News Feature | September 4, 2015

How To Design A Retail Security Solution That Takes The Human Element Into Account

Christine Kern

By Christine Kern, contributing writer

How To Design A Retail Security Solution That Takes The Human Element Into Account

Finding the appropriate security solutions can be a daunting task, especially ensuring that the data you are guarding remains secure on a variety of levels. Brandon Gruttadauria, senior technology solution engineer, IBM Enterprise Software for Ingram Micro discussed the human element of designing a data protection solution in his presentation “Who’s Minding the Store? How to Protect Retailer’s Data.” He presented the topic at the Retail Solutions Providers Association (RSPA) RetailNOW 2015, Aug. 2 to 5, at Gaylord Palms Resort and Convention Center in Orlando, FL.

Gruttadauria emphasized that as we create layers of security around our merchant clients’ information, we tend to forget the human element of data protection: employees. Gruttadauria explained, ‘We’re seeing more attacks happening on the personnel side, the human side, than the actual IT environment.” Attacks are aimed at people who have the access to data.

Gruttadauria explained that you can use a next generation firewall, combining storage devices and service information, combining end points, to cover the entire state of the process with SIEM (security information and event management) software. In addition to a next gen firewall, another important aspect of protection is continuous training of employees to educate them about risks to data security. He explained, “They could be subjected to a simple email that looks like a payment service and when they click through and enter all their information that was a complete spoof of a website that they’ve just put all of their information into because they were the ones that held the key.” There are also solutions that can help prevent employees from entering those sites.

Privileged identity and access control can help, too, by controlling the users that have access to assigned devices and specific data. “Privileged identity management records the session, it audits and tracks every mouse click, every key stroke, everything that happens in that instance, and then, I can, as an administrator, go back and see my access logs and figure out who accessed what, how long they were spending there, and of course what they did on that system.”

In addition, Gruttadauria advised the use of two-factor identification instances such as confirming a cardholder’s identity.

For a deeper dive on this topic, register for RSPA’s webinar featuring Ingram Micro on Oct. 14 as part of the RSPA Webinar Series.