Tech Bytes: Data Security: Two Don’ts and One Do

7/24/2015

Data security has been a hot topic in the world of retail IT lately. Based on some recent retail data security-related news items, I have compiled a list of two don’ts and one do when it comes to securing your data.



Don’t outsource whole portions of your e-commerce platform

An apparent security breach at one third-party e-commerce hosting vendor, PNI Digital Media Inc., led to the indefinite shutdown of photo sites by at least six major retailers: CVS, Sam’s Club, Costco, Rite Aid, Wal-Mart Canada and Tesco. While there is some variation in how severely the breach affected individual retailers (CVS and Wal-Mart Canada said actual credit card information may have been compromised), all had to close down their online photo businesses for at least a few days and maybe much longer.



Considering how much easier launching and running an online storefront has become thanks to cloud computing, there is no reason for a large retailer to outsource an entire portion of their e-commerce platform to a third party. There is no way to ensure that an outside vendor follows security protocols as rigorous as the ones followed in-house, and this is hardly the first (or likely last) major retail breach resulting from a compromised third party.



Most larger retailers, notably including CVS and Wal-Mart, now operate some type of proprietary technology innovation lab. Therefore, something as important as hosting the day-to-day activities of an e-commerce offering should be completely performed behind the corporate firewall by any retailer of size.



Don’t be left without a backup

The recent photo site security debacle illustrates another crucial error the affected retailers made. None of them apparently had any type of backup plan in place in case their photo site hosting vendor went down.



Particularly if retailers leave an entire niche of their e-commerce business in the hands of an outside provider, having some sort of backup plan is a must. There are a host of emergency situations beyond a security breach that could lead to an unexpected and potentially lengthy service outage.



Ideally, retailers would only utilize third-party hosting providers as a backup provider in case of in-house problems. But some sort of contingency plan to keep things going if and when a cyberattack occurs needs to be part of the larger security plan.



Do centralize your security efforts

There is no need to once again recount Target’s history with damaging data breaches. Suffice it to say the discount giant has learned its security lessons well. Target recently publicized the existence of a centralized Cyber Fusion Center (CFC), opened in late 2014, that brings its key information security teams together.



The center features an open concept design to encourage collaboration and houses numerous teams focused on different areas of cybersecurity, incliuding detection, prevention and remediation. Commitment to continuing to grow the efforts of the CFC is demonstrated by 54 job openings for the center posted on Target’s job site.



There is no room for siloing or departmental infighting in today’s cyber-threat climate. Retailers are facing potential attacks from sophisticated organized crime rings and even terrorist groups and nation-states. Target deserves flattery for tis centralized security efforts, and the sincerest form of flattery is imitation.


X
This ad will auto-close in 10 seconds