eCommerce Security: How to Control User Access to Your Environment

eCommerce security risks are ever increasing; the costs of breach is more than just about lost sales, so find out how to protect your brand’s reputation.

eCommerce security risks are ever increasing; the costs of breach is more than just about lost sales, so find out how to protect your brand’s reputation.

Retail Fraud Magazine recently cited Sage Pay’s 2015 Payments Landscape Report, which claims that SMEs are losing £18bn every year to fraudulent transactions. “According to a study by Sage Pay, more than a third (35%) of businesses have experienced fraudulent activity in the past year, with each losing an average of £3,450”.

This is just one of many examples showing how crucial it is to ensure your eCommerce security environment is built with the latest security standards in mind. This is particularly important if your organisation is a large enterprise because the losses would be many fold more than the report’s findings for SMEs.

Mercury News explains that while cyber security is an important issue for every organisation, it is vital for those that store and handle their customers’ sensitive personal and financial data. Online marketplace eBay, for example, holds financial data for 25 million sellers and 157 million buyers. eBay isn’t immune from cyber attacks, and it had to ask its users to change their passwords after a data breach occurred in the spring of 2014.

eCommerce security protection

To protect your organisation against security threats in an eCommerce environment, you need to act now to protect your brand reputation and future sales. Failure to comply with Payment Card Industry (PCI) standards and lost revenue through fines or lost sales isn’t worth it. eCommerce security should be second nature to your own organisation as a design principle. By protecting your customers you can develop their trust and loyalty towards your brand.

Adopt the following best practices to stay ahead of the hackers:

Security with standardisation

The way to secure your Linux eCommerce environment is through standardisation based on:

1. A Standard Operating Environment (SOE) designed and configured to include ‘security by default’.

2. A Standard Operating Environment Management Platform (SOEMP) to maintain quality assurance through consistent and efficient deployment and maintenance.         

3. Best practice systems management processes that establish proper governance to manage the security of existing and future builds.

Effective systems management is crucial. As an example,LinuxIT uses the FCAPS (Fault, Configuration, Accounting, Performance & Security) framework because it helps identify areas for the definition of best practices for Linux.

Deploy identity management

User authentication and authorisation of permissions and roles is a vital part of eCommerce security. A large number of servers require centralised identity management to allow Linux users to authenticate who they are against an existing directory services infrastructure, such as Red Hat Enterprise Linux IdM or LinuxIT’s AAA (Authentication, Authorisation and Accounting). IdM is a way to create identity stores, centralised authentication, domain control for Kerberos and DNS services, and authorisation policies — all on Linux systems, using native Linux tools. AAA provides a highly available secure gateway.

User activity monitoring

Many IT security breaches occur because of sloppy, or malicious behaviour. Poor employee performance is easy enough to manage but it is much harder to guard against an insider physically taking customer information, for example.

Nevertheless, eCommerce operations can take precautions to ensure their customer data is well protected. Process governance, audit trails and restricting employees’ use of external data storage all reduce risk. In eCommerce environments it is essential to restrict the commands that users can run and you should record exactly which actions have been performed.

Takeaways:

• Proper governance should be established in order to manage the security of existing and future builds.
• Security breaches are a real threat to eCommerce organisations, leaving them at risk of hefty fines and severe reputational damage.
• IT security is a huge factor for eCommerce and should be implemented and designed to minimise risk by strictly controlling user access.
• Organisations should have a Standard Operating Environment (SOE) with a Management Platform designed and configured to include ‘security by default’.
• Organisations should have a Standard Operating Environment (SOE) with a Management Platform designed and configured to include ‘security by default’.
• User access rights can then be applied and managed centrally using platforms such as Red Hat Enterprise LinuxIdM.
• Proper governance should be established in order to manage the security of existing and future builds.

Discover how to keep your eCommerce platform secure with a standard operating environment: download the best practice Linux guide on ‘How to create a standard operating environment for a strategic eCommerce platform.’

This post first appeared on the LinuxIT blog