Quality Climbs Up the Chain: A Conversation on Security and QA with The Media Trust’s Chris Olson

Malvertising Ain't Just a Pub Problem

As the ultimate destination for advertising and interface for users, digital publishers have long borne the responsibility of preventing malvertising and other nasty business from sneaking through. However, quality control is imperative for all the players in the advertising chain – and in the last few years, exchanges and other players have begun to pick up the slack.

The Media Trust CEO Chris Olson expounds on growing ecosystem-wide diligence (as well as where it’s still lacking) as well as the current state of ad quality and how user experience concerns are changing the entire digital advertising industry.

GAVIN DUNAWAY: What does ad quality mean in 2016, and how has it really changed in the past couple years?

CHRIS OLSON: Ad quality is one important component of how user experience is faring. From The Media Trust’s perspective, ad – as well as site and app – quality is made up of four components: security; performance; first-party data control, privacy and compliance; and the “visual” experience.

After great content, the next biggest contributor to consumer happiness is the quality of the ads, site and mobile apps. Ultimately this consumer perception drives overall site monetization success. I think the ecosystem, particularly from the sell side, is coming around to this viewpoint. If publishers choose to ignore this consumer-centric focus, ad blockers will continue to proliferate and consumers will find other places to get their content.

Another important question to ask is “What does an ’ad’ mean today?” Creative QA has historically been focused on display advertising—today publishers need to QA display, native, video, sponsored links, content recommendation engines, and paid content. In effect, any digital real-estate that is bought or sold requires QA.

Continuous insight and security for the digital ecosystem

GD: So user experience finally trumps driving revenue. What took so long?

CO: It is not that the consumer trumps revenue, but that publishers and the media execution ecosystem (from DSP to publisher) have realized to drive revenue and yield, you must provide a quality consumer experience and control your own first-party data.

Three critical events have come together over the past couple of years: programmatic is hitting scale; the alarming adoption of ad or other content blocking; and the consumer realization that there’s a trade value between their data and how they’re monetized on the web. This consumer realization and the proliferation of alternative options have really jolted the ecosystem, and publishers are realizing they have to clean up their acts.

GD: You mentioned how pubs have long borne the brunt of protecting against malware, but other parties and intermediaries are now picking up the slack. In what ways?

CO: Enterprises and consumers are realizing the web is made up of lots and lots of third, fourth and fifth parties (too many in fact) that combine to create the user experience. Publishers still bear the brunt of website/app issues because they’re the touchpoint for the consumer, and that’s not going to stop. But many of the third parties that run code on consumer-facing assets—certainly the ad exchanges—are taking more responsibility. At the DSP level, there’s been a big uptick in ensuring creative quality – i.e., compliance with industry best practices.

The gap occurs with the media buying shops. Though they do review creative, they’re not necessarily reviewing creative in context of how it runs downstream. Brands and media buyers need to realize they have just as much to lose as their digital publisher counterparts when poor-behaving creative does not reach the consumer and drive their messages effectively.

GD: So with all of this shift in responsibility, has it affected the publisher’s role, or is it still kind of the same – the front line of defense?

CO: The responsibility is the same; the means to effect positive outcomes when issues occur has changed for the better. The Media Trust encourages publishers to work closely with their partners all the way up through the ecosystem, thereby enabling a trusted supply chain. This type of relationship modifies the roles partners play.

For example, most publishers that we work with now have an action plan or path the moment something occurs against policy. Rather than just being notified, publishers are able to easily work with their partners to resolve the issue.   Connecting the dots from content and code executing on the site to the third party responsible for delivering the content is the critical component for immediate triage and also fosters long-term health of the digital ecosystem.

We see an increasing willingness by exchanges, DSPs—even brands—to facilitate this trusted supply chain concept, which starts with Creative Quality and continues through website operations where DMPs, retargeters, and analytics companies have all started to focus on how their source code renders on their publisher partner sites.

