Marketo and Marketing Automation Security

In this How To, I’ll review the principles and settings you should use to secure your Marketo or Marketing Automation Platform’s instance.

Why Secure Your Instance?

While every Marketing Automation Platform (MAP) vendor will build their system to minimize the potential for system break-ins, the reality is no service is 100% secure, 100% of the time. It is incumbent upon the MAP Admin working with IT policies to help secure an instance.

Surprisingly, I haven’t heard of any breaches or data losses from an ESP or MAP. That doesn’t mean it hasn’t occurred! Many teams are slow to disable old users. Networks could have been breached for years. Sometimes you may never know!

The good news is you can apply system administrator principles to you marketing technology to minimize the risk to your organization. You can minimize people mistakes as well as system flaws that a criminal could leverage. As a MOPS leader, here is how to think about security.

Principles of System Administration

Back in the day, I was in tech support and dabbled in system administration, setting up Unix, Linux, and Exchange boxes. I learned from some of the crusty admins you imagine run these data centers (they are real) and they are very smart.

While a marketer doesn’t have to be a sysadmin first, anyone who is an Admin of a Marketo instance in Marketing Operations has to think a little bit about system administration. This is YOUR baby now and you have to be responsible. If IT isn’t going to own or run your martech stack, then it’s up to you to learn some how how the IT pros handle their systems.

System administrators first emerged in the 1960s as mainframes took over back office functions at large firms and governments. The culture of the sysadmin (and the grumpy tech support guy) coalesced around a group of Unix administrators and programmers in the 1970s. Their culture and programming security concepts became dominant.

This short history is important because administration of any software tool is a key task that can make or break an implementation in milliseconds. Your approach as the administrator also sets the tone for how people respect and use the tool as non-Admins. I believe this is crucial for marketers who own the MAP to understand and why I believe the sales, marketing, and technology background makes the most successful SMB admin.

As the Administrator, you have the power to do anything, including grant new users access. Use this power wisely, especially if you are new to being an Admin.

How to be a Marketing SysAdmin

More likely, you will be called a Marketing Operations Manager or Director, laying out the rules of the system and coordinating business needs against the realities of the tool.

• Know your system.
• Understand the interconnection points between the MAP, CRM, Website, and other databases. [Martech Stack Map]
  • Keep a record of vendors, active, inactive, connection points, permissions.
• Grant access on a need to know or access method – least permissions possible. Even executives who need reports should only receive access to reports, or be sent them securely, without system access.
• Regularly question the need for changes to ensure the right changes are made.
• Modularize marketing programs and centralized data processing to reduce the need for future work when changes are needed.
• Fiercely protect the system, but avoid being obstructionist to business needs. Offer solutions.

A business is not a democracy, neither is the running of a top-down marketing automation system.

This is a hierarchy and you set the rules from the top down; you are granted the highest level of access you need to do your job. None may receive any access unless you trust that person at each level of access and skill.

If you are coming from marketing, this may be a bit of a shock to you: you are used to sharing and being open. The reality is a MAP is a real server that is now mission critical to your ability to generate leads, nurture leads, and keep the sales funnel full. If that system breaks, it breaks the front end of your business very quickly.

Thus, you must be protective of access to the MAP and of access to key workflows like Lifecycle and Routing. You must also consider that an untrained marketer who can send 1,000,000 emails without supervision can cause huge damage to your brand’s reputation in seconds.

You must treat a MAP as you would your bank account – because it is your organization’s database with the personal information of thousands or millions of trusting clients. Your MAP contains precious data on the health of your business, which if released inappropriately could move a stock price or damage your brand.

Now that I’ve made you paranoid, the principle is you should treat your system like a sysadmin; and your audience like a marketer.

Each marketing automation platform has a unique view of the world and a unique setup, so please be sure to read all of the documentation before attempting a change.

How to Secure a Marketo Instance

Whether you have a brand-new instance today or an older instance, you can still lock it down to comply with your organization’s IT policies or go further. As GDPR goes live on May 25, you need to further consider security because your followed policies will be looked at in case of an incident. Failure to have a policy or enforce it never looks good during a government audit. At the very least, consider the damage to you and your brand if a hacker stole your customer information because your MAP was the weak point in your firm’s infrastructure.

Users and Role Security

Understanding how Roles and Users work together is important to maintaining the security and integrity of your database.

