It’s an exciting time in the world of retail – and not just because it’s the holiday season. Many retailers appear to be embracing the possibilities that social networking and mobile devices offer. From in store, custom advertising to easy integration with social media, large retailers are working to offer consumers an experience that they cannot get online. Consumers are being encouraged and rewarded for using their mobile devices in the store. The retail industry is embracing technology and pulling the end user into a much more interactive experience. This article from The Next Web, though a little dated, does a good job of describing some of the upcoming trends in retail.
When looking at these trends, it should be clear that security quickly becomes a central requirement. Look at the focus on giving consumers a personalized experience. Providing a personalized experience requires the collection and storage of a great deal of personalized data. Spending habits, skin tones, buying preferences and many more traits are going to be added to retailer databases. Most retail establishments have focused on the Payment Card Industry Data Security Standard (PCI DSS) as their driver for security. PCI DSS is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. The PCI DSS has pushed numerous security technologies into the retail environment and, generally speaking, has made many environments more secure – not perfect – but more secure.
Now, retailers want to open up their networks to social media usage and targeted advertising. The basic premise is that all the initial security that was put into place has to remain effective. In fact, because the retailer is opening up their network to the public, that entire ecosystem of retail network, advertising, social network and the consumer now has to be secured by the retail establishment. You might be asking why the retailer is now responsible for the security of all these other pieces. I think the answer is simple – a single negative incident affecting a retailer would certainly create a media field day.
This leads to an interesting shift in how retailers are likely to look at security in the future. Instead of just meeting PCI requirements, I believe retailers will be forced to place security first to ensure that their customers - and all the applications and traffic coming with them – are secure. This requires an evaluation of the current systems and implementation of new technology to handle BYOD and application control.
Fortinet already has customers that are deploying security solutions designed to enable the store of the future. Check out our Website for a great case study around Guess, Inc. and their approach to a secure network that enables social network interaction while maintaining PCI compliance.