The rush to migrate to the Cloud can lead to lethal security gaps later. Here are some strategies to adhere to …

The pandemic has forced many retailers to close stores for extended periods of time, and when you combine that with people being more reluctant to visit stores when they do open, retailers have had to take a crash course in e-commerce if they did not already have a significant online presence.

On the other hand, online shopping has seen a huge surge worldwide. However, this brings various technology challenges for retailers.

  • First, retail applications have evolved, and their dispersion over multiple types of technologies and cloud platforms means that the applications are more exposed to vulnerabilities than ever before.

The shift to the cloud, and then to running on serverless/containerized compute environments all have implications for security. Recent reports show that attacks against web application servers made up nearly 75% of breached assets in the past year, up from roughly 50% in 2017. Also, most retail breach attempts occur in cloud environments.

  • Second, as a result of the pandemic, it is not uncommon that organizations’ cloud migrations and deployments have raced ahead of their security teams’ abilities to defend them against attacks and breaches.

    Existing security solutions adopted by businesses may provide only limited protection against cloud threats, and teams often lack the expertise needed to improve security and compliance processes. In some studies, 82% of respondents have said their traditional security solutions either do not work at all, or only provide limited functions in cloud environments, up from 66% in 2019—highlighting a growing ‘cloud security gap’ over the past 12 months. 
  • Third, while many organizations assume that leveraging the public cloud means their security is taken care of, this is not always the case. Incidents involving public cloud service providers in recent months involving VMWare Cloud Director and Blackbaud show that misconfigurations and data exfiltrations can lead to unexpected complications.

So, retailers migrating urgently to take advantage of the cloud’s flexibility and scalability will also need to consider how they protect themselves against attacks and breaches. Here are some tips from Check Point for retailers to stay safe in the cloud: 

  • Consider the shared responsibility model for cloud security
    While your infrastructure provider takes responsibility for securing their cloud services, the responsibility of correctly secured the apps that you are building, and the configuration of your cloud resources belongs to your organization.  
  • Your cloud security management must be automated
    If you have to manually configure any part of your security solution on a regular basis, your application is inherently vulnerable. Automating your cloud security minimizes the risk of human error. 
  • Look for cloud native security solutions
    You need security that can scale at the speed of the cloud. Otherwise it will be rendered obsolete from the first update of your application, and your applications will be vulnerable to risks and attacks. 
  • Keep your eye on the app
    It can be tempting to try to secure parts of your application but have you assessed your web application firewall to ensure that the application is protected with a solution that can keep up with its evolution?
  • Consider a cloud security management solution
    By leveraging a tool that performs automated checks, you will minimize your vulnerabilities in the cloud—the very same vulnerabilities hackers are looking to leverage for their attacks when they scour the internet. 

Moving to the cloud can help retailers deliver a better user experience, reduce their operation infrastructure costs and help with real-time access to inventory.

However, to gain maximum benefit from the move to cloud, it is critical that such new e-retailers also embrace the security measures needed to keep themselves and their customers data safe.