Many retailers lack skills to effectively manage cloud security, Claranet research

Two-thirds of UK retailers do not have full in-house capability to manage security in the cloud, according to research carried out by Vanson Bourne on behalf of Claranet.

In addition, 60% of the 100 IT decision makers polled said that they have incomplete awareness of how their organisation’s security posture in the cloud affects their overall IT security. This is despite the fact that 73% of retailers have either already migrated application workloads to hyperscale cloud providers, or are currently in the process of doing so.

John Hayes-Warren, Head of Retail at Claranet, comments: “Retailers that have not engaged with cloud in some way are now few and far between, with hyperscalers having established a dominant position in the cloud market. Retail organisations seem to be doing fairly well in terms of planning and carrying out these migrations, but our research has shown that there’s a very real danger of security being left behind as part of this process. Given the potentially severe reputational impact a data breach can have on a retailer, it’s important this is addressed as a priority.”

Sumit (Sid) Siddarth, Director at Claranet Cyber Security, adds: “The self-provisioning aspects of public cloud are beneficial in many ways, but they can also lure retailers into a false sense of security. The big hyperscalers have a lot of sensible defaults to help guard against threats, but if internal IT teams without the requisite skills create these environments themselves, mistakes can still occur. Cloud offers a huge number of advantages, but without being administered properly, it can open retailers up to a number of new security threats.” 

Retailers need to re-evaluate their approaches to both cloud and security, and make sure that they consider both as being part of the same IT ecosystem. This should include efforts to upskill in-house staff, and also the formation of collaborative partnerships with external experts who are well-versed in the specifics of secure cloud migration.

Hayes-Warren says: “Migrating to cloud is often a complex process, so it’s important to invest a lot of manpower in it. However, there should be no excuse for neglecting security considerations, especially given the current threat landscape and the fact that hackers are seeing cloud as an increasingly lucrative target, especially within the retail sector, which saw a record number of data breaches last year. Working with partners can be hugely advantageous here, as they can bring the added expertise needed to work through the more complex aspects of secure cloud migration, such as developing infrastructure as code to guard against mistakes being made.”

Siddarth adds: “Also key to addressing this skills gap in the long-term is engaging with third parties to implement holistic training programmes focusing on the unique challenges and intricacies of cloud security. By investing in this area, retailers can ensure that they build applications that are fully cloud-ready from the outset, and foster a philosophy which incorporates security into any cloud migration activity.”

Hayes-Warren concludes: “Cloud’s continued rise in retail is inexorable, so it’s important that organisations act now to shore things up from a security perspective. With the right focus on raising skill levels and sealing gaps in knowledge, this is very much a realistic aim.” 

Sign up for our free retail technology newsletter here.