Case study: Brings in the mystery testers...
Published: 5 November 2007 12:51 GMT
Somerfield has undertaken a security audit on its wireless networks, leading to a less draconian security policy that allows the retailer's IT department to take full advantage of wireless technology in the future.
Wireless communications is pervasive within the retail sector and a key part of sales-floor infrastructure in many stores as much of the workforce is mobile - stacking shelves and taking inventory, for example. And it's also due to the constant change within stores as retailers compete for customer loyalty.
Wireless from A to Z
Click on the links below to find out more…
A is for Antivirus
B is for Bluetooth
C is for The Cloud
D is for dotMobi
E is for Email
F is for FMC
G is for GPS
H is for HSDPA
I is for i-mode
J is for Japan Air
K is for Korea
L is for LBS
M is for M2M
N is for NFC
O is for Operating systems
P is for Pubs
Q is for QoS
R is for Roaming
S is for Satellite
T is for TV
U is for UMTS
V is for Virgin
W is for WiMax
X is for XDA
Y is for Yucca
Z is for Zigbee
Somerfield head of corporate business control, Colin Clark, told silicon.com he was concerned about the potential risks involved with transferring sensitive data, such as customers' cash card details, across a wireless link because he "didn't know what he didn't know" about the risks.
This summer Clark brought in Pentura, an independent consultancy, to audit Somerfield's wireless networks. Pentura agents went through a number of stores, a distribution centre and the retailer's headquarters in Bristol as 'mystery testers', much in the same way retailers use mystery shoppers to test customer service levels.
At the end of the process, Pentura handed Clark a report on Somerfield's potential wireless vulnerabilities in terms of business risk, rather than technological failure. Clark was able to pass this information directly on to the board as it was written in a way they could easily understand, rather than in 'techno-babble'.
As a result, Somerfield security policies have relaxed a little. Its IT team is more at liberty to experiment with wireless technology because Clark now has a clear idea about the areas of potential risk.
Somerfield has outsourced a number of back-office functions and an illustration of this more relaxed security policy is the opening up of three wireless hotspots for third-party contractors to use Somerfield's network at the HQ. The risk of them straying into sensitive corporate data has been assessed and Clark has deemed it under control.
Through the audit Clark has been able to share information and break down the silos between security, IT and board-level managers. He said a set of security policies is now being drafted, based on the findings of the audit. These policies can be used to make sure not only Somerfield's own systems are secure but also to ensure contractors are making their wireless devices secure.
Clark said: "Even though those devices aren't my responsibility, if they are being used in the store, chances are they have Somerfield data on them. Now I know what the risks are and I know I'm in a good place. I'm not afraid of wireless anymore, I'm aware of it. I don't understand the technology but I can call on the expertise of someone who does."
How to squeeze the last drops of savings from an outsourcing contract
Revealed: The apps you'll have on your phone in 2012
Clouds clear as Microsoft gives Azure a January launch date
UK ID cards rollout hit by delay as launch date revealed
The software that can save you big bucks? You've already got it
Liaise as appropriate with the Head of Risk Assurance on any aspects of vulnerability discovered, ensuring controls are established to address all ...
Security Solution Architect - London This is an excellent opportunity to join a major UK retailer in a Security Solution Architect role. The main ...
Responsibilities entail: • Preparing and managing the different Market data audit processes : External: Exchanges and Vendors Internal: ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Petra Papinniemi
Legal Eye: Ecommerce held back by outdated laws
No wonder no one's buying...
Matthew Cushen
E-tailers: Be choosy overseas
Markets are not always what they seem
Tim Ferguson
'If you look at iPlayer from a distance, it's still very web 1.0'
Q&A: Erik Huggers, director, BBC's Future, Media and Technology
Kit Burden
Legal Eye: Tech could brighten retailers' gloom
Regulation and recession loom
Matthew Cushen
Retailers: Look to emerging markets
Comment: Massive opportunities if you get the IT right
Julian Goldsmith
How Zavvi lost its Virginity
IT director Tony Johnson on the retailer's changing web strategy