You don’t have to look far to find examples of major retailers that have suffered security breaches in the recent past. The search is even simpler if you look for sensational headlines describing the breaches, the repercussions for customers and retailers, and the call for increased regulation.

Retailers amass an enormous amount of data across their store, website, and catalog operations. Much of that data – credit card numbers, social security numbers, pharmacy data, personally identifiable information (PII), etc. – is highly sensitive and must be protected. Safeguarding data in today’s retail establishments presents a significant challenge given the customarily complex business and technical environment.

Two major forces are currently driving the need for data protection in the retail industry, PCI and brand.

Payment Card Industry Data Security Standards
Commonly referred to as PCI DSS, the Payment Card Industry Data Security Standard is a major influence compelling retailers to protect their data. PCI applies to all organizations that collect credit card information and imposes fines on those that do not comply.

Brand
A major force motivating retailers to protect their data is the possibility of a security breach and the harmful effects it has on the company’s brand and reputation. As the number of attacks against sensitive retail data grows, the likelihood of a breach grows as well. Retailers have a choice. Proactively anticipate breaches and strive to avoid them or reactively respond to actual breaches without protection or a remediation plan. The proactive path protects your customer’s information, protects your reputation, and reserves the negative headlines for your competitors.

The Retail Environment

(click to enlarge)

Protecting data in the retail environment requires a deep understanding of data vulnerabilities in a complex, distributed technical and operational environment. Unprotected data is at risk when it is collected, aggregated, used in operations, and analyzed.

Sensitive data is collected through many channels like multiple point-of-sale (POS) systems supporting multiple brands, ecommerce sites, and Catalog sales. Each has its own challenges. All systems must be high performance; customers will not wait.

• Store based POS systems often exist in technically constrained environments and rarely enjoy a persistent connection to the home office for data collection.
• Ecommerce sites are under constant threat from hackers. Attacks such as SQL injection and Cross Site Scripting seriously threaten web applications and databases are often exposed via these sites as well.
• Catalog sales are often transacted via phone with sensitive, personally identifiable information being recorded “for quality assurance”. These files are frequently left unprotected on a server for storage.

 
Data is aggregated from all channels where orders are entering the system. Polling servers are a typical mechanism used to pull data in narrow time windows when stores are closed. Aggregated data typically goes to a storage platform before being sent to operational systems. Sensitive data is used in typical retail operations like loss prevention and financial settlement. It is also used in corporate operational systems like ERP and call centers. This data is often found in databases and files that need protection. Retailers collect and analyze as much, or more, data as those in almost any other industry. A lot of that data ends up in an enterprise data warehouse awaiting analysis. Sensitive components of that data must remain protected while in the warehouse.

Protegrity in Retail
Protegrity’s Defiance Security Suite is a complete data security management solution for the retail industry. It safeguards sensitive data across the retail landscape with integrated encryption and security management products. From a centralized control point, security policy is defined and distributed to all the points requiring protection in a retail environment. Data is encrypted and decrypted, and encryption keys are managed, as sensitive data moves amongst POS systems, polling servers, operational databases, and archives. Protegrity solutions extend to the platforms most often found in retail including: Teradata, mainframes, and AS400. The Defiance Security Suite features for retailers include:

• Integrated data and application security from data collection point to archive
• Centralized security management for consistent policy distribution and enforcement across data collection, aggregation, operational use, and storage points
• Complete reporting environment with operational alerts and triggers, secure audit logs, and analytic forensics
• Cross platform support for easy enterprise deployment and continuous protection
• Transparency for minimal impact on existing customer facing applications and back office operations
• High performance gained from leveraging existing infrastructure processing power