SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Retailers failing customers when it comes to data security
Mon, 10th Jun 2019
FYI, this story is more than a year old

Retailers are failing to adequately secure customer's data, especially when it comes to application development processes, new research from Claranet indicates.

According to Claranet, many retailers have adopted or plan to adopt a DevOps approach. In fact, 40% of retailers said they have already adopted a DevOps approach and 44% expect to this year.

However, less than half (42%) are confident when it comes to integrating security into this process, or DevSecOps. This is largely due to the fact the retailers feel they lack in-house capabilities to deliver DevSecOps, and only 48% know how to integrate IT security into their processes.

According to Claranet, not integrating security into DevOps approaches signifies significant security risks and can lead to data protection risks.

Claranet head of retail John Hayes-Warren says, “Embracing DevOps is clearly a priority for retailers as they look to improve their applications and deliver better, more seamless experiences for their customers. However, the lack of DevSecOps integration shows security is still regarded as separate from the development lifecycle, rather than factored in from the start."

"DevOps is a constantly evolving process that embraces innovation, and tends to outpace security and compliance, making it increasingly difficult to embed and automate the latest best practices into each stage of the development lifecycle. This is supported by the fact that over half of retailers do not feel confident they can deliver DevSecOps, opening the door to leaks of customer data, fraud, and cyberattacks," he says.

Hayes-Warren encourages retailers to develop an in-house development programmes that includes regular security training courses.

These should include continuous monitoring and analytics throughout the DevOps lifecycle, whether in planning, coding, pre-production, or even decommissioning, he says.

"DevSecOps is a complex process that is continually changing to respond to new security threats. It is vital that retailers provide their development teams with suitable training programmes if they hope to build highly secure applications and this will help to ensure all customer data is fully protected across each end-point,” says Hayes-Warren.