As a retailer, there are many things that can make or break the customer experience. Improving ease and speed of purchase, along with trust in your brand should be at the top of your list.
When you walk into a retail outlet there are many tools to keep the store secure. Store security staff, sensor tag systems, Pin Entry Devices (PEDs) and Points of Sale (POS) systems are all part of this ecosystem. You wouldn’t think twice about leveraging these to secure a physical store, so you shouldn’t think twice about using the same approach for an ecommerce website in a cloud environment.
Physical stock protection is a lesser concern in the digital world. However, it’s still easy for ‘bad actors’ to acquire stock by fraudulent use of credit cards or customer accounts. Another key focus point for ecommerce platforms is looking after customer details and data. Loss of data not only has a negative impact on your brand, but also has serious financial consequences. GDPR regulations have introduced fines starting at €10 million, or 2% annual global turnover and raising this to €20 million, or 4% annual global turnover dependant on the severity of any breach.
There are various AWS technologies that come together to provide a holistic set of services to help secure your platform, but under the shared responsibility model there are still areas that the consumer of the platform must take care of. Here are a few examples of how these measures might map to the physical measures in a high street store.
Store security staff and CCTV
AWS provides a couple of key services in this area. AWS CloudTrail tracks and records everything that occurs in your AWS account, providing the information required to assess any unusual behaviours in your environment. In addition, AWS Guard Duty goes a step further and is akin to a store detective. Using a variety of data inputs, it can take steps to intelligently and proactively detect and prevent intrusions into your platform. However, to configure monitoring patterns and responses as well as acting on all the data being collected, you still need a team of skilled cybersecurity experts.
Sensor tag systems
If you want to stop items leaving a store without knowing, you’d typically secure it with a security tag. In the digital world this doesn’t quite work. If you placed the same importance on your data as you do your stock, you’d need to digitally tag that data. System user and File Integrity Management (FIM) monitoring becomes key here, as this is where data is likely to leak. To complement the AWS toolsets, we offer Rackspace Managed Security (RMS) compliance assistance. Key tasks such as monitoring and documenting user-host access, authentication levels, and login times to help demonstrate compliance with access controls are in place. RMS also includes FIM which detects, reports and documents changes to files on a host, based on your requirements.
Secure PED and POS
Receiving and storing customer card data is probably one of the biggest headaches any ecommerce team must deal with. To achieve this safely, most organisations pass this to secure gateway providers such a PayPal or WorldPay. If you need to keep this in house, then leveraging Payment Card Industry (PCI) design standards and third-party agents for monitoring within ec2 instances (your application hosts) are required. This can mean a significant investment on in-house-security teams. We provide Fanatical Support for AWS and RMS, so they can lessen the burden for our customers, freeing up their time to focus on key business objectives.
Your first and last line of defence with any high street shop is your front door and roller shutters. This is your physical barrier. The same needs to be in place for an ecommerce website. Our AWS architects can work with you to design an environment aligned to security best practices. This would make use of DMZs and leverage several technologies including Network Access Control Lists (NACLS), Security Groups and Web Application Firewalls (WAF).
A quick and easily navigable web shop is a crucial part of any ecommerce platform. However, security must have an equal standing in any decision-making process for your platform and brand to remain successful.
If you want to make the most of AWS and find out how we can support you, then sign up for our webinar on AWS Well Architected Framework Reviews, on Wednesday 27 June.