To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/retailandleisure/0,3800011842,39169033,00.htm

Somerfield gets serious about wireless security
Case study: Brings in the mystery testers...

By Julian Goldsmith

Published: Monday 05 November 2007

Somerfield has undertaken a security audit on its wireless networks, leading to a less draconian security policy that allows the retailer's IT department to take full advantage of wireless technology in the future.

Wireless communications is pervasive within the retail sector and a key part of sales-floor infrastructure in many stores as much of the workforce is mobile - stacking shelves and taking inventory, for example. And it's also due to the constant change within stores as retailers compete for customer loyalty.

Wireless from A to Z

Click on the links below to find out more…

A is for Antivirus
B is for Bluetooth
C is for The Cloud
D is for dotMobi
E is for Email
F is for FMC
G is for GPS
H is for HSDPA
I is for i-mode
J is for Japan Air
K is for Korea
L is for LBS
M is for M2M
N is for NFC
O is for Operating systems
P is for Pubs
Q is for QoS
R is for Roaming
S is for Satellite
T is for TV
U is for UMTS
V is for Virgin
W is for WiMax
X is for XDA
Y is for Yucca
Z is for Zigbee

Somerfield head of corporate business control, Colin Clark, told silicon.com he was concerned about the potential risks involved with transferring sensitive data, such as customers' cash card details, across a wireless link because he "didn't know what he didn't know" about the risks.

This summer Clark brought in Pentura, an independent consultancy, to audit Somerfield's wireless networks. Pentura agents went through a number of stores, a distribution centre and the retailer's headquarters in Bristol as 'mystery testers', much in the same way retailers use mystery shoppers to test customer service levels.

At the end of the process, Pentura handed Clark a report on Somerfield's potential wireless vulnerabilities in terms of business risk, rather than technological failure. Clark was able to pass this information directly on to the board as it was written in a way they could easily understand, rather than in 'techno-babble'.

As a result, Somerfield security policies have relaxed a little. Its IT team is more at liberty to experiment with wireless technology because Clark now has a clear idea about the areas of potential risk.

Somerfield has outsourced a number of back-office functions and an illustration of this more relaxed security policy is the opening up of three wireless hotspots for third-party contractors to use Somerfield's network at the HQ. The risk of them straying into sensitive corporate data has been assessed and Clark has deemed it under control.

Through the audit Clark has been able to share information and break down the silos between security, IT and board-level managers. He said a set of security policies is now being drafted, based on the findings of the audit. These policies can be used to make sure not only Somerfield's own systems are secure but also to ensure contractors are making their wireless devices secure.

Clark said: "Even though those devices aren't my responsibility, if they are being used in the store, chances are they have Somerfield data on them. Now I know what the risks are and I know I'm in a good place. I'm not afraid of wireless anymore, I'm aware of it. I don't understand the technology but I can call on the expertise of someone who does."