Bringing Your Retail Application Security Strategy Up to Par
It’s no secret that retail has been in the midst of a massive digital transformation over the past few years, largely driven by emerging software and technology, as shoppers seek out new experiences, increased level of conveniences, and exciting loyalty-based perks and rewards. And due to current circumstances surrounding COVID-19, this has been amplified even further, forcing most brands to move operations from in-store to entirely online.
This overnight shift to e-commerce dependence impacts all departments within retail organizations, especially IT and security. As marketing and sales teams work to entice consumers to online shop and spend, IT professionals are hard at work to ensure the technology underpinnings will support a top-notch user experience. With the Cybersecurity and Infrastructure Security Agency (CISA) issuing a warning that malicious cybercriminals are using the pandemic to wage timely attacks, security teams and software developers in particular must display a level of urgency to protect users’ security and privacy when engaging with distance-enabling retail applications.
With this in mind, in order to protect their applications and software, retailers and development teams must place security at the forefront of their operations. Here are three steps to do just that.
1. Implement safe coding practices and security awareness training.
Provide special training for developers and security staff, and take the time to address the root cause of many software-related security issues: security awareness. This can be achieved in a few ways, but one of the most effective tactics is to ramp up secure coding education programs. Utilize interactive, gamified components to keep software and application developers engaged and entertained, and deliver lessons in short, frequent bursts to keep security top-of-mind in their daily operations. More broadly, address security throughout the entire organization, pointing to security best practices for staying safe while remote. At the end of the day, security is everyone’s job, not just that of a few individuals.
2. Embed and automate security throughout the entire software development life cycle (SDLC).
The task of securing retail applications can be achieved successfully only by developing them in a secure SDLC. By using relevant application security testing tools (e.g., Source Code Analysis and Static Application Security Testing) integrated into the development stages and unified with DevOps, vulnerabilities can be eradicated early. This is a necessary cost-effective and resource-friendly strategy. If this feels overwhelming, it might be a good time to reach out to a security partner or consultant that can help curate a plan to improve your organization’s overall security posture and prioritize what should be addressed first.
3. Bridge the security gap between departments.
Security is often an afterthought for other departments, especially once applications are rolled out or updated post-deployment. It’s no question that the rate at which development takes place is moving very quickly to keep up with consumer demand, which is why security can become an afterthought. This is because many developers feel it slows down the release cycle of new software. However, this is an archaic view. When application security testing is built in early on, it can help developers create their software much faster and more securely. While speed is key, security is king.
As retailers digitize their businesses in response to the pandemic, it’s also important to consider the security risks when doing so. Implement a proactive approach to application development strategies, building security in from the start. Bridge the gap between departments to make sure security becomes a cohesive effort across the entire organization.
According to IDC, retail technology investments will continue to reflect digital transformation efforts as retailers reallocate budget and reduce spending on brick-and-mortar. Furthermore, the ability to adapt in today’s current environment will be a recipe for success in a rapidly shifting retail landscape. Having a comprehensive security strategy is a critical piece of the puzzle. With the right tools and technology for applications that help to focus on secure coding practices and the creation of a secure SDLC, retailers can be on their way to creating a streamlined and secure shopping experience.
Matt Rose is global director of application security strategy at Checkmarx, a software security platform.