Top Tips: How to build a cloud security plan to safeguard retailer customer data

01-07-2015-how-to-build-a-cloud-security-plan-to-safeguard-retailer-customer-dataSean McAvan is managing director of Europe for NaviSite with over 15 years work experience in complex IT solution provision and a proven track record in the Hosting and Cloud Computing industry. He has consistently been highly successful in the management of his business. Prior to his second tenure at NaviSite, Sean was the Chief Commercial Officer at Global Nexus Telecom in the Bahamas and Vice President EMEA Sales for Datapipe. Sean has also held executive and management positions with PSINet and Global Switch.

The recent flood of headline-making retail security breaches has put retailers on alert. With so much at stake – compromised customer information, a weakened brand image and millions in lost revenue – retailers must ensure they are thinking about security comprehensively and implementing the right technologies to better protect their customers and the associated data.

For retail businesses who want to build a cloud security plan to safeguard retailer customer data they could follow these simple tips:

Review your business goals and maintain a risk management program - A cloud security plan should begin with an understanding of a company’s specific business goals, how effective data security can facilitate those goals and how a breach of security might negatively impact the organisation. Additional factors for consideration should include technology, building methodologies, and training to ensure the staff has the skills to develop a security plan that aligns with business goals. Companies can take advantage of's questionnaire to help define their security-related business goals.

Once the goals are defined, companies should build a well-defined risk management program that defines the level of risk a company is willing to accept. That process can include assessing the value of the assets, the loss expectancy probability, and then quantifying whether the organisation is willing to accept the risk of loss.

Rethink security - It can be easy to confuse compliance with security, but compliance does not ensure security, and many PCI compliant companies continue to struggle with breaches. For this reason, retailers must think about security in a more comprehensive model.  What are the business needs driving security measures and practices? What solutions, like Desktop-as-a- Service, end-to-end data encryption, or device management systems for staff; can be implemented to help protect the infrastructure against various internal and external attacks?

Desktop-as-a-service and Enterprise Mobility Management - (DaaS & EMM) solutions can help to alleviate security concerns by delivering more control over the publishing of data to client devices. With these solutions retailers can publish business-critical resources to desktops or mobile devices without requiring access to physical devices and without needing to store applications or data on the device. This simplifies resource-intensive projects like full desktop replacement, new hire provisioning and contract worker enablement. Because data is stored in the data centre rather than on the device itself, it is not at risk if the device is then lost or stolen. DaaS and EMM also help to protect corporate infrastructure from malware and other external threats. 

End-to-end encryption - End-to-end encryption ensures the protection of data travelling between two communicating parties. Typical server-based communications systems do not include end-to-end encryption. These systems can only guarantee protection of communications between clients and servers, not between the communicating parties themselves.

Apply layer upon layer of security - It is critical that security is layered through the IT stack and across the infrastructure at every level, especially at the application level. Security needs to be baked in at various levels including reactive and proactive measurements to ensure that the system is completely resilient and to enable the retailer to respond faster to attacks. Ideally your cloud computing solution will encompass technology to provide intelligent threat defense with advanced capabilities such as identity-based access control and protection from denial of service (DoS) attacks. It should also include; two-factor authentication, file integrity services, network intrusion and protection, log aggregation and correlation, automated vulnerability scans, third-party penetration testing. By stacking these security measurements and methods it will make it harder for hackers to break into the system.

Proactively Screen - A key element to protecting your data is by simply making sure no-one else has access to it. Although cloud is an established, well used technology, it will never be entirely free from security risks. Unfortunately by the time many retailers realise their systems have been breached, it’s often too late to prevent or actively mitigate the attack. By regularly auditing and assessing the infrastructure to identify gaps, retailers can more clearly identify blind spots in their environments.

It is also important that your service provider has measures in place to ensure information security. Your provider’s service-level agreement should clearly demonstrate the processes and procedures for how data is stored and secured; from end to end encryption to the physical security of the date centre. Additionally, retailers should maintain an active log to keep track of all activity to ensure system integrity has not been compromised.

With the constant innovation in Near Field Communication and e-commerce technologies, the way consumers buy is constantly changing. Retailers need to ensure that they are keeping up with these technology changes and are ensuring that sensitive customer data isn’t at risk. With careful implementation and maintenance of cloud security practices, retailers can establish a more robust and agile technology infrastructure.  This will then enable retailers to be better equipped to keep their customers’ data protected as well as allowing them to keep their business growing by taking advantage of all of the benefits that cloud technology can deliver.


« Visual analytics: Can machine learning 'see'?


This month in tech history: July - Intel founded »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech


Do you think your smartphone is making you a workaholic?