As cyber security becomes a larger focal point in the media and minds of online shoppers, consumers understandably have increasing concerns when it comes to what protections are offered by retailers. Across channels, only 55% of shoppers think retailers use security systems that adequately protect their data, and not surprisingly so.

In fact, Trustwave reports that data breaches increased by 53.6% from 2012 to 2013, with more than half of thosebreaches targeting ecommerce sites. Of special concern is highly sensitive data, including credit card numbers andpersonally identifiable information. But with customer expectations on the rise and IT budgets commonly on thefall, how can retailers meet the security needs of today’s digital environment? For many organizations, turning to cloud-based commerce solutions helps fill the gap.

1. Cost
The cost of hosting and securing a home-grown, also known as an “on-premise,” commerce solution is a growingconcern for businesses today. In order to achieve a high level of security, organizations can be faced with over a million dollars in upfront costs and personnel, not to mention ongoing maintenance fees and annual compliance audits that can run tens of thousands of dollars.

Some companies believe that this investment is worth the cost because they retain complete control over theirdata by not sharing it with a third-party provider. And while that notion is indeed valid, it’s important to note thatcloud-based providers can take advantage of economies of scale in protecting retailers’ data. In other words, it’snot nearly as cost-effective to invest in securing a hosting environment for one website as it is to protect hundredsor even thousands of sites, which is what a cloud-based commerce solution does. This notion means that there aresubstantial cost savings available to retailers who utilize cloud-based solutions to power their online presence, ofwhich can be invested in other channels and revenue-driving activities.

2. Proactive security
Beyond cost savings, retailers are increasingly turning to cloud-based commerce solutions for the higher levels ofsecurity found in a proactive, multi-layered approach. Just like a bank has a legal and reputational obligation to protect your money, so do cloud-based providers in protecting your data – not only does a data breach greatly threaten the bottom line of a cloud-based provider, but like the FDIC, the Payment Card Industry (PCI) requires that ecommerce providers reach a minimum level of 250+ security requirements to maintain your data.

To meet these obligations, SaaS providers must look beyond basic infrastructure design in today’s ever-changingworld. If the fiasco at Target taught IT professionals anything, it’s that being reactive is nowhere near enough –instead, hosting providers must proactively probe their defenses using the same tools and tricks that attackers use.This approach is not easy nor inexpensive but provides a high level of confidence for their customers, and just asimportantly, greatly reduces the likelihood of being impacted by a data breach.

3. Collaboration between IT and development teams

Whether you prefer to call it “cloud-based” or “SaaS,” at its core, this type of solution offers both a software and a service. Beyond the fact that SaaS providers own and operate all network, system and database layers and canaddress attacks at both the infrastructure and application levels, there’s also an increased level of collaborationbetween internal software developers and infrastructure teams. This unique level of teamwork means that information security leadership can work hands-on with the development team to train and recognize vulnerabilities in the software code.

For example, in 2013, 55% of data stolen was payment card data, much of which was accessed by SQL injection.Even though this attack type has been around for over a decade, it’s still one of the most common attacks seentoday, remaining the number one type within the OWASP top ten. One of the most under-utilized methods ofprotecting against this is to stop vulnerabilities at their source, the source code. By working under one roof, the information security team can customize training to the specific platform their developers are working on,providing examples of vulnerable code so developers recognize them when writing or reviewing code.

As Target and other high-profile data breaches have taught us, reactive IT security is no longer enough to meet thegrowing onslaught of ecommerce attacks and growing customer concerns. As the media looks to focus on the nextbig breach, the reputation of retailers is at higher risk than ever, despite declining IT dollars. Because of this,security and cost-savings should be at the top of any checklist for the C-suite, including the growing trend to place cloud-based commerce solutions into the vendor consideration set.