Cloud Data Protection for Retailers

PCI DSS is a great start, but leading retailers realize it’s not just about compliance, its about security. Blue Coat helps retailers protect their life’s blood – their customer’s data – by minimizing its exposure in the cloud

An Overview of Retail Cloud Security:

Retailers are painfully aware that the trust consumers place in their brands underpins the ongoing relationship that they are continually fostering with their customers. As they compete for a customer’s share of wallet, retailers are increasingly including market-facing messaging associated with the security steps they take to safeguard their customer’s payment details and other identifiable information. As continual breach headlines shake customer confidence, retailers are seeing how security can be a powerful customer-focused message.

And retailers realize that security safeguards go beyond PCI DSS compliance. Being compliant is not necessarily being secure, as breaches at processors such as Heartland and retailers like Target have shown. In addition to boosting the security of their internal systems, retailers are also looking closely at the systems of the 3rd party outsourcers and cloud providers they use. They are mapping where data flows throughout its entire lifecycle and looking for ways to minimize the risks of exposure whenever and wherever possible.

Blue Coat Offers a Solution to Protect Retail Cloud Data

One of the concepts of PCI DSS that retailers are familiar with is risk/audit scope reduction. Techniques like tokenization and encryption are used by retailers to limit where sensitive data flows. But can this concept work in public cloud SaaS solutions? Up until a few years ago, the answer was no. This is because when you tokenized or encrypted data in the cloud if broke critical cloud application functionality. For example, how could you pull up a customer record by searching on a last name field it the field had been replaced with a token value in the cloud system? Because of this, retailers had been wary of using cloud systems when sensitive data has been involved.

But Blue Coat’s Gateway has changed the scenario. By allowing customer details, including payment information, to be tokenized or encrypted before it leaves the retailer’s own datacenters and goes to cloud SaaS systems, while simultaneously preserving the usability of the cloud application, Blue Coat makes cloud use possible without requiring retailers to place sensitive values outside their span of control.

Customer Case Study:

Provider to Major Retail Brands Innovates in Loyalty Services Thanks to the Cloud

Challenges

Becoming the marketing and provisioning engine behind the loyalty program services of some of the largest brands in the world is an amazing accomplishment, but it is also represents an incredible responsibility. To provide cutting edge services on behalf of many well-known and trusted brands, this service provider decided it needed to move its IT systems to the cloud. The efficiency that cloud systems provided, together with their ability to dramatically improve the service provider’s time to market with value-added capabilities for loyalty program members, made the cloud an attractive proposition. But the loss of control of loyalty program member’s data, and the need to alleviate any concerns that could raise for the brands they were supporting, quickly became the challenge.

Requirements

As the loyalty services provider began to work with the large retailers, travel companies and financial institutions it supported, two primary issues started to become clear. The companies did not want the payment card details of their customers to be in the "clear" while being processed and stored in the cloud. The other was that quite a few companies, based on the geography of their customers, had concerns about customer information crossing jurisdictional borders to a cloud provider’s datacenters. As a result, the loyalty services provider need to be able to show:

  • That customer loyalty program data was never leaving their datacenter in the clear, and
  • The new cloud-based system could provide an excellent customer experience (e.g. customers interacting with web portals checking on their point accumulation, transacting with points, etc.).

 

These requirements created challenges for the cloud-based system that was being considered. How could data be kept out of the cloud without hampering the usability of the system? How could data be kept obfuscated while it was being processed? The project started to stall because of these issues, but the cloud provider’s technical team introduced their partner, Blue Coat, to help address the problem.

Solution

Blue Coat worked with the project team to design a solution using Blue Coat’s Cloud Data Protection Gateway to keep PII and payment details associated with loyalty program customers completely within the service provider’s datacenter. The Gateway, based data protection policies defined by the provider’s data privacy and security teams, tokenized or encrypted sensitive data before it left the loyalty services provider’s physical control. Therefore, the information sent to the public cloud SaaS application for processing and storage was compliant with the requirements of the major brands they were servicing. They were able to demonstrate that any unauthorized party might be able to access any of the information directly in the cloud would see substituted obfuscated (meaningless) values instead of the original data. And best of all, the Blue Coat Gateway ensured that the critical application functionality that the customer service personnel and the loyalty program members themselves depended on, such as the ability to Search on personal identifier details that had been obfuscated, is retained.

Resources

Cloud Data Protection Gateway Datasheet
Cloud Data Protection Gateway Encryption Solution Brief
Cloud Data Protection Gateway Tokenization Solution Brief