If you have a Creative vendor, perhaps you want to let them upload HTML code. But do you really want them to have access to your valuable contact database? Do you really want the new guy or your intern to have the power to delete campaigns or data?

No, you don’t.

So assign them to a limited role until you are comfortable with their skills.

Role Management

Your system may treat users and roles differently than how I show them here. Since access to the system is restricted, you should make careful choices about the level of access provided to each user and which users can receive a username.

Enterprise Admins should establish a process before granting access to other staff members. I receive requests all the time to add Users and a simple question ends most requests: “What do you need the access for?”

Role Name	Access Level	Assign to This Kind of Person
Admin	Admin, default	CRM Administrator, Power Marketer or lead marketing automation person.
Marketing User – Limited	Do not use the default Marketing User Restrict certain things like list uploads, Forms, Templates	Associates, Interns
Designer	Design Studio Program Emails	Web designer, graphic designer, external vendor. Consider restricting approvals
Marketing Super User	Run campaigns, approve assets	Marketing Managers, Marketing Operations Limit list uploads, Forms, Templates
List Uploader	Limited to importing lists and running campaign flow actions.	If you have a database manager who does this for everyone, use this.

User Management

Initially, you can rely on user permissions and Role based permissions to secure your instance. However, this means having an understanding of the access permissions and the types of people you want to have in the instance. This responsibility also means saying No to people who “just need a little more access…” While I want to trust my colleagues, the reality is untrained Marketo users can easily destroy data or send out the wrong email.

Things to know:

• Unique email address forever and throughout all Marketo instances, including Sandboxes. This means you can only have josh@company.com in a single instance as the login.
• Gmail and some other providers allow josh+alias@company.com to create an alias that is tied to your box.

Smaller firms tend to have looser policies when adding users. However, I strongly recommend considering basic policies to reduce errors:

• Minimize Admins. Not everyone needs Admin access.
• New Users get the lowest permissions possible. Usually this is “New User” until they are trained in your firm’s ways.
• Marketo Users or Marketo Certified Users can have higher access, however, I usually conduct training first before allowing someone the ability to activate batch or triggers.
• Train each user in your organization’s specific nuances.
• Conduct Quarterly or Monthly reviews of the User list.
  • Real People Users who haven’t logged in within 2-3 months should be asked if they still need access. Otherwise expire them.
  • API Users – make sure those systems are still paid up and needed. Disable old tools quickly.

Larger firms should review IT policies and attempt to comply with User Management and security levels below.

Keep track of active users in a table and check it monthly and whenever staff leave. Since your vendor may charge for the number of marketing users, keep an eye on this count.

Use this handy table to keep track of your active and inactive accounts.

No.	Name	Username	Role	Workspace	Assigned On	Deactivated On

Encryption and SSL

Many marketers will ignore things like SSL and encryption until their SEO tells them about how HTTPS is standard now and traffic is down. That’s funny because you’d never go to an ecommerce site without a lock on the browser, right?

Marketo Landing Pages

Marketo Forms are secure back to the instance, but Pages are not by default.

To resolve this situation and ensure your landing pages are seen by Google kindly, you must migrate to HTTPS. It is better to do this with a fresh instance, however, it is very possible with a host of landing pages as well. I’ve done it before. There are several steps, so I recommend working with your web team, SEO, and Marketo Support.

• Marketo HTTPS Page FAQ
• Securing the instance

Encryption of Database

Marketo offers disk level and instance encryption, however, there is a fee, which is a percentage of the total contract. Over a weekend, Engineering will move your instance to an Encrypted Pod. There are a set of steps to follow to ensure a successful migration. I recommend this to anyone who can pay because the risk to your business is tremendous if a criminal breaks in through other means and can download your database. The advent of GDPR will be a catalyst for increased encryption beyond just transfer points.

Should you do this? If you can pay for it, yes. At some point your business (hopefully) will be high profile enough to be a target. You owe it to your audience because wouldn’t you want to know that a data breach was limited because the database was encrypted?

However, most MAPs and Marketo are not PCI Compliant, so even encryption won’t be enough for sensitive personal information such as Social Security Numbers, Passport Numbers, TINs, EINs, and Credit Cards. Please, do not ever attempt to sync this kind of data to Marketo or a MAP. Don’t ask for it on a Marketo Form or Page either.

