Don't Let Security Concerns Stop Your WAN

For this month's Retail Solutions Forum, we cornered John Janthor, VP of IT at LA Weight Loss Centers Inc., and Rick Olivieri, retail networking solutions marketing manager at 3Com. We asked the pair about the risks and benefits of WAN adoption in retail, and here's what they had to say.

What justification can retailers use for upgrading their WANs?
Janthor: Retailers can justify a network upgrade by the ability to scale and to ensure security compliancy. With network capacities able to support the security needs and future growth of the business and associated applications, we can be assured our infrastructure is aligned with our business goals. As we added new applications, our prior network security was quickly outdated. With an up-to-date network, we're able to ensure our security is where it needs to be by sending security patches and downloads to stores quickly.

Olivieri: Now that most retailers have justified broadband access to stores, they can get information to store-level programs more quickly and can deploy WLANs [wireless LANs] in the stores. These LANs enable such applications as associate-based inventory tracking and lookup applications, as well as customer self-service machines. Customers in larger chains expect to find self-service price-check bar code scanners and kiosks for everything from bridal registry to digital photo developing, all in conveniently located positions on the sales floor.

Retailers who are providing secure wireless access to these devices are eliminating the costs associated with expensive overhead wiring while maintaining up-to-the-minute communications. Installing wireless switches with rogue detection can protect retailers' WLANs from being accessed by unauthorized users. The ability to quarantine unauthorized users from a retail network could mean the difference between a totally secure converged network and a dangerous data breach with the loss of consumer data.

What are the benefits retailers can realize from managing applications centrally?
Janthor: Aside from obvious cost savings and added efficiencies, central applications management allows you to get a pulse on key business systems and processes. Uptime is critical, and the ability to centrally manage an environment and enhance the change management process minimizes downtime.

Olivieri: Retail chains with district sales managers using laptops remotely, or that have other mobile workers, would be foolish not to implement system management software that ensures the latest virus detection and VPN client are running. Central control of retail applications and the ability to manage the network devices they connect to are essential to maintaining network availability. For example, a retailer can now easily and remotely self-manage a 3Com IntelliJack 4-port switch or 24-port Power over Ethernet switch to troubleshoot whether power is available to a PIN pad reader, POS scanner, or phone. The ability to remotely "discover" a network switch, WLAN, or router and upgrade its configuration is another big benefit that helps reduce network operation costs and allows the retailer to save money.

Is there anything unique that can be done with a network besides handling payment processing?
Olivieri: One of the most innovative and unique applications I am seeing is the use of the network for collecting target marketing data at the POS. New software enables retailers' marketers to collect specific buying trends data in real time and send targeted messages to specific clients to increase same-store sales. Imagine the potential a retailer would have to recognize a frequent buyer and up-sell to that consumer while he or she is still in the store. Once again, the mobility provided by an 802.11 WLAN enables such applications.

Additionally, networks enable inventory lookup. Wouldn't it be nice if a shoe salesman could scan the bar code at the base of the shoe, hit a button that scans a central database to find out if the size 9 EE you asked for is in stock, and find out its shelf location, all while he is still standing in front of you? With today's handheld devices, this application is not just possible, but probable.

What security concerns do retailers face with the network they choose?
Janthor: In addition to the SOX [Sarbanes-Oxley] and PCI [payment card industry] compliance requirements, retailers face a continuous challenge of securing systems. This challenge is not only from external threats but also from internal threats caused by employees using IM programs and bringing in external devices such USB cables and flash cards. Networks must react quickly to intrusions of various natures.

Olivieri: It's not so much the network retailers choose as much as the methodology they use to protect it. Whether their network and connection is IP, VPN or Frame, dial-up, or DSL, retailers need to authenticate the users and devices that connect to their data networks, and they need to do this automatically. The PCI standard's "12 steps" instruct retailers to change passwords, update virus protection, control access to data, and install firewalls. But firewalls are not enough. Firewalls protect at the port level and MAC [media access control] address. A professional intruder can make himself look like a member of your company by spoofing your MAC addresses or IP addresses, allowing him to pass through your firewall. Firewall management policies are NOT frequently updated by retailers. Intrusion detection systems (IDSs) only log and track suspicious network activity and report it to you after the fact. Even if you understand the data in the report, an IDS only allows you to prevent the suspect from re-entering next time. This would spell disaster if the intruder planted a key logger or credit card number copier application, because once the logger is done, it could easily send itself back out over the network because the outbound traffic is not watched by the IDS.

The market for networking vendors is competitive. What compels a retailer to choose one vendor over another?
Janthor: Our needs required a vendor that more than just understood and supported networking. We required a business partner that understood how to support multiple applications and also had the ability to scale the network as our business required. The vendor also needed to secure our voice/data systems and infrastructure while exceeding security guidelines.