Guest Column | November 27, 2019

How To Avoid IT Infrastructure Blues This Black Friday

Retail Security Infrastructure

With Black Friday and Cyber Monday quickly approaching, online and store sales are expected to soar during the holidays. In 2017, Adobe calculated that shoppers spent $7.9 billion on Black Friday, and predict an upward trend for every new year.

As consumers are seeking that “perfect gift” for friends and families, retailers cannot stress enough the need to avoid downtime, and to keep systems high functioning during the holidays. Technology experts below weigh in on the necessity of keeping an IT infrastructure in tip-top shape along with running seamlessly to ensure success for retailers. 

 Alan Conboy, Office of the CTO, Scale Computing

“Black Friday and Cyber Monday are the biggest days for retailers, yet most retailers still use the same technologies they employed a decade ago - Point-of-Sale systems, one or more servers, and some external storage. Other more innovative retailers have digitized their infrastructures with in-store Wi-Fi, security appliances, or in-store digital promotions. Many retailers still collect, send and process data over networks and off-site data centers. The challenge is that if that off-site data center experiences an outage or network failure, this will certainly lead to downtime, ultimately affecting shoppers’ experiences, whether in-store or online. 

Instead of only sending and storing data in a center located hundreds of miles away that every store on the network relies on, retailers should consider the deployment of an IT solution at the edge. A hyperconverged infrastructure (HCI) solution with edge computing capabilities brings a mini data center directly to each store, while still utilizing the larger, off-site data center. It combines high-performance servers and storage into a single, simple to use, on-site data center that isn’t reliant on external networks, so downtime is no longer an issue. This simple, efficient way to manage IT allows retailers to capitalize on the shopping rush,”

Lex Boost, CEO, Leaseweb USA

"We are in a new era of retail which has been ushered in by evolving technology blending the physical and digital, and reshaping the consumer buying experience. Robotics, artificial intelligence, cloud computing, augmented reality and virtual reality allow retailers to offer enhanced shopping experiences through “fitting rooms” on cell phones, personalized digital displays, customer face recognition, robots and instant payment.

This enhanced technology puts more pressure on retailers to ensure they are meeting the three main requirements for a smooth customer experience: speed, reliability and security. And, has made gearing up for peak retail days, such as Black Friday and Cyber Monday, all the more important.

Retailers will want to make sure they are working with a comprehensive cloud hosting solution, including hybrid ready product portfolios, iron clad security solutions, core uptime and an extensive network, that addresses industry-specific requirements and can be trusted to ensure they are always open and their customers are always happy.”

Amanda Regnerus, EVP of Product and Services, U.S. Signal

“Black Friday and Cyber Monday are two of the busiest retail days of the year, bringing with them amazing sales and peak levels of online shopping, app usage and credit card payments. However, these days also bring with them prime times for DDoS attacks, ransomware strikes and other types of cybercrime.

Recently, there has been a trend among retailers to turn to outsourcing in an attempt to reduce capital expenses, add capabilities and adopt new technologies in short time frames. It is actually very common for various retailers to share the same payment system processor, data analytics company or another type of service provider. However, this brings the issue of the service provider’s security; if the provider is hit by a cyberattack, it can have repercussions for all its customers, and cybercriminals are very aware that service providers often require access to their customers’ sensitive data.

During these peak retail days, it is important for retailers to take extra vigilance and implement comprehensive security posture that takes into consideration third-party provider risk. These extra steps include including all service providers in your company’s risk assessments, asking all vendors to complete an in-depth questionnaire about their security practices, understanding and defining your data access life cycle and encrypting sensitive data.

Taking the few extra precautions will help to ensure that your holiday activities run efficiently and securely so you and your customers can focus on the joys of the season rather than the risks.”

Bryan Becker, DAST Product Manager, WhiteHat Security

“As the U.S. prepares to celebrate Thanksgiving, retailers are preparing stores and websites for an influx of shoppers. Soon, consumers will embark on a frenzied journey to find the best deals on holiday gifts, using an abundance of apps to assist them. However, cybersecurity isn’t always at the top of everyone’s mind - and that means these apps can become ripe for hackers to pick off credit card and other personal information from unsuspecting shoppers.

Before the shopping season truly gets underway, retailers and consumers should be taking proactive steps to safeguard both business and personal data throughout the holidays, and beyond. For retail businesses, that means incorporating security into the development process of their applications, to reduce the number of vulnerabilities in apps, but also to increase the remediation of vulnerabilities that have gone undetected.

For their part, consumers must stay vigilant, and check that the apps and websites they use are encrypted. In addition, consumers can choose payment apps like Apple or Google Pay, Zelle or Venmo, to purchase items. This eliminates the risk of their personal card information being insecurely stored on an unknown vendor’s system.