Marketo Security Settings

Login Security Level 1: Increase Complexity

When you first login, conduct a Marketo Audit, or want to lock down the system, visit the Login Settings panel in Admin first. If you aren’t using High Security or at least the following settings, plan to do so.

• 8 characters
• Lower and uppercase
• Number
• Mixed
• Special Character
• Expires every 90 days

If you have lots of users, changing the Settings will mean that at the next login, each user must change their settings to comply. You should communicate this change clearly and to everyone at the same time.

Marketo uses two-factor authentication by default.

Also, some API login users may be affected, so you should prepare a list of API logins to update and monitor to avoid downtime or lost data.

Login Security Level 2: SSO

With the advent of Identity Management and Identiy-as-a-Service, your organization may use an SSO provider. The primary reason to consider adding SSO to Marketo is to allow IT to manage leavers. When someone departs the firm, you may not always know about it for several weeks, especially in a large firm. An open login from someone who was fired is a high-risk situation where they could access the database and download it, delete it, or send embarrassing emails. Sure, it’s illegal, but that won’t matter to the disgruntled employee or your customers. A secondary reason is it helps your team focus on one login-password which means they won’t keep their password pasted to their monitor (we hope).

SSO is surprisingly easy to setup. However, there are some caveats even if you follow the steps.

• Test this using your Sandbox first with your SSO Admin. Understand the steps.
• Existing Users should be told that the new SSO Tile is available. They will no longer be able to login via normal login.marketo.com.
• New Users: you must setup a new user and apply a Role before adding them to SSO. In the SSO Tool, provide that same email address access to Marketo. No invitation email will be sent.
• Admins are exempt from SSO.
• Bypass SSO by Role: you can check a box on a Role to allow Role Members to bypass SSO and use login.marketo.com. Strongly suggest you only do this for API Users and special situations where SSO is not feasible.
  • API Users
  • External Consultants

Login Security Level 3: IP and VPN

To users, this is the most annoying thing you can do because remote users will need to use your organization’s VPN first and then login via the VPN. The VPN will likely have SSO and two-factor authentication and only then will the user be permitted to access IP only applications.

Essentially, you can ask IT for the IP Numbers that are considered “on-site” and safe. That is, those IPs are accessible only from an onsite or VPN user who has additional physical or other security measures to act like you are “on-site.” Your Marketo instance would then only accept connections originating from that IP number list.

I consider this the final layer of security for direct access to the system.

While this won’t prevent a hacking attempt, it reduces dramatically the ability of nefarious users to gain access to Marketo because they would then need to access not only a Marketo User, but also an SSO user, a VPN user, and the two-factor to gain access to your instance. Or gain access to the physical organization network or building.

Of course, it’s entirely possible for a criminal to use malware to enter your organization through other means or through Marketo’s network. A user could be a phishing victim as well and with several layers of authentication, a phishing attack could be thwarted.

But as the MOPS Admin, you can rest knowing you locked down the system within the means you control.

Users and Special Situations

Marketo Consultants struggle because we have to login to multiple instances and quickly accumulate dozens of logins since Marketo restricts access to one email address across all Marketo instances. Normally, there are two tricks to use:

• Alias Username: josh+alias@company.com               [used with Gmail mostly]
• Group Alias: company.clientname@company.com   [insecure – too many can use]

Whenever you permit a consultant in your instance, you should insist on Universal ID or the Alias Username because it is vital to know who is doing what in the instance. This also reduces the chances of an authorized consultant from entering your instance.

But to be secure and follow audit rules, you really want the Alias Username or a Universal ID.

Universal ID is usually used by consultants or agencies; however, you can use it to access Production and Sandboxes if desired. Some caveats:

• Most strict password rules apply across instances
• Must select one ID to be your Community Profile

Using Audit Trail

Ever have a weird thing occur – why did that email go out wrong? Who changed the name of that page? Why did that smart list get deleted? With the Audit Trail, you can usually find out who did what, when!

I find this a little cumbersome to use and it works most effectively within a 24 hour or 7 day window for a specific Asset or range of asset types.

It’s really great for an Admin to go check on weird issues or perhaps a nefarious user. Not every item is logged perfectly, but I have been able to track down who mistakenly edited an email From Name after we all thought it was ok to go. Mistakes happen and so do deliberate actions.

