Policy Guardrails Mitigate Cyber Monday Security Risks

Cyber Monday: It’s traditionally one of the biggest shopping days of the year, but 2021, it’s also a day that many retailers have been dreading.

With so many aspects of this year’s holiday shopping experience outside retailers’ control—shipping delays, supply chain issues, and labor shortages, to name just a few—retailers are shifting their focus and using enhanced data security policies in their mobile apps and websites to improve the shopping experience for customers. 

According to ​​Corin Imai, compliance strategist at Styra, a firm that works in cloud-native authorization, one of the biggest retail trends this Cyber Monday will be the widespread adoption of policy guardrails designed to improve the customer experience and enhance data security for those customers who shop online. 

“By adopting a set of policy guardrails to mitigate risk and operational error within their applications, retailers can offer their customers a faster, more flexible and secure shopping experience,” Imai says. “This ensures that retailers don’t lose customers due to downtime as well as slow loading. It also reduces the likelihood of a cyber event, which can cause shoppers to avoid the site in the future out of fear of a second attack.”

Back when most shopping happened in person, big box retailers were known for implementing policies on Black Friday that regulated things like when shoppers could get in line, how many people could be inside a store at once, or how many hot ticket items they could purchase in a single transaction. These regulations were developed so that people could have an enjoyable and safe experience when shopping inside the retailer’s stores.

With so much of the holiday shopping rush taking place online now—online purchases are expected to increase between 11% and 15%, reaching as much as $226 billion this year, according to the National Retail Federation’s holiday forecasts—retailers are looking at how they can use technology to more effectively manage crowds and policies online.

“We expect shoppers to flock online to make their holiday purchases this year just as they did in 2020. With more shoppers online sharing personal information and credit card details, retailers sites and mobile apps are processing and storing massive amounts of data. This makes them key targets for malicious actors,” Imai says. “By putting the proper guardrails in place, retailers can ensure data remains secure and that if there is a vulnerability, that these hackers won’t be able to access the entire system thanks to authorization policies.”

Imai says the scale, speed, and complexity of modern cloud apps is exponentially higher than the traditional, on-premises applications of even just a few years ago. As Cyber Monday draws closer, she’ll be keeping a close eye on uptime, misconfiguration, data processing, and anomalies in application data handling. These are important focuses to have, especially for the holiday shopping season, because they factor into the health and efficiency of the systems that support digital commerce.

“Watching for uptime and data processing operations determines the reliability of the system when experiencing high volumes of traffic, while misconfigurations and data handling anomalies reveal if the coding ahead of the shopping holiday was done correctly,”  Imai says. “These items help us improve upon short- and long-term issues that may arise during the shopping sprees.”

With 78% of consumers now saying they value privacy over customized marketing, Imai says it’s even more important for mass market retailers to properly manage consumer information by implementing policies that provide the right protections.

Several open-source libraries exist around implementing those policies. Imai says one open source project that has worked well for retailers is Open Policy Agent (OPA). Retailers are able to use OPA to align business practices and code with consumer regulations. OPA was developed to simplify APIs, and it allows businesses to unify policy controls across entire applications. 

“With a unified policy control, retailers have much more power over who has authorized access to the system,” she says, “[along with] how data is handled and where data moves to.”

​​Stephanie Miles is a senior editor at Street Fight.

Tags: