Conversations about data security abound! From Austin to Minneapolis. From a flourishing retailer to a respected former Minnesota Senator.

Abir Thakurta
Senior Director, Professional Services
nuBridges

Earlier this week some nuBridges’ colleagues and I flew from Austin, Texas to Minneapolis, Minnesota.   Within a matter of four hours we had gone from the hot ‘temperate’ zone where it was 87° F to a frozen (-6 °F) ‘tundra’ zone (as put forward by one of my esteemed colleagues).  With obvious apologies to the Minnesotans who were going about their daily life with no chagrin, driving in the snow storm was a spine-chilling experience. However, it was not any more dispiriting than the local evening news carrying the story of a data security breach involving former Minnesota Senator Norm Coleman.

Turns out that personal information on approximately 51,000 supporters and donors of Coleman’s was breached because the campaign Web site was not properly secured. Seems the former Senator’s campaign collected detailed information on every supporter and Web site visitor and retained unencrypted credit card information from donors, including their security codes, on the campaign's Web site. All that sensitive information was stored in a database file sitting in a directory exposed as plain text. Coleman's legal counsel cited a federal crime had been committed. Personally identifiable information and credit card numbers had been compromised. Needless to say, the senator’s supporters and donors are not happy.

A lot of political bickering and finger pointing is going on regarding this data security breach. But the underlying issue around data security is universal. Data security is increasingly becoming the topic of a majority of security conversations. But data security is also becoming the topic of conversation in the general public; for example, a fellow hotel guest of mine in Minneapolis was not very happy with the news because she had donated to Coleman’s campaign. Not just mandate-impacted businesses or security pundits, but individuals and consumers are also realizing the need for data security and they’re demanding it.

If sensitive data is compromised in today’s world, businesses will pay a much heavier price than the cost of investing in data protection strategies. Yes, we have indeed gone beyond data security for compliance and moved to data security for good corporate citizenship. Very soon the ‘it can’t happen to us’ mentality will also transform into ‘let’s get better at keeping our data secure.’

As an advocate for data security, I couldn’t feel more positive -- I may have experienced a drastic change in climate in four hours. But the commitment to invest in data security was the same whether in hot Austin or cold Minneapolis. The flourishing retailer in Austin is thinking about it; the booming home shopping cataloger in Minneapolis is figuring out how to implement it; the respected former Minnesota Senator is experiencing the aftermath of not thinking about it.

Data security can’t be ignored . . . and very soon our fellow citizens will mandate it . . .

What are you doing about this issue? I’d love to hear from you.

Thanks for reading,

Abir

Journal from the InfoSec World Conference and Expo 2009

Gary Palgon
Vice President, Product Management
nuBridges

If the variety of topics and interactive dialog around information security at InfoSec World is an indicator of need for companies and organizations to get better, then there’s plenty of room for growth.  While many companies seem to be making progress, most are just embarking upon implementing best practices in security and often are just assessing the risk off different threats within their company.

One presentation of interest included “Taming the Beast(s): Securing Major Enterprise Applications” by Rich Mogull, which discussed how security must be considered throughout the entire software development lifecycle as well as the differences in addressing security in enterprise applications, application servers and legacy solutions.  Data de-identification and data masking in the test environment and security options in Oracle and SAP were also discussed.

And Whitfield Diffie, a pioneer in public key encryption, spoke about where we are headed in security.  He reflected on past milestones including initial cryptography, the advent of computer processors for calculations and the problem of encryption key management, the latter in which he’s heavily involved.

As Diffie looks forward, the security of cloud computing is of concern and the privacy issues that go along with it.  He wonders, for example, if I offload information to a 3rd party, how can we ensure they don’t have full access to information?  And if they do, who has access to it? All valid concerns and no doubt  coming from his background in public key encryption brought forward!
Here’s my picture with him!

Until next time,

Gary

Impressions from the Retail Executive Summit – February 2009, Carlsbad, CA

Abir Thakurta
Senior Director, Professional Services
nuBridges

Coming back from the RES 2009 Summit, I began reflecting on the past few days of the summit where I had the great fortune to spend some quality time with the who’s who of the retail world – from VPs of IT to CIOs and CEOs for some of the world’s most famous retail brands.

