When you think about Retail IT security, the first thing that probably comes to mind is the breaches to confidential customer information that have been perpetrated by hackers in recent years. As a result, there has been a scramble by many retailers to upgrade their use of encryption and end-to-end tokenization to protect that data while in use, in transit, and at rest.
However, according to Verizon Enterprises, 94.5% of IT security incidents in 2015 were perpetrated through insider accounts, not outside hackers. These insiders are not just limited to employees, but also include contingent workers like skilled contractors, subcontractors, and partners.
The common enterprise lockdown solution to prevent individuals on the inside from viewing confidential data is to restrict their access using the group policies feature that comes with your Windows operating system. Configuring the policies is often a tricky process to ensure that you block all possible avenues to data risk for any given scenario. Every time Windows does an update, you have to make sure that no new avenues of data risk have been created as a result, and sometimes these new avenues of risk get overlooked.
Here’s another drawback of this approach; if a cashier is experiencing a problem, he or she has to sign off before a supervisor can sign on to try and diagnose the situation. Sometimes the process of signing off and signing on solves the problem, so there is no way to learn what caused the original issue or how to prevent a future reoccurrence.
A better enterprise lockdown solution is to have a configuration file that maps different user groups to specific applications they can access and run within a protective envelope that prohibits any other applications from being accessed. Whenever you add a new application to your system, you don’t have to worry about writing new policies and blocking avenues to other applications for different users. You simply have to add the new application to the list of acceptable apps within the configuration file for the appropriate user groups.
Here’s another advantage of using this kind of solution; the supervisor in our previous example would be able to log on to the cash register at the same time as the cashier to troubleshoot any problems and take corrective action.
RedIron provides this ideal solution with a Fast Start App we’ve developed called 2Prevent. 2Prevent contains a configuration file that affords you complete control of the store environment, including enterprise lockdown capabilities.
It includes native OS and web to eliminate employee access to anywhere desired, preventing the use of in-store technology for non-business use while ensuring access to all critical applications and devices. It eliminates access to sensitive data while enabling partial access to necessary programs.
Connecting 2Prevent to your network can be done with plug-and-play ease because we’ve designed it to be a stand-alone module that integrates via our proprietary SOA middleware layer called RI Broker.
To learn more about how RedIron’s RI Broker can simplify integrations like 2Prevent, click here to download a complimentary copy of our white paper, “Plug & play integration for the retail ecosystem”.