To see how the retail industry is approaching cloud security, cybersecurity firm Fortinet surveyed retailers on current business changes, challenges, and investment plans including telework, new technologies and integrations, compliance, the cybersecurity skills shortage, cloud security, and SD-WAN (software-defined networking).
The research showed that retailers have accepted and adapted to the new reality as evidenced by the acquisition of new services and technologies. Fortinet said 88% of retailers have added or expanded telework and 43% have added or expanded e-commerce. In addition, 42% have added the ability to perform contactless transactions.
It has been repeatedly reported that cybercriminals found vulnerabilities in teleworking because employees are using their own — unsecured — routers and networks. Unlike in offices where corporate security posture is stronger, a home-based Wi-Fi system is easy to infiltrate. For industries such as retail, which have typically not had as many employees working remote, implementing secure IT infrastructures for a remote workforce was a unique, but necessary task.
New technologies and integrations
The lockdowns may have cooped up people in their homes but it opened new opportunities for e-commerce, which continues to enjoy brisk sales even if governments eased mobility restrictions. Adding or expanding e-commerce and new technologies such as contactless transactions, kiosks, and tablets also come with security and compliance challenges. Retailers have had to fast-track plans to integrate web and mobile applications, order delivery solutions, and other services with their point-of-sale networks.
Security skills shortage
Payment Card Industry Data Security Standard (PCI DSS) is one of the challenges businesses face as they figure out how to run transactions. Strict requirements are set in place for protecting customer credit card information that must still be adhered to regardless of any new approaches. Also, the challenges of manually achieving network-wide visibility and enforcing required security controls increase as the network become more complex or evolves as new devices are added. Further, demonstrating compliance also becomes more time-consuming, especially as the shortage of skilled IT workers continues.
Fortinet reported that 44% of survey respondents indicated staffing was one of their biggest security challenges during COVID-19. It further states that retail organizations are using a wide range of approaches to address the cybersecurity skills shortage. Using professional services (34.3%) and automating security functions (31.4%) are the top methods retailers have chosen to mitigate the impact of the global skills gap on organizations.
To manage multiple locations with limited IT staff, retailers must operate with a high level of automation, save time with zero-touch deployment, and gain network-wide visibility and control from a single pane of glass.
Retailers are also taking advantage of the agility and cost-savings of cloud deployments. It makes sense, given retailers operate large networks of geographically distributed branch locations that all need access to the same applications and services. However, network infrastructure that sprawls over private clouds, public clouds, and on-premises data centers often create a very siloed environment that is difficult to secure.
According to the survey, retailers are running into a number of cloud-management challenges. The biggest challenge cited was the complexity of administration (43%), followed by cost (41%), with secure access and compliance tied for third (40%). Another survey finding is that more than half of retailers do not know who is responsible for public cloud security. Fortinet said 55% of respondents did not fully understand that cloud security is a shared responsibility between provider and user.
Retailers also need fast and scalable connectivity to enable seamless transactions to support sales, inventory, purchasing, and other activities. Replacing traditional (Multi-Protocol Label Switching) connections with SD-WAN offers a more flexible approach to connectivity with faster performance and a lower total cost of ownership (TCO), increasing efficiency, and bolstering the customer experience.
The research finds 74% of respondents surveyed rated security as an important or very important reason for deciding to deploy an SD-WAN solution. The challenge facing retailers is that not every SD-WAN offering includes security integrated into the solution. A Secure SD-WAN, that offers a full suite of integrated security services as opposed to an overlay or purely external security offering, is necessary to efficiently and effectively mitigate risk, provide business continuity, and allow for the greatest ROI.