Using just these few suggestions can help retailers and consumers to prioritize cybersecurity, and reduce the fear of breaches and hacks during the holidays, allowing the true spirit of the holiday season to shine through,”

Steve Moore, Chief Security Strategist, Exabeam

“Frequently during Black Friday and Cyber Monday, intrusions are detected by a notable change, such as a rapid increase in network traffic, a suspicious system login location or time, or the unusual export of sensitive information. Machine learning security approaches can make it fast and easy to find anomalous and suspicious user and device behavior. Its algorithms can baseline normal behavior in your network environment, then alert your security team whenever anomalous activity occurs.

Prebuilt security incident timelines can display the full scope and context of related event details. This means that analysts don’t have to comb through massive amounts of raw logs to manually create a timeline as part of any investigation.

As a result, analysts can detect breaches sooner and reduce the amount of time that attackers are ‘dwelling’ in a network environment, significantly reducing the size of a breach and its devastating impacts. With the increasing sophistication and worsening impacts of mega data breaches as the holiday season approaches, now is the time for organizations to implement smarter security management solutions.”

Jeff Keyes, Director of Product Marketing, Plutora 

“Think Black Friday doesn’t apply to you? Being ready for chaos and the unexpected must be part of your agility planning. For many, Black Friday represents unpredictable load on the system combined with late-breaking changes to handle special processing on the deals. Online retailers have learned by sad experience that without proper planning, they’ll miss opportunities only realized during those critical hours.

To prepare, all organizations should incorporate a little chaos into their software delivery pipelines to see how quickly they can react to last minute changes, unpredictable loads, and unexpected failures. Redundancy and resiliency planning in both infrastructure and processes dramatically improve the reliability and help achieve a trustworthy customer computing experience. Invest in chaos engineering to verify your preparedness – the changes you make will impact how you architect and deliver software solutions.”

Steve Blow, Technology Evangelist, Zerto

“Mitigating downtime should be top of mind for every business year-round. However, it’s especially important over the Black Friday weekend and Cyber Monday, because retailers operating online are expected to provide uninterrupted retail options for an ‘always-on’ customer culture. Last year, a record-breaking $7.8 billion worth of sales were made on Cyber Monday and, with a similar volume of shoppers expected this year, retailers must ensure they demonstrate proper cyber- resilience to stay online and fully capitalize on the opportunity.

“Managing the surge in demand over consumer holidays like Black Friday is easier if retailers have established a multi-cloud environment that ensures the ability to move freely to, from and between any combination of clouds, including Azure, AWS and the hundreds of smaller local cloud providers available. This will help retailers deal with the mammoth spike in traffic and sales, despite any challenges that third-party cloud suppliers might experience. The risk is spread across multiple platforms, minimizing the possibility of vendor downtime.

“The peak holiday season brings a lot of demand, so the ability to be agile with workloads can significantly improve system performance, even in the midst of peak holiday sales season.”

Dave Karow, Continuous Delivery Evangelist, Split

“With all the talk of holiday shopping and of Black Friday morphing into ‘pre-Black Friday’ sales, you might think this is a busy time of year for developers at online retailers. In fact, this is the time of year where many of them must sit on their hands and do very little, while they wait out ‘code freezes’ and even ‘infrastructure freezes’ out of fear that a change introduced now could jeopardize 60 percent or even 70 percent of some retailers revenue.

Feature flags are changing all of that. Since a feature flag lets new code be deployed to staging or production ‘turned off’ and then gradually ramped up or turned off for specific user populations without a new deployment, developers can continue to innovate and even test in production, without impacting customers. Feature flags also make it easier than ever to implement an ‘ops toggle’ where specific features can be turned off during peak traffic. One example would be turning off inventory checks or calls to non-essential third-party systems during the first few hours of a flash sale. Since feature flags are evaluated user-by-user and session-by-session (unlike server or service-level configurations), those ops-toggles could be set to ‘off’ for general users and ‘on’ for premium customers so only the latter subset hits the more computationally intensive options.

When only some users are seeing a feature, and others are not, traditional monitoring fails to deliver an accurate picture. When system health and user behavior are observed through the lens of the feature-flagging system, it becomes trivial to determine which flag states are causing issues and which are leading to the most desirable user behavior. This is why high-scale retailers use feature flags not only as a control mechanism but also to drive their monitoring and experimentation efforts.”

Mihir Shah, CEO of Storcentic (Parent Company of Drobo)

"While many of the holiday deals are directed at consumers, the savings offered during this holiday weekend also can help small business owners and individual professionals looking to update their technology. For example, photographers buying new cameras, equipment and computers should also invest in the hardware, software and accessories that will extend the life of their new tech while also working to protect their data.

As data volumes continue to rise and critical digital information increasingly lives on IT networks, SMBs and individual professionals should view end of year deals as an opportunity to focus on planning for their business’ future success by implementing storage solutions that can keep all of their precious data safe. Your business should not suffer from downtime and seasonal shopping should be used as an opportunity to invest in your business by protecting your data and preparing for the new year.”