How MSSPs Can Secure E-Commerce Endpoints
In e-commerce security, usually the focus goes to securing the e-commerce server and the application. That makes sense because most attacks take place there. however, other attack vectors need to be taken into account, in particular the endpoints.
That’s important because e-commerce sites have a client-server architecture where the server is the application, which trusts authenticated clients — but these endpoints aren’t always trustworthy. For example, if an employee with an admin account loses an insecure, logged-in mobile device, whoever finds it could access the site. Considering that many e-commerce site operations are outsourced, this article will look at how MSSPs can secure e-commerce endpoints for their e-commerce customers.
Data Security Policy for E-Commerce Endpoints
When considering how MSSPs can secure e-commerce endpoints, the first order of business must be creating a data policy to ensure that the right people can access the right apps at the right time. In conjunction with developing a data policy for their customers, some security experts think MSSPs should use authentication to make sure these people are who their endpoints say they are. In addition, MSSPs should get a handle on their structured data, making sure data is masked, encrypted, and adheres to critical compliance regulations.
“Data policy is important for quantifying what you have and what the appropriate security controls are to apply to each type of data,” said George Mateaki, security analyst at SecurityMetrics, a data security and compliance firm. “The more valuable the data, the more stringent the security controls required. Anything of any importance needs to be encrypted. This usually has an inconvenience cost but still needs to be part of any serious data policy.”
However, other security experts say people might overlook unstructured data; for example, e-commerce operators often will leverage unstructured data, which can make up more than 80 percent of an organization’s overall data, according to Gartner.
“But not everyone has access to a big data store, so often what happens is this information is pulled down from a big data repository into a spreadsheet for analysis, where it’s no longer protected,” said Mark Cassetta, senior vice president – strategy, for Titus, a data protection vendor. “Or another example: An employee may want to share details or trends among an e-commerce operator’s top 20 customers, sharing that information as an unsecured Word document. So what MSSPs must do is work with their e-commerce customers to develop a holistic data strategy that not only looks at data repositories but also how that data is extracted.”
Securing IoT Endpoints for E-Commerce
With the explosion of mobile devices, in-car connectivity, sensors, and other internet-of-things innovations, a critical focus on security has arisen — particularly for e-commerce applications. In addition, such demand has built up to troubleshoot IoT endpoint compliance with data privacy and protection regulations, that unless MSSPs can find qualified personnel disaster. could well ensue.
“To put it bluntly, there’s a worldwide shortage of infosec talent and the number who understand information security and regulatory compliance is small enough a significant number of them are on a first-name basis,” said Trevor Pott, product marketing director at Juniper Networks. “Centralizing scarce talent within MSSPs and vendors makes it easier to train the next generation of defenders and build the next generation of security products. One day, we hope to see a depth of information security knowledge throughout the IT industry that is comprehensive enough for …