By: Prabhat Pathak, Director of IT – Cyber Security and Technology
Ecommerce is probably the biggest disruptor in business areas in modern era. It’s fascinating how technology is making a difference in people’s life, but do we know the other side of the coin? Let’s check it out.
Know the obvious – In terms of technology ecommerce is among one of those B2C areas which almost uses most of the modern technology which is ever evolving and becoming better and better. Fantastic!!! Isn’t it. New technologies, new generation of employees, everything needs to be done immediately!!! Truly Agile!!!
This makes life of security person extremely difficult….Can we stop business from growing answer is no. So, let’s get back to what is required.
a) Understand the business model – know what your customers need – This will help to understand your marketing landscape and their needs, your business and customer and their consents. This will help to align to right goal.
b) Understand the technology landscape – Know all platforms, most platforms say they are SaaS etc, so go back and recheck if they are compliant enough – Perform 3rd party checks in details
c) Understand your PII and Customer Data journey – Criticallllllll — Know what data is shared to whom, which systems are talking, what format your data is shared, is there excess information being shared, Is data encrypted? —- This is biggest gap areas in ecommerce platforms as it’s micro architecture
d) App and Api’s — Once again this is most bypassed and most unexplored area. Get a list of details and go back to specialized API’s and app-based security testers and follow the journey of your data.
e) Security architecture — Once again secure by design, secure dev ops, SAST, DAST, VA, PT, WAF, Bot and Fraud. This can vary for each use case. Understand your business needs and balance out what is needed and what is must.
Design right and be agile – Once again all above when you spend time, they help you to understand the right picture and design right solutions. Once again as every day there is new business and new requirements bringing in new IT tools. That introduced new threats and explored areas, so be prepared and keep UpToDate on changes to follow the trend to be protected.
Bharat Raigangar, Board Advisory & CyberSecurity, 1CxO adds, “Don’t fear mistakes as more bigger steps ahead just keeps you going. If milk gets bad, it becomes yoghurt. Yoghurt is more valuable than milk. If it gets even worse, it turns to cheese. Cheese is more valuable than both yoghurt and milk. Christopher Columbus made a navigational error that made him discover America. Similarly, E-Commerce Security is always a challenging and evolving topic, where the risk is not just from within the organization to control – but more from Supply Chain. Build a robust Supply Chain Trust & Resilience Program to balance the Business Gains v/s Risk. The buzz is around Business Disruption in Ecommerce leading to Growth.”
About the Author:
Prabhat Pathak is currently working as Director Technology and Cyber Security with 20+ years of experience with a mix of consulting and industry Leadership roles. Wide range of industry experience in domains of BFSI, FMCG, Retails, Logistics etc. Lead many global transformations across organizations in areas of large and complex technology products, Security transformation, Digital and Cloud transformation etc. Expertise in areas of cloud and application security, secure DevOps, Fraud protection in Digital space and ecommerce, Data and OLTP security, Integrations and Api security, 3rd party security and risk assessment, Change advisory board, Security Governance council, DPO office advisory.
