Retailers: Who’s Checking Out Your Data?
Secure Your Data, Before It Becomes Front Page News
In 2014 we saw many retailers suffer at the hands of hacker’s intent on stealing customer credit card details and personal information. With Target, Michaels, Neiman Marcus, Albertsons & SuperValu, all getting plenty of coverage in the press, resulting in significant financial loss and impacting consumer confidence. Retailers, including JC Penney and Wal-Mart, now list data security as a new risk factor in their annual filings.
Insiders, particularly current or former employees, are cited as a source of security incidents by most Retail & Consumer respondents. PWC
Despite the headlines and damage to reputation retailers still struggle to understand how their data is collected, stored, and used. While a lot of time and money is invested protecting the perimeter on the assumption that higher walls and wider moats will keep intruders out. But what if the intruder is already on the inside?
Last week AT&T paid a $25 million civil penalty assessed by the FFC – for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 280,000 customer accounts without authorization.
A recent Ponemon study showed that 57 percent of IT practitioners do not know where all the sensitive or confidential data exists within their organizations
As retailers increasingly modernize legacy applications, consolidate systems, digitize the business and outsource IT projects to serve customer s more efficiently and create a great customer experience they are exposed to the ever increasing threat of data breaches. Increased threats and complex IT environments make it difficult for retailers to protect sensitive data especially from the inside, from those authorized to view confidential data.
“Not knowing the location of sensitive or confidential data keeps most respondents up at
night and represents a significant security risk.”
As you look across the IT landscape where are the potential areas of exposure from the inside?
- Test/Reporting Copies: Many copies of production (often full) used for test, training, and analytical purposes
- Development and Support: DBA’s, IT have unlimited access to sensitives data. Many use SQR reporting, Toad, SQL plus to bypass existing security
- Outsourcing: Outsourcers have access to sensitive data in non-production and production systems. Are your contracts stipulating sensitive data is not allowed offshore
- Authorized Users: Store associates, contact center employees are required to view account details in order to answer customer queries or resolve questions and disputes. Commercial off-the-shelf applications not designed to deploy restrictions by data element.
There are many facets to a successful risk mitigation strategy. One way to is to discover and permanently mask confidential and sensitive data from non-production environments, such as test and development environments. Another is to dynamically mask data stored in production systems to provide more tightly controlled access, and give control of this function to the business users who understand the nature and context of the data.
Why now stop by our Booth #S2626 at RSA Conference 2015 where we will showcase Secure@Source, the industry’s first Data Security Intelligence software, which discovers, analyzes and visualizes data relationships, proliferation and sensitivity. Secure@Source monitors data risks and vulnerabilities to protect organizations from external breaches and insider abuse. If you cannot attend you can learn more about Informatica’s Data Security and Privacy solutions here.
For anything on Retail Security, here is the key @INFARetail