the type of data they collect in order to be compliant with GDPR. That is time-consuming to say the least, but with our technology, they can rest assured they are meeting regulation requirements with the most extensive information available.
How you do view the future?
We naturally believe that privacy is moving to the forefront for publishers and brands. Any illusion to GDPR just being a one-off event or an isolated incident has pretty much been shattered considering all that has happened since GDPR went into enforcement last year.
We anticipate that privacy is going to remain a major focus and continues to be an issue that companies have to grapple with. As we look at privacy from a consumer perspective, we need to understand their expectations in a post-GDPR era. We believe that privacy affords a customer experience opportunity. Brands looking to take privacy seriously can look to use it as a competitive opportunity. We can use Apple as an example of this, as they recently launched an extensive marketing campaign highlighting the fact that they are more secure and safe than, say, Google’s devices.
We believe privacy is also rapidly becoming a customer experience issue. Crownpeak is a visual experience solution, so we are uniquely positioned to transform these companies through what was originally seen as a compliance play – a simple tick-box type solution – to incorporating user experience into privacy, in order to gain trust and therefore increase the lifetime value of every customer that visits the site. We utilise the visibility of the site to avoid bounce rate etc, and we incorporate that into the customer experience, to reflect well on the site and the brand. It’s this approach that is ultimately informing our decisions about how we can further take these privacy principles.
We believe brands will need to keep re-evaluating against these issues in order to protect consumers, and meet their expectations for data protection and user experience in the future.
Anything else we should know about?
Publishers are struggling in this data compliance landscape. Regulators have very clearly indicated that they are investigating RTB and programmatic vendors in relation to GDPR. And consumer expectations in the market are greatly heightened around data privacy.
The question is, how are we going to continue to remain viable? Well, publishers need to use the many resources available to go after malicious actors, and also look at ways to engage the consumer in such a way that they are willing to participate in the data exchange, because they see value in the content you’re creating.
In the past, there was an imbalance in the exchange between the data you could collect from a consumer and the content you provide to the consumer. Consumers didn’t always realise the amount of data you could pull from them based on their browsing habits, their interests, their geolocation, etc. Now with GDPR and other regulations we are balancing that exchange to enable consumers to see what leverage and control they have.
Consumers need to be able to say when they’re OK with cookies on the site, and which information they’re happy to share, in exchange for the content. So as an organisation we are looking to build the tools that allow consumers to control the exchange, while allowing the publisher to remain a viable business. I started my career in newspapers, so I understand how publishers are seeing these regulations as an attack on their business model. But I believe there is a middle ground and we as an organisation need to help people find the balance that works for all parties – the brands, the publishers and the consumers.
Download WNIP’s comprehensive new report—50 Ways to Make Media Pay—an essential read for publishers looking at the multiple revenue opportunities available, whether it’s to reach new audiences or double down on existing super-users. The report is free and can be downloaded here.