It may seem counter intuitive but it is true nonetheless: buying software that’s designed specifically to solve a particular problem probably won’t solve that problem by itself in today’s retail environment. And nowhere is that more true than in data security. Effective compliance and security requires a strong data security solution, a strong system management solution, and a strong complementary relationship between the two.
Most retail environments today are highly distributed, with thousands of locations that are widely dispersed geographically. So, for example, if you install end-point security at all of the end-points of your network, that by itself is no guarantee that all endpoints will stay current with the latest signatures. If one endpoint is exposed, all endpoints are exposed, and so is the rest of the IT infrastructure. The same is true for software updates in general. How do you make sure all necessary patches are applied quickly, whether those systems are on or off your network and while also ensuring that each attempt to patch was successful? It only takes a single instance of an unpatched piece of software running on one machine to expose the entire enterprise to malicious intent.
Policy management is another challenge plaguing retail enterprise. In order to prove compliance, just having a security solution in place is not enough. You have to demonstrate that you can operate in a compliant manner, which in turn requires policy management, which in turn requires enterprise-wide visibility and control over all systems.
Furthermore, enterprise-wide control needs to be automated, since security incidents occur in real time, without warning, and involve potentially thousands of data points. A data security solution, by itself, likely can’t consolidate all the relevant security data available at thousands of locations across highly distributed networks. It can’t bridge multiple diverse hardware and software environments; even those that include outdated technology. Nor can a data security point solution protect data traveling outside a closed VPN. But a strong systems management solution can do all three, and it can do so automatically and in real time.
Data Security & Systems Management: A Complementary Relationship
When provisioned properly, a data security solution and a system management solution complement each other to form the foundation of a smart and effective retail data security system. Take PCI DSS compliance for example. A retailer will typically expect a security solution to offer robust features such as:
- Wireless intrusion detection
- Control access
- Internal and external scanning
- Virus and spyware protection
- Password management
Whereas strong system management features include:
- Providing a single holistic view of system health (including security events)
- Applying software updates (including security patches) to keep systems current
- Detailed logging of critical events across all IT
- Automated procedures to monitor and remediate out-of-bounds conditions
- Monitoring suspicious spikes in utilization of bandwidth or other resources
- Automated Policy Management to monitor and maintain compliance
Total Security Isn’t Just About Deploying Standalone Security Solutions
Just as Security is more than just keeping out malware, good systems management means more than just running systems smoothly. You need to manage systems in a way that enables your retail data security solution to do its job – and do it well.
Managing systems for high data security includes things like:
- Logging security-related events in addition to performance-related system activity gathering from all systems the complete information that the security solution needs to process
- Applying remediation at any location where the data security solution indicates remediation is called for
- Ensuring all systems and settings across disparate systems are kept in constant compliance with Policy
Of course, the system management solution itself needs to be highly secure too. That includes the ability to:
- Communicate securely end-to-end with remote systems, even across the public Internet
- Utilize robust access controls and other protections against unauthorized operation
- Conform to industry recognized security standards such as FIPs
Creating a complimentary relationship between systems management and data security solutions helps retailers achieve true total security. That’s a lot more than a data security solution alone can provide.
Kaseya Can Help
The Kaseya IT Systems Management Automation Framework provides a single framework in which to consolidate ITSM and security management helping retail organizations to get a better handle on IT security and PCI compliance. Visit http://www.Kaseya.com/industries/retail for more information.
To learn more about how other retailers are solving this challenge, be sure to check out this on-demand briefing “Retail IT 2013: Data Security & PCI Compliance Best Practices”