The retail paradox

The industry that often lags in infosecurity is setting the pace in providing business intelligence

. What's this?

By

November 11, 2010CSO

In the IT world, the retail industry is not widely regarded as a cutting-edge place to work. Margins are notoriously slim, which means investment in experimental technologies is frowned upon. At most companies in the retail industry, you have to be quite sure of the ROI when you pitch a new project.

Of course, there are exceptions. Nonetheless, I stand by my generalization. The reason PCI Data Security Standard exists is that too many retailers were unwilling to spend the money for good infosecurity. A friend who did IT work at a major retailer wasn't surprised at all when that company suffered a notorious data breach, saying the company seemed to think of any technology more advanced than dial-up Internet access as a wasteful extravagance.

So it's funny that retail is leading the pack in an important way. Retailers get the idea of using security systems as business intelligence sensors.

Also see our indepth roundup of retail security strategies

Former CSO Executive Editor Scott Berinato chronicled early developments in retail video intelligence back in January 2005 (it's quite a prescient piece). Even back then, retailers were starting to use security systems to look at things like how store layout affected foot traffic and sales.

In this Editor's Letter space in April 2007, I wrote about the age of analytics, noting that we've entered an era with enough cheap computing horsepower and advanced analytical capabilities to not only improve security but also its ROI.

Then in June of last year I wrote about Next stop for security: Business intelligence and business services, again emphasizing the use of security systems, expertise and processes to serve the greater organizational goals in new ways.

The fact that retail has helped lead the charge in this respect was crystallized again for me at two recent events. Roland Cloutier made the point from the stage at our Security Standard event in September—mind you, this is a CSO with experience at companies in both high tech and the financial industries. And again retail came up as the flag-bearer in several conversations I had at the ASIS show in Dallas last month—one with video storage provider Pivot3 (very interesting), and the other with Cisco, which, to my eye, looks to have fully integrated its 2006 acquisition of SyPixx with its compelling "Smart+Connected Communities" program.

So hats off to our colleagues in the retail industry. On the traditional corporate-physical security side, they've taken their industry's laser-like focus on pinching pennies and made the most of its virtues, demonstrating in concrete ways that security is a business function and an enabler of business goals.

Now about PCI compliance...

Read more about data protection in CSOonline's Data Protection section.

Other stories by Derek Slater

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER