Securing the Digital-First Model for Retail

Dec 22, 2022, 00:00 AM by Chris Banks
Learn more about the fast, reliable, and secure networks needed to support digital retail

Retailers continue to adopt a digital-first approach to customer experience (CX), both in-store and online. Customer experience upgrades like loyalty program, real-time contextual personalization, and store operation efficiencies such as contactless payments are business priorities for retailers. To meet the customer demands of a digital-first business model, retailers need to address their critical digital infrastructure and rethink network design and cybersecurity. This article outlines the major considerations and types of solutions retailers should consider to enable fast, reliable, and secure networks and digital business.

Customer demand driving digital adoption

The increasing customer preference for a more digital, frictionless experience continues to drive the adoption of digitally-enabled processes and tools such as online and contactless ordering apps, self-checkout, and personalized product offerings and recommendations. This rapid adoption of new technologies brings with it an increase in the complexity of network design and security architecture for IT teams.

The number of devices connected to the network has increased significantly with the proliferation of wireless POS, tablets, inventory trackers, and IoT devices. This number is expected to grow over the next five years and securing the breadth of devices is becoming increasingly challenging. Confronted with escalating threats, privacy regulations, and growing customer concerns about data security, retailers are facing unprecedented pressures to keep their network connections secure.

Watch the Webinar - Beyond the Buzzwords: Networks and Security Converge

Retail-specific vulnerabilities

Retailers have always been attractive targets for cyber attackers and data thieves. Retail companies are high-profile and contain a goldmine of consumer personal and financial information, making them prime targets. For retail security teams, the network perimeter continues to transform as data and applications move to the cloud, more devices and merchandise are connected in-store, and users are working from outside headquarters and branch locations. With the expanding range of possible entry points, PCI compliance–always a top-line security priority–can be more challenging to manage. Retail security today is further complicated by the expanded attack surface that comes with the adoption of digital POS systems, eCommerce platforms, digital supply chains with third-party partners, and digital loyalty programs.

WiFi and SD-WAN for flexible and enhanced connectivity

According to the IDC Future of Connectedness Report, by 2023, 40% of enterprises will implement SD-WAN for optimized operational efficiency, enhanced security, and reduced network costs. Retail is no exception. As the consumer desire for digital ease in purchasing will only continue to grow, retailers will need to be sure their WiFi bandwidth is up for the challenge of supporting a growing tech stack. WiFi is essential for almost every aspect of retail—think in-store monitoring of customer traffic and shopping patterns, locating products using inventory ID tags, or tracking merchandise in another location through real-time, connected inventory systems.

Underpinning WiFi networks at disparate locations, meanwhile, SD-WAN is able to segment network traffic to prioritize and help protect critical applications. Additionally, it allows for decoupling overlay and underlay networks, enabling core networks to scale and evolve independently. This helps to control costs and time needed to manage distributed networks. SD-WAN also provides the agility to add more bandwidth to help improve application and system performance. Centralized management is a huge advantage for retail IT teams who are managing hundreds, sometimes thousands, of branch locations. They are able to push changes to all locations at once, which helps to reduce burdens on IT teams.

Enabling new customer experiences through SD-WAN and SASE

The SASE framework, short for “secure access service edge,” is a convergence of network and security services. It merges security with SD-WAN to create a single, unified cloud service with far-reaching benefits. Retailers can leverage the SASE framework to develop overarching network strategies and address the new types of cyber risks within omnichannel models.

A SASE framework can help to meet retailers’ security requirements in a few key ways. By integrating networking and network security into a single, unified, cloud-delivered service, retailers can tap into the power of functionality like firewall, intrusion detection, secure web gateway, cloud access security broker, and more—all integrated directly into single-pane-of-glass network management solutions. That means that when it comes to delivering on the promise of next-generation shopping experiences like digital displays, mobile point-of-sale checkout, and IoT-based data collection, IT teams have the central monitoring and control capabilities to manage and protect disparate systems and applications from anywhere.

In legacy environments, retail organizations used to utilize private MPLS or VPN networks to connect their HQ, branches, and distribution centers with an Intranet to connect internal employees. With today’s more distributed network architecture, SASE makes it easier to secure networks, applications and users, anytime and anywhere. SD-WAN simplifies networks by combining them into a single platform, while the SASE framework helps with heavy computation in the cloud across all traffic types.

Security-as-a-Service to manage complex security

For retailers, the complexity of managing today’s network security is amplified as the number of locations increases. An integrated security infrastructure that is capable of meeting the demands of a cloud-first, digital world needs to not only identify potential attacks, but also constantly monitor, prevent, and mediate them. An effective integrated security architecture should include key functionality elements like:

  • Managed UTM: Managed Unified Threat Management (UTM) rolls several security functions like intrusion detection, Layer 7 firewall, application control, and content monitoring into a single managed solution, delivering one management and reporting point and eliminating the need for multiple systems.
  • Firewall-as-a-service: Many legacy firewalls are ineffective against modern threats on a distributed network. Managed firewall solutions allow for customized rules based on specific needs, helping protect against external threats to a LAN network.
  • Cloud access security broker: A cloud access security broker sits between cloud users and cloud service providers to enforce enterprise security policies, leveraging tools like single sign-on, authentication, credential mapping, and more. Secure web gateway: Secure web gateways filter unwanted access, software, and malware as employees access the Internet.
  • Zero-trust network access: (ZTNA) enables safe and secure access to enterprise applications for remote users. Zero trust operates on the assumption that trust is never implicit, only offering access to specific applications or services, as opposed to an entire network.

For large retailers with hundreds or even thousands of locations or franchises, the security and IT expertise varies considerably. However, they need to help protect their organization from breaches. By leveraging the benefits of SD-WAN and managed security, the SASE framework can simplify network management and security for retail IT teams.

Retailers of all sizes can enable data and analytics transformations and new applications with reliable and secure networking and communications technology, including WiFi solutions and SD-WAN. Learn more at Comcast Business.

Learn how Comcast Business can help
keep you ready for what's next.