, Singapore

Developing end-to-end security programme for retail

Retailers must rapidly evolve online applications to meet market demands but at the same time, more shoppers are wary of the privacy threats when shopping online as a breach can be very harmful to a retail company.

Speaking to Retail Asia, Olli Jarva, managing consultant at Synopsys Singapore, explained: "Tangible costs range from stolen funds and damaged systems to regulatory fines, legal damages and financial compensation for injured parties. Even worse, it can damage the relationship and trust that the brand has built with customers and tarnish its reputation."

Moving into the new year, he opined that developing an end-to-end security programme that will reduce unauthorised or suspicious access while still maintaining a smooth process for customers makes good business sense: "Leaders in the retail industry must ensure that they have exceptional defence profiles if they want to hold on to their loyal customers—and attract new ones."

While protecting customer relationships and bottom line is no easy task, it is possible to minimise security risks by building security, understanding adversaries and then designing correct controls and gates in Secure Software Development Lifecycle (S-SDLC). Jarva recommended putting in place a measurable and scalable Software Security initiative that addresses the immediate and long-term needs of retail and e-commerce organisations:

  • Application security - when developing applications, ensure quality and security at every step of the development, testing, and procurement life cycle, rather than an afterthought.
  • Mobile application security - Assess security of iOS and Android applications and their back-end components to discover malicious or potentially risky actions in your mobile applications, keeping the business and customers secure against attacks.
  • Vendor analysis - If your organisation relies heavily on third-party software or allows third-party access to your network, make sure it meets compliance requirements and protects customer data.

“Put third-party applications under the same scrutiny as the applications you develop in-house, so you know the code you receive is secure. When your full supply chain is aligned along the same security protocols and practices, you’ll decrease risk and reduce the time and resources it takes to launch secure software,” Jarva said.

He cited Target as an example of a retailer with an intrusion into its system which can be traced back to network credentials stolen from their third-party vendor -- a refrigeration, heating and air conditioning subcontractor.

Join Retail Asia community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

Exclusives

Hong Kong’s K11 MUSEA bridges art, culture, and retail
Visitors find top-tier brands and museum-grade art pieces at the cultural-retail landmark.
Meta is investing big in business messaging
Companies can boost sales by reaching more customers on Messenger, Instagram and WhatsApp.
MINISO opens biggest global store in Jakarta
The Chinese retailer aims to hit 1,000 stores in the next five years from about 300 now.