sb-eu logo
Story image

Retailers failing customers when it comes to data security

Retailers are failing to adequately secure customer’s data, especially when it comes to application development processes, new research from Claranet indicates.

According to Claranet, many retailers have adopted or plan to adopt a DevOps approach. In fact, 40% of retailers said they have already adopted a DevOps approach and 44% expect to this year.

However, less than half (42%) are confident when it comes to integrating security into this process, or DevSecOps. This is largely due to the fact the retailers feel they lack in-house capabilities to deliver DevSecOps, and only 48% know how to integrate IT security into their processes.

According to Claranet, not integrating security into DevOps approaches signifies significant security risks and can lead to data protection risks.

Claranet head of retail John Hayes-Warren says, “Embracing DevOps is clearly a priority for retailers as they look to improve their applications and deliver better, more seamless experiences for their customers. However, the lack of DevSecOps integration shows security is still regarded as separate from the development lifecycle, rather than factored in from the start."

"DevOps is a constantly evolving process that embraces innovation, and tends to outpace security and compliance, making it increasingly difficult to embed and automate the latest best practices into each stage of the development lifecycle. This is supported by the fact that over half of retailers do not feel confident they can deliver DevSecOps, opening the door to leaks of customer data, fraud, and cyberattacks," he says.

Hayes-Warren encourages retailers to develop an in-house development programmes that includes regular security training courses.

These should include continuous monitoring and analytics throughout the DevOps lifecycle, whether in planning, coding, pre-production, or even decommissioning, he says.

"DevSecOps is a complex process that is continually changing to respond to new security threats. It is vital that retailers provide their development teams with suitable training programmes if they hope to build highly secure applications and this will help to ensure all customer data is fully protected across each end-point,” says Hayes-Warren.

Story image
Microsoft warns of huge email phishing scam
The phishing campaign installs NetSupport Manager remote admin tool to take over and execute commands. More
Story image
ThreatQuotient extends professional services for security intelligence
ThreatQuotient’s global Professional Services team was first launched in 2017 and provides core capabilities to assess, design and build a threat-centric security operations function. More
Story image
Endace and Palo Alto Networks launch integration to empower security teams
“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.” More
Story image
Thycotic acquires Onion ID, launches new access management products
Thycotic has acquired Onion ID, a privileged access management (PAM) solutions provider, and has added new products to its PAM portfolio to protect enterprise cloud apps and better enable remote workers.More
Story image
Current security practices 'grossly inadequate' for protecting cloud infrastructures - report
"As cloud stacks become increasingly complex, with new technologies regularly added to the mix, what's needed is a holistic approach with consistent protection across the full cloud stack."More
Story image
Rise in cyberattacks targeting the cloud as use of collaboration tools increase
“While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption."More