Retail security in the age of big data
Retail security in the age of big data

Today's retailers and their customers are embracing and using technology through an array of devices and channels.

At the same time, an extraordinary amount and variety of information is being generated - from point-of-sale (POS) transactions, social media, site traffic, mobile devices and other sources.

Retailers are discovering that the more of this ‘big data' they can collect and analyse, the better they can serve their customers and optimise their own operations. Vast amounts of customer data (from demographics, to product-purchase histories, to online conversations) can now be analysed to predict customer needs and orchestrate partners and suppliers in greater responsiveness to changes in buying behaviour.

With data being the new world currency and the cost of maintaining and protecting it running exponentially higher than the cost of capturing it in the first place, the security of data is assuming a new importance among retailers.

Retailers are responsible for protecting not only their own information, but the information of their customers as well. They are also faced with a diverse array of threats that are creating new potential vulnerabilities, such as theft of customer information and credit card data.

As a result, many consumers now view data security as a differentiator and will change shopping habits based on the level of security that's in place.

Since so much is at risk, it's not enough for retailers to take a point product approach to data security. Trying to protect people and information using pieced together set of firewalls, intrusion detection devices and encryption schemes can leave gaping holes that hackers worldwide can easily exploit.

A better approach is for retailers to have a more holistic security system in place that unites such things as information and physical security, risk and loss prevention, and includes solutions that work together to protect key data assets and transactions. This approach should include:

  • Having a system in place for handling a high capacity of transactions securely, while managing risk with an approach that balances availability versus the confidentiality of data
  • Implementing security solutions that will protect the servers or systems wherever the data resides; encrypt data at rest and in motion; and secure the networks – both wireless and LAN
  • Using strong authentication to help verify that only authorised individuals can access certain data, while monitoring privileged users within the organisation
  • Applying and managing a comprehensive encryption strategy to help keep private information confidential and meet compliance mandates.
  • In addition to these fundamental security measures, retailers can optimise their approach by adding a layer of security intelligence that:

  • Incorporates sophisticated real-time analytics to detect anomalous behaviour and loss of data
  • Discovers critical data, where it resides, who can access it and how well it's protected.
  • In the battle for customers, data is undoubtedly one of the most valuable assets for a retail organisation. It's especially valuable since retailers can learn more about the customers, their shopping habits and then market to them in such a way that enhances their shopping experience - an emerging investment area that can definitely show a return on investment resulting in more online sales.

    Having a well-thought out data security strategy will not only protect a retailer's valuable brand, it will preserve customer loyalty and ensure repeat customers, as data is used more wisely for targeted marketing.

    Martin Borret is a director at the IBM Institute of Advanced Security