Ideally, you can use the Audit Trail as a teaching moment with users. It also beats having to post a Support Ticket for simple investigations such as “Why did this asset change?” or “Who changed this email?”

Reducing Access Through Workspaces

Recently, quite a few people posted questions on the Nation about using Workspaces to restrict access by Business Unit or even to specific fields. Workspace and Lead Partitions can help you lock down parts of your instance, however, they work best in certain situations. I wrote extensively about how to approach Workspace Setup. Best situations for Workspaces are:

• Multi-Country or Region
• Business Unit
• Customer vs. Prospect Data vs. Partners
• Multi-Product that are mutually exclusive

For example, if Channel Marketing has separate needs than Demand Generation, it could make sense to wall them off using Workspaces, reducing the risk one team will affect the other’s efforts. Walling off teams can also reduce security risk since a breach in one Workspace may not spill over to others.

Other Privacy and Authentication Settings

You can help your audience and users with additional settings such as

• Browser Do Not Track
• Privacy Do Not Track & Munchkin Opt Out
• Require User Login to download data from Subscribed Reports
• DKIM and SPF and Branded Tracking so the internet knows it’s you.

Final Thoughts

No system will ever be 100% secure. As the MAP Owner, the MOPS leader, you need to set the tone for security among your team and the wider Marketing Organization. Marketers are not experts on internet security (nor would I expect them to be), and they often need to get things done fast. They prefer more access and more communication than most system admins would like. It’s a balance of getting it done, empowerment, and minimizing risk.

Building in security through the steps above will help you sleep well at night and focused on supporting the customer experience, not fighting fires.

Planning and organizing events is a major undertaking and typically a large part of your marketing spend. By leveraging marketing operations and running Marketo event programs only helps ensure success and data on ROI. If you are planning a virtual or recurring event, this post can help, too. But you might also want to read, How to Setup Recurring Webinars in Marketo. Here You should also check out Etumos’ How to Build Your Next Marketo Event Template. It does a great job of deconstructing each aspect of an Event program and ensures the program is scalable.

To me, an Event serves two major purposes:

1. Bring like-minded people together to network.
2. Bring your company’s story and people to life.

The old saying goes that “people buy from people they like and know.” What better way to establish “liking” by running an in-person event, shaking hands, and handing out some food or small gifts? What better opportunity do you have for salespeople to have a fairly “captive” audience of several companies at once, rather than one by one?

The caveat is that events like this are relatively expensive compared to other Channels and Offers you have in your arsenal. Thus, ROI is often critical to continuing the program, yet often hard to ascertain. As a marketer, you have an excellent tool with Marketo to improve ROI tracking on events (This was one of my early drivers to buy Marketo for event tracking!). As a marketer, you also have a responsibility to spend that money on prospects that will have the greatest impact on Sales. Let’s be real: students and junior staff are often not targets for these events.

Using Marketo, we can manage a great deal of this responsibility in an automated fashion while collecting the right data to prove our event works (or doesn’t). Before we get too far into the details, let’s define our event types.

Roadshow Events

I define these as Company Owned events that are an Offer to see our staff and like-minded industry people in a private setting. Often these are at a restaurant, hotel, or private venue with a company expert, salesperson, and sometimes an industry expert. Industry experts or other panel members can be paid an appearance fee. I often find non-commercial organizations are happy to either host or provide their experts at no cost. Remember, everyone likes publicity especially if you do the work for them.

The format can range from

• Company Expert speech.
• Third party expert interview of Company Expert.
• Small Panel with local industry group or a Consultant.
• Customer Interview of some type.

I find many firms get into trouble by making the Roadshow too much about them, or too much Sales and not enough insight. The buyers who are willing to trade 2-3 hours are usually in a later stage, higher level staff. You may not get the SVP or C-level, but you will get their direct subordinates.

If you really want the top executives, try inviting that person to speak at the event!

Tradeshows

These are third-party owned platforms that are a Channel and sometimes also an Offer. The company pays for space and a speaking slot and we get a wider reach, but less 1-1 time. Many firms will work to generate secondary Lunches (Roadshows) around the Tradeshow or invite key people to VIP Meetings.

