Addressing Retail’s Unique Security Challenges
4 Min Read By Aaron Branson
As an ever-growing wave of technological innovations has continued to change the game for many retailers, in particular, restaurants, so has the possibility of technology failure.
In order to stay competitive while catering to new generations of hyper-connected shoppers, retailers are being pressured to innovate constantly. Online ordering, in-store beacon technology, cloud POS, omni-channel retail platforms, and digital menus and signage, are part of the evidence of those innovations taking place. We’ve also seen the advent of self -checkout, RFID technology, and digital wallets, while we’ve become accustomed to guest Wi-Fi at pretty much every shop we enter.
Just about any retail business undergoing digital transformation is likely to see an increase in IT complexity and hardware sprawl.
It’s a great leap forward for just about everyone. But the risks facing today’s tech-savvy retailer can be especially daunting. A heavily leveraged store network that is increasingly reliant on optimal network performance and uptime can be a disaster waiting to happen if it’s not properly secured and monitored. The results can seriously damage both short-term revenue brand reputation. And that’s bound to impact long-term revenue.
Today’s customer-facing businesses face four key challenges when it comes to digital disruption, all of which can be addressed with SD-Branch – or software-defined branch networking. It’s a single hardware platform that supports SD-WAN, routing, integrated security, and LAN/Wi-Fi functions – which can all be configured and managed centrally via the cloud. The hardware platform is known as the “universal Customer Premise Equipment” (uCPE). It’s essentially a multi-functional edge appliance that delivers all-in-one connectivity and security services to a branch location. The uCPE is managed via an orchestrator – a portable web-based console — that runs in the cloud and enables SD-WAN functionalities.
Digital Disruption
It’s virtually impossible to maintain business-as-usual when security challenges take part or all of your systems down. POS systems, payment kiosks, cloud-connected security cameras, voice-over-IP (VOIP) communications, vending machines, digital signage, office desktops, laptops, guests’ smartphones, wireless access points, firewalls, and other IT appliances are all connected to the store’s network via Ethernet and Wi-Fi. IT sprawl at the store level adds complexity to security management. And that kind of complexity increases the risk of a breach.
A robust SD-Branch can deliver multiple security functions using a single device – the uCPE – installed at the branch. By connecting the uCPE between the ISP modem and the LAN, it’s possible to see and control all the traffic that comes in and out of the network. Although not all SD-Branch solutions can deliver this capability. But a robust SD-Branch can see all the applications communicating within the LAN to the internet, and with whom they’re communicating. An SD-Branch offers an especially valuable solution for highly distributed businesses with multiple small-sized locations – because it lets users consolidate functions into a single piece of hardware, reducing IT sprawl at the branch, and consequently reducing the exposure to cyberthreats.
Business continuity challenges can alienate customers. Network performance and resilience also suffer when you increase the number of connected devices and apps – along with the subsequent growth of bandwidth demand that comes along with digital transformation. That’s why quality of service (QoS) is becoming a major concern. Plus, in order to avoid store-and-forward of payments and prevent revenue loss, retailers find themselves needing to preserve optimal uptime. Blackouts and brownouts can impact both short- and long-term revenue when business downtime results in a negative customer experience.
The failover capabilities of a robust SD-Branch solution (delivered via integrated modem) are key to delivering the resilience and business continuity essential to retail operations. Staying in business – not just for the sake of avoiding revenue loss, but also to maintain a positive customer experience – is the retailer’s primary goal when broadband connectivity fails. Cellular failover kicks in only when needed, whether during a blackout or when overall quality of service (QoS) drops below a pre-established threshold.
Digital Transformation
Agility and versatility can present a closetful of challenges. Just about any retail business undergoing digital transformation is likely to see an increase in IT complexity and hardware sprawl. So it’s not surprising these days to find a closet full of appliances, cables, and blinking LED lights at any modern store. Unfortunately, most of that expensive-to-manage hardware goes under-utilized. Frequent truck rolls are the norm. And capital and operation expenses go up with each new gadget.
By consolidating multiple network and security functions into an all-in-one multi-functional device, an SD-Branch solution can reduce complexity and cost. That allows for rapid service deployment and zero-touch provisioning, reducing the number of truck rolls to the location and calls to helps desk. By adding managed services delivered through the uCPE, SD-Branch makes it easier to transition from a CapEx model to an OpEx model – where services can be scaled up and down as needed. With a significantly reduced total cost of ownership, retailers can focus on selling instead of troubleshooting expensive – and often under-utilized – network security appliances.
Compliance management can challenge your cybersecurity strategy. While it’s not a bad idea to start building your cybersecurity strategy with a commitment to Payment Card Industry Data Security Standard (PCI DSS) compliance, challenges can arise when new types of devices connect to the store’s network. Think about IoT devices and innovative POS systems, for example. It’s important to remember that PCI DSS is not a checklist. Rather, it’s a set of minimum practices to follow. And because the risk of exposure to vulnerabilities increases with every new type of device that connects from within the LAN, you need to be mindful of the big picture.
SD-Branch solutions check many boxes when it comes to PCI DSS compliance. For example, they let you segment traffic – to help ensure that credit card transactions are protected from untrusted traffic. What’s more, you can switch LAN ports in the uCPE to WAN and vice versa, and close the unused ones to prevent rogue devices from being connected to the network via ethernet. And when it comes to meeting the specific needs of retailers, an SD-Branch solution can offer the necessary add-ons to help retailers look beyond compliance challenges and toward meeting their equally critical need to protect their brands.