Posted by Simon Mitchell on Thu, Jul 03,2014
Ecommerce Security: How to Control User Access to YourEnvironment
eCommerce security is a headache for even the largest organisations, so what steps can you take?
Hardly a month goes by without a major breach of security involving an eCommerce retailer or financial servicescompany. Confidential details of 27,000 Barclays bank customers, including; earnings, health and passportinformation were stolen in February 2014. A month later, details of 4.1 million customers of the three major SouthKorean telecoms companies were apparently sold to fraudsters.
Security at every step (or click)Bricks and mortar retailers include security features throughout their stores; security in eCommerce is even moreimportant because the potential losses are higher. If customers lose confidence in an organisations ability tokeep their details safe, they'll stop buying - and youll face severe penalties for failing to comply with PCI(Payment Card Industry) regulations. IT security should be a fundamental design principle, not anafterthought.
The key to making a Linux system secure is standardisation based on:
1. A Standard Operating Environment (SOE) designed and configured to include security by default.
2. A Standard Operating Environment Management Platform (SOEMP) to maintain quality assurance throughconsistent and efficient deployment and maintenance.
3. Best practice systems management processes that establish proper governance to manage the security ofexisting and future builds.
Management is crucial. LinuxIT uses the FCAPS (Fault, Configuration, Accounting, Performance & Security)framework for network management model for systems management as we believe it helps identify areas for thedefinition of best practices for Linux.
Identity managementUser authentication and authorisation of permissions and roles is a vital part of eCommerce security. With a largenumber of servers and users, a centralised means of managing user access is required. Several best practicetools are available to allow Linux users to authenticate against an existing directory services infrastructure, suchas Centrify, IdM or LinuxITs AAA (Authentication, Authorisation and Accounting). Centrify allows organisationssecure and audit access to cross-platform systems and applications using Active Directory. AAA provides a highlyavailable secure gateway.
User activity monitoringMany IT security breaches occur because of sloppy, or malicious behaviour. It can be difficult to guard against aninsider physically taking for example customer information, but eCommerce operations can take precautions toensure their customer data is well protected. Process governance, audit trails and restricting employees use ofexternal data storage all reduce risk. In eCommerce environments it is essential to restrict the commands thatusers can run and record exactly which actions have been performed.
RememberSecurity breaches are a real threat to eCommerce organisations, leaving them at risk of hefty fines andsevere reputational damage.IT security is a huge factor for eCommerce and should be implemented and designed to minimise risk bystrictly controlling user access.Organisations should have a Standard Operating Environment (SOE) with a Management Platformdesigned and configured to include security by default.Proper governance should be established in order to manage the security of existing and future builds.User access rights can then be applied and managed centrally using platforms such as Centrify or IdM.
Discover how to keep your eCommerce platform secure by implementing a SOE.Get your free eGuide now: Best practice Linux guide: How to create a standardoperating environment for a strategic ecommerce platform