It’s important to distinguish between Roadshows, Tradeshows, and any ancillary minor events for tracking purposes, creating “Event in a Box” and creating Program Templates in Marketo. Each event type may be run differently and paying for a Booth vs. paying for a hotel meeting room are different kinds of activities to track separately.

Checklist of Marketo Items to Run an Event

Marketo Docs site contains a fairly good overview of some of the Program components you may use with Marketo. That’s only a start because each event you run will be different than the ones I run. To get a sense of the principles and Statuses involved, here is how I think of these Programs.

Here is the basic workflow for any event requiring Registration.

Building this out in Marketo can be done in a Program Template to clone for each event. Marketo has pre-built Program Templates you can Import. Be careful because those are useful for understanding, but not always right for your systems.

Roadshow Events Program Channel Design

Roadshows will follow the above workflow. Roadshow Program Channels can cover a variety of event types like:

• Dinners
• Lunch and Learns
• Breakfasts
• Tradeshow Special Registration Events

You will need some components and Program Statuses. I suggest learning how to manage Program Channels and Statuses first.

Required components

• Form
• Page
• Invitation
• Confirmation
• Reminder
• Statuses and Confirmation Flow
• Post Event Assets and Flows

This is a typical setup, however, each event team has slightly different needs. You may want to tokenize all the flows and emails and pages, or you may not. There are a lot of advanced considerations to make this a true “event in a box” template. I suggest Etumos’ Edward Unthank’s tokenization posts for help.

If you have worked with basic autoresponder campaigns for whitepapers, the principles here are exactly the same, however, the information you convey will be different. But the Program Statuses become MUCH more important to a successful event since you need to monitor Registrations and Attendees very closely.

 

 

 

 

Standard Program Statuses and Campaign Setup

Each campaign flow in the Template will have a setup similar to the outline here. Sometimes it is a good idea to preschedule Reminders and Thank Yous, but be careful! I’ve seen a lot of missends when using auto-reminders.

Basic Smart Campaign Triggers for Registration

The single critical step is to get the Registration campaign flow working. In this example, we trigger off the Form+Page combination while excluding Competitors from receiving a Confirmation. It is very important to Change Program Status to Registered as well as send a follow-up email with an ICS Calendar button.

If you prefer to Waitlist people and cherry pick attendees, you can do so. Just make sure your copy and thank you pages are clear that the person should expect a final confirmation. And use the Status of “Waitlisted”. You will have to manually adjust each Waitlisted person to “Registered-Confirmed”.

Tradeshow Program Templates

Tradeshows aren’t much different in most cases. However, the use of Program Statuses will be different to ensure clearer attribution. Remember that Tradeshow attendees will be Scanned at Booth, Get a Demo, or Ask for Follow Up. You may have separate Dinners and VIP meetings to be managed in a separate Program. And you may also get pre and post-showlists.

Here is just one example of how to handle Tradeshow attribution.

Other Neat Tips and Tricks for Running Amazing Events

Refer a Friend and Get a Prize – most referrals wins.

I’m not the biggest fan of this tip, yet it’s pretty cool idea and could be repurposed in various ways. To increase the number of Registrants, offer early Registrants an Offer Code/URL that they can share with their colleagues. If the Colleagues registers, the Original Referrer gets credit for the Registration. If the Registrant and the Colleagues all Attend the Event, the person with the highest number of Referred Attendees wins a prize.

The execution involves a bit of javascript and two fields: Registrant Code and Referral Code.

On the Thank You Page, the unique URL is generated for the Registrant, who can then copy/paste it. If you are very slick, you could send the Confirmation email with that URL as well (be sure to turn off Marketo Tracking though!).

The challenge is in downloading and matching up the Referrer and those who signed up later with the Code. A bit of vlookup can help with that.

My personal experience with this is mixed. I’m not a big fan of bribing people to show up; I’d rather rely on the content to be the draw.

Charge a Fee to Increase Attendance Rates

This is my Number 1 tip that I know works: charge a small fee to register for the event. This works very well with higher class events with premium speakers that can offer a future insight into an industry. The fee can be about $35-75. Any more than that and you are essentially running a tradeshow. (Could be a great way to test early tradeshow concepts!).

In Marketo, you will need to choose a couple of paths to operationalize this.

Option 1: pass Lead to EventBrite and waitlist

In this option, we allow the person to Register and change their status to Waitlisted – Not Paid. Then the Form Redirect goes to an EventBrite page (or similar service). The lead then pays using a credit card.

