As anyone who works in the retail sector will tell you, the holiday season is fast approaching. Black Friday lands on the 24th November; Cyber Monday quickly follows on November 27th, and then retailers are straight into the busy holiday shopping period. In 2016, Americans spent $40 billion online, while in Europe consumers in just five countries spent in excess of $68 billion on holiday shopping.
So while it’s the most lucrative time of the year for retailers, it’s also the most stressful. The high volumes of transactional traffic – both on ecommerce sites and in-store – put the networks and IT infrastructures that enable this busy trading time under immense pressure to perform. Even the slightest glitch could have very costly implications for retailers: in 2016 a 20 minute outage on Amazon was estimated to have cost nearly $4million in lost sales.
So, with network uptime and application availability critical to retailers success this holiday season, here are a few tips for retailers to ensure their security infrastructure is ready for the busy Thanksgiving and Christmas trading periods.
First and foremost, retailers need to plan ahead. We blog a great deal about firewall configuration and in particular the change control process – that is, updating firewall rules when application or network connectivity is updated.
However, with retailers’ networks powering a complex maze of applications both in-store and online, with a wide range of interdependencies, those change control processes can become extremely complicated. Imagine one common scenario – you need to deploy a new application on the network that impacts your international ecommerce processes, so you need to implement firewall policy changes across multiple network locations and countries. While the policy change itself may be easy enough to make, the question becomes – when exactly should you make it?
During the holiday season retailers should be limiting policy changes to specific change control windows, in order to mitigate the risk of configuration mistakes causing operational downtime for core applications. Where possible, changes should be scheduled in the weeks running up to peak trading times, but where this isn’t possible, firewall policy changes will need to take place overnight – out of high-risk hours, essentially.
For those retailers with operations in Europe, the USA, and elsewhere, operating across multiple time zones, those high risk hours are different from country to country and will require further co-ordination ahead of schedule to ensure that no market is affected during its peak-trading hours.
Ensure key suppliers will remain connected
During the holiday season, most retailers will be relying on a network of third-party suppliers to ensure that their stores remained well-stocked, a range of options are available (such as click-and-collect), that regular updates are provided to customers, and that orders are fulfilled. To ensure this all runs smoothly retailers will need to grant external organizations connectivity to their network as well.
As this external connectivity is likely to be integral to retailers’ ability to successfully meet customer demand, it is critical that those connections are not disrupted – or act as a ‘backdoor’ for any potentially cyber-criminal to the rest of the network.
The key point here is to implement careful network segmentation in order to minimize the risk of connecting external parties to your infrastructure, while keeping in mind that once a partner is connected, they become part of your regulatory compliance posture. Network maintenance is likely to become even more complex during the festive season as a result of these external connections, so it is critical to make sure that you have an up-to-date contract in place to cover all technical and business aspects of the external connection, so that any issues can be remediated quickly and effectively.
Back-up configuration files
A final step that retailers should take is to regularly back-up network configuration files, so that if something does go wrong, they can quickly revert back to a recent healthy state. This will help to reduce the impact of any disruption caused by an application or network outage. While this can be done manually, automating this process is far more dependable way of doing this rather than relying on employees to keep regular backups.
With just a few weeks to go until the festivities get into full swing, these basic steps will help ensure that this holiday season is a successful one.