The New Risks to Retail: Bring Your Own Device & Cloud Services
The following is an excerpt from chapter two of our new eBook, A Modern Guide to Retail Data Risks: Avoiding Catastrophic Data Breaches in the Retail Industry.
In Too Deep with Defense-in-Depth
Defense-in-depth is the concept of building layers of different technology solutions to secure your IT infrastructure. But as the IT model changes to a perimeterless environment, with data now located both in the cloud and on-premises, older security solutions are falling by the wayside.
Antivirus software catches just 45 percent of cyberattacks, as estimated by Symantec’s VP for Information Security Brian Dye. Ineffective technology is reflected in the numbers, too - according to The Wall Street Journal, Symantec’s earnings are forecasted to be down about 5 percent from the previous year, while revenue has fallen in each of the past two quarters.
This is just one example of how ineffectual security tools are quickly becoming outdated and unprofitable in the rapidly changing IT landscape. Consumer-driven technology has changed the IT industry for good, introducing multiple unsecured and unstandardized personal devices into the workplace.
This wave of BYOD has also emerged as a result of the pervasiveness of personal mobile devices, making it both cost-effective and convenient to leverage one device for both personal and work purposes.
Enterprises now need to deal with the security risks those devices introduce into their environments, as well as find a way to centrally manage said devices in order to strengthen their security profiles.
How to Protect Cloud Data with Strong Authentication
Two increasingly commonplace conditions in the workplace model require a solution that makes corporate networks and resources available whenever, wherever.
Cloud-based, or web-based services can provide affordable and convenient remote access to these corporate resources; also known in the industry as software as a service (SaaS). Common examples of SaaS include Google Apps, DropBox, Salesforce and Box.
SaaS has become popular as it is a more cost-effective way to outsource hardware and software hosting and maintenance to providers, which reduces the need to hire an in-house team of staff to support the same services.
As a result, data and applications no longer exist only on- premises. That also means cloud-based systems are most likely housing sensitive data, whether that’s proprietary business information, customer financial data, protected health information, etc.
Consequently, remote access to these systems via web-based logins is an easy and extremely valuable target for attackers targeting internal company networks. As described in the Cloud Security Alliance’s document, Top Threats to Cloud Computing, the threat of account or service hijacking ranks high for organizations that use cloud, or web-based applications.
Read more about BYOD and cloud risks by downloading our 150 page guide to help navigate you through some of the new risks in the industry, with a few security recommendations to boot:
Avoiding Catastrophic Data Breaches in the Retail Industry
In this guide, you’ll learn:
- New risks to the retail industry presented by cloud, mobile and Bring Your Own Device (BYOD)
- Business and compliance drivers for strengthening authentication security
- How outdated security solutions can no longer effectively protect retailers and consumers alike
- How implementing a modern two-factor authentication solution can work to protect the new IT model
Ideal for CISOs, security, compliance and risk management officers, IT administrators and other professionals concerned with information security, this guide is for IT decision-makers that need to implement strong authentication security, as well as those evaluating two-factor authentication solutions for organizations in the retail industry.