Each day you will download the paid list from EventBrite and then manually go to the Program > Members and change Status to Registered – Paid for each person you accept.

One other reason to collect payment is that you will self-fund expansion of your event programs. Positive ROI keeps these alive.

Option 2: integrate with Payment Service or Event Tool.

In this option, you integrate with a payment tool or event service to ensure a seamless experience for the lead and automatically move them from Waitlisted – Not Paid to Registered – Paid.

For either option, you should have several Statuses such as:

Program Status	Definition
Invited	Sent an invitation
Waitlisted – Not Paid	Pending payment
Waitlisted – Error	Issue with payment or other
Registered – Paid	Paid and confirmed
Registered – Guest	Unpaid guest
Attended	Showed up
No Show	Did not show

Waitlisting

As you saw above, you can use Program Statuses to manage the RSVP process. At many events, we want to block Competitors or certain people from showing up. Perhaps some events are Customer Only and we need to ensure a prospect isn’t slipped in. All you need to do is adjust your Registration trigger to Change Status to Waitlisted.

You can still provide a Thank you Page and Confirmation email where you explain their RSVP is pending review and they will receive a confirmation with the date, time, and location information. Be sure to set up a daily Scheduled Smart List to the Event Manager to review the requestors.

At Show Automatic Emails or SMS

While mostly used at large Tradeshows, you can also use triggered emails and SMS to welcome guests to the event once they Attend. There are a few ways to manage this (Marketo Login required).

Essentially, you decide on a set of messages to send each day or in a 2-3 hour span to drive traffic or engagement at a large event.

Keep in mind that the setup time involved is high. Be sure you want this experience and have enough events or Leads opted in to make this worthwhile.

Progressive Forms

I never see this enough – use Progressive Profiling on event forms. Most of the time you are inviting people from the existing database. Use this opportunity to ask one more question to improve targeting and Registration rates.

Sales Agent Credit or Source Credit

Firms will sset upcompetitions between Salespeople for most Registrations. You can also do this with a nice temp field and a URL parameter that uses a hidden field.

go.company.com/page.html?sales-agent=joe283

temp field: salescredit

Add this as a hidden field to your Registration Form.

This works well for tracking third party partners who may want to know how well they did, or how much you need to pay them per lead.

Capping Registrations

A longstanding request of marketers is to cap registrations and automatically stop accepting new registrants. Marketo itself can’t do this natively, however, there are some tricks people have shared over the years:

• Webhook
• Zapier+Webhook
• Waitlisting (simplest, but you need to pay attention)
• Third Party Event Platform

Additional Resources:

• How to Build Your Next Marketo Event Template
• Understanding Tags
• iPad Adapter
• Event tools on Launchpoint
• Marketo’s Definitive Guide to Running Events

Get Planning!

Need help getting your next event off the ground in Marketo? Etumos can help.

From time to time, Marketo and SFDC do not always agree on the sync of particular records. For many systems, this is a minor irritation that is resolved automatically. However, you will see Notifications in the upper right corner and you may be curious about these errors. And for high volume instances or complex SFDC setups, these errors can build up over time, creating data issues.

We have compiled a list of error codes you may see along with suggested courses of action. Each SFDC-Marketo instance is a bit different, so not every suggestion will work and you will need to be an SFDC Admin or discuss some of these with your SFDC Admin.

These are all SFDC errors that block Marketo from fully syncing the data. In many cases, Marketo will try later and the data will sync. But you should investigate the Notifications and list of leads so you can fix the problems to reduce data issues.

Using Notifications in Marketo

Most users should be able to see the Notifications Log in the upper right corner. Here’s how to use it:

1. Click on the button.
2. Sort by CRM Sync
3. Review past 7 days or so of errors. Errors before that are likely either to be repeated recently or they resolved themselves.
4. Note issue in a log.
5. Click on smart list “more.”
6. Look at a few of the lead’s Activity Logs.
7. Add a special SFDC View to your smart list: [FIELDS]

Error: Locked Row

This indicates someone else is editing this record. Marketo will resolve normally. Essentially, SFDC blocks all other users from editing a record when someone clicks “Edit” on the record. Since Marketo syncs every 5 minutes, this error resolves by itself.