The summit gave me an opportunity to understand the retail business during these tough economic times. It is clear that the economic downturn has taken its toll on retail. Strategies to mitigate the downturn were on the forefront of every retail leader’s mind. Most of the strategies were focused on expense reduction, increasing customer intimacy and maintaining sales within their customer base.

• Specific actions being taken by retailers to counter the economic downturn (expense reduction):
  • Benefit reductions (many retailers are reducing their 401K matches).
  • Internal review of licenses and technologies that are being used or sitting on the shelves.
  • Direct deals with manufacturers to reduce inventory and improve delivery schedules.
  • Most of the retailers are heavily negotiating and re-negotiating their real estate deals. Many are closing stores, opening new ones or simply relocating. Given the nature of today’s real estate market in the US, most of the retailers see this as an opportunity to reduce expenses.
  • Green initiatives are being used as a mechanism for general spending reductions, especially reduction in outside spend.
  • Short-term IT initiatives are being reprioritized but larger, long-term strategic IT initiatives will continue.
• Increasing customer intimacy and leveraging customer touch points are very high on all the retailers’ agendas. These include initiatives to create “one view of the consumer:”
  • Multi-channel retailing, consumer-centric revamping of store operations, and new store technologies like kiosks, online social networking (like Facebook) and shopping through mobile devices.
  • A convergence of store systems, corporate systems and consumer-facing systems is imminent and sharing of information within these systems will become important.
  • Improving cross-channel synergies in a multi-channel environment with the ability of measuring the value of the non-main channel.
• All the retailers noted that consumer behavior was changing rapidly:
  • Consumers are more educated now and conduct research before purchasing.
  • Discretionary spending is reduced so consumers are saving their money and waiting for sales and promotional events before making purchases.
  • Focus on the future retail shopper was a big highlight: how to market to Gen Y shoppers who are not tech savvy, yet are very tech-dependent.
  • Most retailers still believe that quality experience in the store and assortment of merchandize trump pricing for loyal shoppers.
  • Most retailers are focused on understanding consumer lifestyles and not individual buying habits.
• Key strategic initiatives that retailers are currently working on (2009 and 2010):
  • Moving to private labeling is an important strategic initiative for retailers in this economy. It improves brand loyalty, increases customer intimacy and reduces merchandizing costs. For example, Costco has increased private label products from 20% to 25% and Walmart from 12.5% to 20%.
  • Expanding CRM/BI initiatives to use intelligence from the store and make it available to merchants who strategize consumer needs for their outlets.
  • Incorporating brand differentiators but building brand relevance to capture the mind of the captive consumer base.
  • Using social media and social networking like blogs to tap into consumer mindshare and inculcate viral marketing.
  • Improving data mining within the enterprise and identify Internet buzzes (good or bad categories) to tap into consumer behavior.
  • Consolidating and merging of POS and eCommerce systems.
  • Defining and creating the store of the future to retain consumer loyalty and enhance the buying experience (kiosks, RFIDs, mobile-selling devices).
  • Focusing on retail workforce management (WFM). WFM processes and solutions are going to be in demand over the next couple of years as retailers have identified it as an area to focus on for expense reduction. WFM involves techniques like resource schedule optimization, labor budgeting, and time and attendance solutions.
  • Viewing data security as an important agenda to mitigate risks associated with brand protection. Many retailers were thinking of focusing on enterprise end-to-end data security in the next couple of years.

  It was indeed a very enlightening experience to wine, dine, golf, break bread and share thoughts with a group of likeminded individuals who did not view me as another vendor trying to pitch a product to them. Yes, they are very clear – they are not looking for vendors anymore – they want partners who are willing to share their pain and work with them with ‘enough skin in the game.’

  Another notable cause was retailers joining hands to champion a charitable initiative called the ‘retail orphan initiative’ for supporting global initiatives for child protection. I found the initiative a noteworthy cause. For more details you can visit Retailroi.org

  Until the next time,

  Abir

  P. S. Get out there and shop….that’s what your retailers want…!!!