Why is security so important in maintaining a company’s brand appeal and retaining their customers? Kuna Nallappan, marketing director, APAC, F5 Networks, explains.
A website acts as a store for a brand online, just like how a store in a mall acts as its shopfront. When a store in a mall experiences theft, it does not look positive. The same applies to an online store. A cyber security breach on the online store front can severely impact the reputation of the brand. It is mandatory for online retailers to ensure protection they provide is multi-layered and protects their entire application infrastructure as their users access and transacts online.
The importance of protecting apps and applications
Apps are everywhere as a result of technology evolution, user’s mobility and user’s behaviours. According to F5’s State of the Application Report, which was released late last year, 45% of businesses deploy one to 200 applications, while 17% deploy between 201 and 500.
The growing number of applications and the proliferation of apps means that businesses are more vulnerable to cyber threats. This movement has caused a shift in the “perimeter” needing to be secured. Inarguably, apps are the gateway to vaults of data, whether corporate or consumer. This is why retailers need to protect their apps and fortify the entrance.
Every online retailer has different attributes and unique differentiators, and most have confidential data. For example, a youth apparel brand may have new cutting designs which could be leaked to the rest of the industry via a data breach.
Equally confidential is consumer data, as there have been cases of security breaches due to insiders — employees of an organisation. Adding to the complexity is the BYOD phenomenon — people are bringing their personal devices and using these devices at work. These practices open up the enterprise for a wide array of threats.
There are two ways to manage and mitigate cyber threats. Firstly, companies should proactively educate their employees on the basics of cyber safety and etiquette. Human error is one of the biggest factors in cybersecurity. Basic understanding of do’s and don’ts will help companies prevent any cyber threat. Secondly, employees need to know what to do and who to report to when a breach happens. Any data breach should be reported.
The benefits of an applicationcentric security strategy
Consumers and businesses today are accessing more information, including sensitive data, via applications from within and outside the corporate network. A security approach that centres on protecting the network and the devices that are connected to it is no longer enough. Applications and access to those apps are becoming the new perimeter. As such, protecting them and having the ability to detect breaches and respond quickly defines the future state of security.
The ideal security posture is one that is based on ‘zero trust’. One that assumes that no device or person who is accessing the information can be trusted. Your security posture is adjusted after you understand the context of the access. For example, whether a user is requesting access from home, a café or from within the office premises, and whether the application being accessed is critical, should determine the level of authentication and access provided.
Ensuring balance between security and the user experience is an ongoing discussion between the business and security teams. In this case, context is important. If the in-house app is critical or confidential, then it will be highly tilted towards security. If the application is logging the usage of time by an employee at work, then the consideration for a good user experience is key. Compliance provides guidance to enterprises as they navigate the balance while protecting consumers and end-users.
Ultimately, security is all about insurance against what could happen. Just like how there is no one insurance that can protect against all risks, there is no one security solution that can protect against all security breaches, especially in a ‘zerotrust’ world. It is therefore important to consider all points of risks both within and without, and then decide on a multilayered security approach that can help prevent, detect and effectively respond to threats. It is up to the business to decide how much of a risk it wants to take.
At the end of the day, you decide if you want to take risk of a potentially permanent damage on your brand’s reputation.