However, there could be times when this repeats for the same records. If so, you will want to investigate further because the data fields will gradually be out of sync.

Error: Field Validation

In SFDC, you can set a field to have Validation Rules. This means that SFDC will only accept certain values or formats for that field. When Marketo attempts to send data values that do not conform to SFDC’s expectations, SFDC will throw an error and tell Marketo to stop. For any of these SFDC Sync Errors, you can view more information by going to the Lead’s Activity Log:

You can also see some of this data in a smart campaign by going to Smart Campaign > Results and using similar filters.

In our experience, Marketo does push the sync of all other fields, just not the field in question. It’s important to investigate the source of the bad value on Marketo’s end to fix it. Possible sources include:

• Form data
• Bad list imports
• Data management flow that’s out of date

Regardless of the Source of the error, you want to pinpoint it, stop it, and correct it. This may mean manually editing a few records.

Another consideration is whether this Validation Rule is still important. You could just turn it off.

Error: Apex CPU Limit

Something caused SFDC to use up Apex cycles (too many Apex triggers) and it can’t process the incoming data. This can happen for many reasons, but often because you sent SFDC too many records and SFDC has too many triggers to process.

You will tend to see this when your SFDC Org is older or very complex.

Notice: Change in SFDC Picklist Values

If you’ve been using Marketo for a while, you probably received an email (as an Admin) warning you that an SFDC field has a new Picklist and you should be careful to fix any workflows or Marketo Forms to be in compliance.

What the notice doesn’t explain is that, barring Validation Rules, Marketo can accept ANY value into that field and sync it to SFDC. While you won’t see that new value as a picklist option within SFDC, it will appear as the Lead’s current value.

Marketo’s picklist options when you are in a Smart List or flow will only show the values both systems have in common. Thus, it’s a good idea to maintain a separate list of accepted values and stay in touch with the CRM/SOPS team on data changes.

The ideal steps to fix this are to:

• Know the changes.
• Map the Old Values to a New Value in a sheet.
• Update the Marketo Forms to only display New Values.
• Run a data correction flow or upload to overwrite (re-map) the Old Values to New Values.

It is important to coordinate this kind of change because it is easy for such values to become out of sync across systems and cause segmentation problems or Lead Routing errors.

These are the most common Sync errors I see on a daily basis, but there are more and if you are the Marketo Admin, you should establish a regular process to log these errors and get them fixed.

Dealing with bigger issues than Sync Errors?

Get a complimentary Marketing Health Audit.

In the last few weeks, a few of you have approached me about learning Marketo to become Certified.

In the past 7 years, I have helped many of you learn Marketo and even some of you become Certified whether through the blog, live sessions, or working together. Marketo Certification is a great badge of honor to have, demonstrating your expertise and extended use of Marketo to do more than just send a lot of email.

But do you really need Marketo Certification to be in B2B demand generation?

Before you say “Yes,” consider a few questions:

• What is your goal as a marketing professional?
• Do you want to become a marketing operations professional?
• Would you like to become a marketing automation/operations consultant or expert?
• Do you want to become a brand or advertising expert?
• Do you enjoy running events and creating experiences for people?
• Do you like taking tests?
• Do you enjoy high volume data analysis?
• Do you like using tools like Google Analytics and advertising systems?
• Do you like doing keyword and SEO analysis?

The list can go on. Your answers will help you determine what you should do next.

In my experience, not everyone needs to become a Marketo Certified Expert because not everyone is going to become (or want to become) a Marketo Admin. What many people need, though, is to learn Marketo to do their job effectively day-to-day. If you learn Marketo well enough to pass the MCE, then that’s gravy.

For example, how many marketers are SFDC Certified? How many salespeople are planning to get SFDC Admin certification? Email certified? MS Office certified?

Right. You know the tool well enough to do your job effectively. And if not, you ask people for help…or even take an online course to fulfill a specific need. When you aren’t sure how to do a formula in MS Excel, you Google the question. You can do the same with Marketo.

Marketo (and other Marketing Automation Platforms) are such a part of the landscape now that it is common to have had some work experience with one of the tools.

Now, I do see many job descriptions for demand generation and campaign managers that list “Marketo Certified” as a preferred requirement, or even a requirement. The hiring manager does this in the hope that a Certified person will require less training and ramp up time to be effective in the job. I get it, I do. But I’d urge both marketers and hiring managers to consider the day-to-day role and if knowing the ins and outs of the Admin panel is necessary to be a successful event marketer.

