eCommerce security is a headache for even the largest organisations, so what steps can you take?
Hardly a month goes by without a major breach of security involving an eCommerce retailer or financial services company. Confidential details of 27,000 Barclays bank customers, including; earnings, health and passport information were stolen in February 2014. A month later, details of 4.1 million customers of the three major South Korean telecoms companies were apparently sold to fraudsters.
Security at every step (or click)
Bricks and mortar retailers include security features throughout their stores; security in eCommerce is even more important because the potential losses are higher. If customers lose confidence in an organisation’s ability to keep their details safe, they’ll stop buying – and you’ll face severe penalties for failing to comply with PCI (Payment Card Industry) regulations. IT security should be a fundamental design principle, not an afterthought.
The key to making a Linux system secure is standardisation based on:
1. A Standard Operating Environment (SOE) designed and configured to include ‘security by default’.
2. A Standard Operating Environment Management Platform (SOEMP) to maintain quality assurance through consistent and efficient deployment and maintenance.
3. Best practice systems management processes that establish proper governance to manage the security of existing and future builds.
Management is crucial. LinuxIT uses the FCAPS (Fault, Configuration, Accounting, Performance & Security) framework for network management model for systems management as we believe it helps identify areas for the definition of best practices for Linux.
User authentication and authorisation of permissions and roles is a vital part of eCommerce security. With a large number of servers and users, a centralised means of managing user access is required. Several best practice tools are available to allow Linux users to authenticate against an existing directory services infrastructure, such as Centrify, IdM or LinuxIT’s AAA (Authentication, Authorisation and Accounting). Centrify allows organisations secure and audit access to cross-platform systems and applications using Active Directory. AAA provides a highly available secure gateway.
User activity monitoring
Many IT security breaches occur because of sloppy, or malicious behaviour. It can be difficult to guard against an insider physically taking for example customer information, but eCommerce operations can take precautions to ensure their customer data is well protected. Process governance, audit trails and restricting employees’ use of external data storage all reduce risk. In eCommerce environments it is essential to restrict the commands that users can run and record exactly which actions have been performed.
- Security breaches are a real threat to eCommerce organisations, leaving them at risk of hefty fines and severe reputational damage.
- IT security is a huge factor for eCommerce and should be implemented and designed to minimise risk by strictly controlling user access.
- Organisations should have a Standard Operating Environment (SOE) with a Management Platform designed and configured to include ‘security by default’.
- Proper governance should be established in order to manage the security of existing and future builds.
- User access rights can then be applied and managed centrally using platforms such as Centrify or IdM.