Building a Cloud Security Plan to Safeguard Customer Data
The recent flood of headline-making retail security breaches has put retailers on alert. With so much at stake — compromised customer information, a weakened brand image and millions in lost revenue — retailers must take a step back to ensure they're thinking about security more comprehensively and implementing the right technologies to better protect their customers and the associated data.
When it comes to data breaches, retailers must understand it's not a matter of if, but when. With the growth of e-commerce and the online digital marketplace, many retailers are still lacking the necessary technology and infrastructure to support the complexity of the online environment, often leaving them unknowingly susceptible to hackers. It's become increasingly imperative for retail IT leaders to step up their investments and accelerate the adoption of newer cloud-based technologies that can help alleviate this risk, and couple this with a comprehensive cloud-based security program. As retailers revisit their overall IT strategy to incorporate cloud solutions, here are a few best practices to keep in mind:
1. Rethink security. Retailers often confuse compliancy with security, but compliance doesn't ensure security. Many PCI-compliant companies continue to struggle with breaches. For this reason, retailers must think about security in a more comprehensive model. What are the business needs driving security measures and practices? What solutions (Desktop-as-a-Service, end-to-end encryption, etc.) can be implemented to help protect the infrastructure against various attacks?
2. Apply layer upon layer of security. It's critical that security is layered through the IT stack and across the infrastructure at every level, especially at the application level. Baking in security measures at various levels ensures reactive and proactive measures are being implemented to make the system more resilient and enable quicker responses against attacks.
3. Proactively screen. By the time many retailers realize their systems have been breached, it's often too late to prevent or actively mitigate the attack. By regularly auditing and assessing the infrastructure to identify gaps, retailers can more clearly identify blind spots in their environments. Additionally, retailers should maintain an active log to keep track of all activity to ensure system integrity hasn't been compromised.
With careful implementation and maintenance of basic cloud security practices, retailers can establish a more flexible and agile technology infrastructure that's better equipped to keep their customers’ data protected and keep their business growing.
Sumeet Sabharwal is the general manager of NaviSite, a provider of hosting, application management and managed cloud services for enterprises.