Security Trends in Cloud Computing Part 3: Retail sector

Previously in this series, we looked at cloud security trends in the financial services and healthcare sectors, based on survey data derived from Microsoft’s Cloud Security Readiness Tool (CSRT). Next I’d like to discuss some findings that relate to the retail industry.

IT departments at retail businesses are expected to manage a number of important security tasks, some of which have evolved considerably in recent years. This includes meeting regulatory requirements, such as Payment Card Industry Data Security Standards (PCI DSS) specifications on protecting customer data, without diminishing the shopping experience in stores or online.

Retailers have also expanded their use of technology to manage supply chains, operate web services and self-service portals, and deploy customer relationship management (CRM) solutions that can address their customers’ needs.

Each of these trends can require adjustments to a retailer’s security operations. For many, the increasing complexity of managing IT security is a strong rationale for adopting cloud computing. A reputable cloud service provider (CSP) can help keep an organization’s business systems running efficiently while deploying safer, more secure computing practices.

Adopting cloud computing can help retailers mitigate the risk of data breaches. Qualified CSPs will typically offer tested disaster recovery and incident response programs, which can help ensure that breaches are managed effectively and quickly.

Survey data from retail organizations underscore the potential security benefits of cloud adoption:
•    More than half (51 percent) of all retailers surveyed said they do not have a plan for responding to a data breach.

Recommendation: Information security events such as data breaches need to be reported to appropriate parties –promptly and clearly—to enable the most effective responses.

•    72 percent of retail organizations say they have not budgeted for a disaster recovery plan. Without a plan and a budget in place, recovery from a catastrophe could take longer, and costs could be much higher.

Recommendation: A disaster recovery plan should include clear assignment of responsibilities to specific personnel, with appropriate training. It should also define objectives for recovery, and standards for notice, escalation and deceleration.

If you work in the retail industry and are considering cloud adoption, I encourage you to download the full report, “Security Trends in Retail Organizations” to see how the cloud might bring value to your business.

I’ll be back again soon with the fourth and final blog post in this series, which will look at cloud security trends in the public sector.

About the study

Survey results are based on aggregated and anonymized data, collected from more than 12,000 respondents who used the Cloud Security Readiness Tool (CSRT) between 2012 and 2014. The CSRT uses survey responses to provide a custom report to help organizations understand their current IT infrastructure, identify relevant industry regulations, and assess whether cloud adoption will meet their business needs.

About the Author
Adrienne Hall

General Manager, Trustworthy Computing

Adrienne Hall is a General Manager in the Microsoft Trustworthy Computing group, where she leads a team of information technology (IT) professionals who are focused on the security, privacy, reliability, and accessibility of devices and services built on Microsoft technology. Read more »