Yes, know Marketo. Know it well enough to do your job faster.

Marketo Certification Tests

This past Spring, Marketo modified the testing options and the test itself to be more of a “practical” that tests your application of Marketo the tool to real Marketing Operations and Campaign scenarios. Instead of simple feature memorization, the questions tried to present scenarios like

• Someone asks you to help them setup a Webinar: what do you do?
• Data isn’t flowing over here, where should you look?
• How do you gate a Whitepaper?

After passing the Core test, you can then pass shorter specialization tests covering key topics for Marketing Operations and Marketo Admin level skills. The fact that Marketo went this route shows that not everyone needs to know the entirety of Marketo’s capabilities to be a successful Marketo user.

In the past, I’ve said most people need six to 12 months of daily Marketo use to be able to take the MCE with minimal study and pass. Marketo says about 1 year or 1000 hours of use is a good bar for preparing for the Exam. The new exam still covers key setup and Admin areas as well as basic Design Studio questions, so you may need to study the Docs.

Remember, the entire test is based on the Official Documentation. Memorization will help, but connecting the dots in your head through real life pointing and clicking is going to make this Exam much, much easier.

Phases of Learning Marketo and Marketing Operations

Quite a few readers have asked about becoming Marketo Certified through using my Marketo Guide, videos, or personal training. I’ve posted some thoughts on training in the past. Certification doesn’t happen overnight or in two days of live training. It does happen over time through diligent use, good questions, and reading what others have discussed on the Forums. So, if you are fairly new to Marketo and think, “I need to get Certified or no one will hire me!” Take a deep breath and plan out your path to Marketo Greatness.

1. Learn more about Marketo and how it thinks of the Lead Lifecycle.
2. Read some of the introduction docs.
3. Consider an Introduction Course focused on tasks Marketers do with Marketo.
4. When you get stuck, pose the question to the Nation Search Bar.
5. No clear answers? Ask the Marketo Nation.
6. Search Google and YouTube for Marketo specific questions.
7. Do the work. (6 to 12 months).
8. Prepare for the Exam.

Now, if you don’t have access to Marketo today, you may think learning Marketo is a bit harder. It all depends on how you learn. There’s also a catch with the MCE: you need to be a Marketo Customer or Partner. Previously, this was not a requirement. To me, this is limiting because there are freelancers, consultants, job seekers, and a few dedicated studiers who want/need to take the Exam without additional active user requirements.

For agencies who are hiring junior (read: cheaper) professionals in the hope of training them intensely to become MCE or Marketo Certified Consultants (MCC) in a short period, I recommend caution. I’ve come across people who were Certified but lacked a true understanding of Marketo, marketing, and how to think through the problem before pressing buttons. Doing rush training and testing in under 6 months isn’t right for every person.

Who does need Marketo Certification?

If you love figuring out process charts, workflows, data connections, and building out the infrastructure to support the Customer Experience, then becoming Marketo Certified may be worth it. Becoming Certified is a key step on the path to becoming a Marketo Admin and marketing operations professional.

For marketers not planning to go down the martech/mops route, an MCE is a helpful, third party validation of your abilities. It’s great to check that box if you want to.

But if you are just starting to learn tools like Marketo, Certification isn’t your first goal. Your first goal is to become proficient in using Marketo for your daily job. Demand gen campaign managers, event marketers, and creative developers do not need to know the whole system or become Certified quickly. On my team, I have several marketing automation specialists. Some are Certified, some are not. I don’t expect the page developer to become Marketo Certified because I know he understands how to make Guided Pages. Other specialists will become Certified–in due time–as they become comfortable with Marketo and grow in their roles.

The marketers I work with often know aspects of Marketo to do their jobs or some level of self service. They know when they need an expert’s help and their managers do not expect them to be Certified because it’s not their primary role to be a Marketo Expert. Hiring Managers – this is a message for you! Your event team doesn’t need MCEs to be successful. Yes, they should be able to run an event in Marketo and speak with your MOPS pro. They do not need to know the ins and outs of Multi-touch Program Status Success.

Ultimately, the choice is up to you.

Image Credit: flickr scubasteveo