As cyber security gets more attention in the news and among online shoppers, it’s natural for consumers to worry more about the protections retailers provide. Only 55% of shoppers believe that retailers use security systems that adequately protect their data, which isn’t surprising.

Trustwave found that data breaches rose by 53.6% from 2012 to 2013, with over half of those breaches aimed at ecommerce sites. Highly sensitive data, like credit card numbers and personal information, is especially at risk. As customer expectations grow and IT budgets often shrink, how can retailers address the security demands of today’s digital world? Many organizations are turning to cloud-based commerce solutions to help bridge this gap.

1. Cost
The cost of hosting and securing a home-grown, also known as an “on-premise,” commerce solution is a growingconcern for businesses today. In order to achieve a high level of security, organizations can be faced with over a million dollars in upfront costs and personnel, not to mention ongoing maintenance fees and annual compliance audits that can run tens of thousands of dollars.

Some companies believe that this investment is worth the cost because they retain complete control over theirdata by not sharing it with a third-party provider. And while that notion is indeed valid, it’s important to note thatcloud-based providers can take advantage of economies of scale in protecting retailers’ data. In other words, it’snot nearly as cost-effective to invest in securing a hosting environment for one website as it is to protect hundredsor even thousands of sites, which is what a cloud-based commerce solution does. This notion means that there aresubstantial cost savings available to retailers who utilize cloud-based solutions to power their online presence, ofwhich can be invested in other channels and revenue-driving activities.

2. Proactive security
Beyond cost savings, retailers are increasingly turning to cloud-based commerce solutions for the higher levels ofsecurity found in a proactive, multi-layered approach. Just like a bank has a legal and reputational obligation to protect your money, so do cloud-based providers in protecting your data – not only does a data breach greatly threaten the bottom line of a cloud-based provider, but like the FDIC, the Payment Card Industry (PCI) requires that ecommerce providers reach a minimum level of 250+ security requirements to maintain your data.

To meet these obligations, SaaS providers must look beyond basic infrastructure design in today’s ever-changingworld. If the fiasco at Target taught IT professionals anything, it’s that being reactive is nowhere near enough –instead, hosting providers must proactively probe their defenses using the same tools and tricks that attackers use.This approach is not easy nor inexpensive but provides a high level of confidence for their customers, and just asimportantly, greatly reduces the likelihood of being impacted by a data breach.

3. Collaboration between IT and development teams

Whether you prefer to call it “cloud-based” or “SaaS,” at its core, this type of solution offers both a software and a service. Beyond the fact that SaaS providers own and operate all network, system and database layers and canaddress attacks at both the infrastructure and application levels, there’s also an increased level of collaborationbetween internal software developers and infrastructure teams. This unique level of teamwork means that information security leadership can work hands-on with the development team to train and recognize vulnerabilities in the software code.

For example, in 2013, 55% of data stolen was payment card data, much of which was accessed by SQL injection.Even though this attack type has been around for over a decade, it’s still one of the most common attacks seentoday, remaining the number one type within the OWASP top ten. One of the most under-utilized methods ofprotecting against this is to stop vulnerabilities at their source, the source code. By working under one roof, the information security team can customize training to the specific platform their developers are working on,providing examples of vulnerable code so developers recognize them when writing or reviewing code.

As Target and other high-profile data breaches have taught us, reactive IT security is no longer enough to meet thegrowing onslaught of ecommerce attacks and growing customer concerns. As the media looks to focus on the nextbig breach, the reputation of retailers is at higher risk than ever, despite declining IT dollars. Because of this,security and cost-savings should be at the top of any checklist for the C-suite, including the growing trend to place cloud-based commerce solutions into the vendor consideration set.