GD: The Media Trust’s role in the ecosystem has really changed, especially in the last few years. Where do you see yourself fitting now?

CO: We’ve evolved from providing point solutions—malware detection, data protection, encryption compliance, ad verification, creative policy enforcement, etc. —to delivering a more holistic solution that enables true governance of websites and mobile applications, and everything that touches them.

We’re also helping bridge the gaps across an enterprise’s digital presence. Typically there are multiple constituencies—marketing, sales, operations, security, etc.—responsible in some way for making the digital presence work for the consumer and the enterprise, but no single individual or group is in charge of the company’s digital presence.  In effect, everyone is interested in the website yet no one is responsible for it.

By connecting these disparate teams and showing them everything that’s happening across their digital properties, The Media Trust reveals the bigger picture, which helps the enterprise be more successful. This approach is a big difference, providing the framework for revenue ops, site ops, compliance/risk, and security to step out of their silos and work together to control, monetize, and deliver a better customer experience.

GD: Some people are complaining about scan inflation. Do you think the industry has gone scan-crazy, or are we not scanning enough?

CO: The industry is not scan crazy. There are still hundreds of companies up and down the supply chain that scan nothing at all. For those that do scan, many are not scanning correctly or effectively. Not only is continuous scanning required, but scanning must also be properly set up to capture a true customer experience of what renders on the browser.

The complaints about client-side scanners coincide with the proliferation of “bot” monitoring. There are still many bot scanners that have not done the work needed to exclude “good” or “reputable” malware/QA scanners from their block lists. Understandably, fixing this is a cumbersome process and something The Media Trust actively works on with clients and vendors.

To reiterate, the advent of header bidding, move toward native and emergence of other new forms of content and ad monetization delivery are lacking in scrutiny. We’re seeing more and more that these new forms, especially as they hit scale, are the places from where new attack vectors come. Coupled with the proliferation of devices and services—from phones and streaming video to gaming consoles and vehicles—no, the industry is not over scanning.

GD: I’ve been hearing a lot about malvertising in video. Is that the new channel du jour for malvertising?

CO: No, it’s not new. However, I would say there is more malvertising running through video than there used to be because the reach is broader. We see the emergence of a few new channels, such as mobile redirects to infected landing pages, not just app stores.

The real channel du jour is not ad-oriented, it is third-party code that runs across websites and apps, whether the website is ad-supported or not. Over the past year or so, there have been a significant number of wide-spread attacks driven through third-party code. The broader the presence of a particular third party across websites, the more likely they’re going to be compromised.

Most website operators—especially the ones outside the traditional media space—don’t realize these third parties are executing on their website, don’t know what the code is doing, and have no insight into what’s happening until after the attacks occur. This lack of visibility into the third-party code executing on enterprise websites is truly astounding. We see it as the single biggest security blind spot in any company’s digital presence.

GD: Malware always makes the headlines, but there are far more threats out in the digital yonder. The code you’re talking about is one that’s flying under the radar. Are there other issues?

CO: Though not new, the one that’s coming full circle is publisher first-party data protection. There’s a consumer privacy angle, so consumers aren’t getting the heebie-jeebies. In addition, state attorneys general and the FTC are becoming much more aggressive. Combined, these two groups are going to really drive a need for better compliance and understanding of the digital ecosystem.

At least as important, I also think that publishers are realizing the value of their consumer data and looking to effectively monetize it. Brands and publishers that allow their data to bleed into the ecosystem without data controls will ultimately lose out to those companies that actively control their data. This is past the emerging threat stage. The publishers that maintain data compliance are paid higher CPMs, drive higher yield, and make more money.

Consumers have so much flexibility in how they’re getting to their content and where they’re spending time. Without addressing the consumer experience across advertising and their websites/apps, publishers are setting themselves up for significant failure. All of the clutter on the internet—The Media Trust is cleaning it up, and I think that will be a major focus for 2016 into 2017.