Businesses must stay one step ahead of compliance to ensure they maintain customer trust, writes Patrick Romich, CEO of SiteSpect
Attention to detail can be the difference between thriving and bankruptcy for today’s digital businesses. With global e-retail sales projected to grow 47% by 2020, today’s businesses need to have a clear customer experience and optimization strategy as well as an effective plan for operational execution to remain competitive. This effort includes taking the time to build a comprehensive security and compliance strategy to fill the gaps that can leave a business easily exposed and rendered ineffective.
For the largest digital players in the world today such as Walmart, Amazon and Target, security and compliance are an assumed part of their initiatives. However, as optimization, personalization and overall customer experience become top priorities, data-driven initiatives are critical for digital businesses, large and small. The issue that can arise here is that these businesses are not prepared to ensure that data practices are secure and compliant. Without a strategy and execution plan, customer data is at risk but, more importantly, the brand’s reputation and overall success is at risk. Customer trust and loyalty is not built in a day and a lack of attention to detail in a security strategy can jeopardize that loyalty in a New York minute!
So How Can Businesses Ensure They Are Compliant and Secure?
Too many organizations take website and application security for granted and find themselves having to react rather execute on a proactive plan. Securing a website at the server level requires different approaches depending on whether a business is running a dedicated server or leveraging a website host. Regardless of the path, businesses need to understand what they will be responsible for securing and ensure they’ve built a strategy that prioritizes the following:
-
Protecting Data Resources
In every business, protecting customer data should be a number one priority. The best place to start is to ensure solutions are compliant with the Payment Card Industry Data Security Standard (PCI DSS). If a company intends to accept credit card payments, as well as store, process and transmit cardholder data, it needs to host data securely with a PCI compliant hosting provider or be SAQ type D compliant. There are several PCI compliant requirements that meet a variety of security goals including: building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures and maintaining an information security policy. In addition, how secure are a business’ server and website access? Implementing proven approaches such as 2-factor authentication can help provide an additional layer of security.
-
Battling Bad Bot Traffic
Certain optimization solutions can help mitigate risks introduced by bad bots. Bad bots interact with applications in the same way legitimate users would, making them challenging to prevent. Furthermore, automated bots now outnumber humans on the internet. Thus, web activity can often be mistaken as real users, which pollute performance metrics. Battling bot traffic is also a challenge because if restrictions are too tight, human users can also be denied access to a site.
This is where optimization solutions with a proxy approach offer some distinct advantages. Creating whitelists to mark the “good bots” and blacklists to mark the “bad bots” is more thorough because bad bots cycle through random IP addresses or enter through anonymous proxies and keep changing identities. “Sitting” in the middle of the web traffic makes it easier and cleaner for optimization solutions to spot “man-in-the-browser” malware (bad bots using headless browsers), as well as employ JavaScript detection. An additional and important advantage to identifying and isolating the bad bots is improved security. For example, having a whitelist policy that improves browser version age limits can stop a percentage of bad bots.
-
Creating a Security Strategy that Evolves
Like most tech standards and policies, security and compliance needs will evolve over time. To keep up with these changes, businesses should build a strategy that not only incorporates security and compliance into the fabric of digital business, but also provides tactics for ensuring that standards are updated and understood by solution managers. Ongoing oversight by independent security and compliance experts can help ensure that a business is documenting and maintaining the latest and most appropriate levels of security and compliance in development efforts.
The best approach to ensuring that optimization vendors are complying with the latest security standards is to ask for documentation and levels of certification. In addition, it is important to ask if they have the same standards for suppliers. The supply chain of product development, including open source components, must come under the same level of scrutiny as it only takes one weak link to break the security and compliance chain.
As the world of digital business continues to grow and evolve, integrating new and varying technologies will help businesses stay one-step ahead of customers in experience demands and optimization. However, it is also important that they take the time to be one-step ahead in compliance – ensuring they maintain customers’ trust and therefore, their business.
Patrick Romich is CEO of SiteSpect
As a member of SiteSpect’s board and CEO, Patrick is responsible for all facets of the company, including strategic growth initiatives and partnerships that will lead the development of the next generation optimization technology and accelerate market innovation. Patrick has extensive executive experience in the technology market including CEO roles at Dassault Systemes/ENOVIA. Synchronicity, and Information Handling Systems, Engineering Division, a member of the IHS Markit family of companies.
