Retail Data Needs Better Security in a Contextual World

Retailers are collecting lots of data to improve customer experiences. But that also expands the potential attack surface.

Security in online retail

In his book The Context Marketing Revolution: How to Motivate Buyers in the Age of Infinite Media, author Mathew Sweezey (who also heads up market strategy at Salesforce) argues that the key to breaking through the infinite media noise and reaching customers is context. Hooray! Sounds amazing!

But first: What is context marketing?

Essentially, it’s designing your marketing efforts so that your brand meets customers in the context of their buyer journey — instead of roping them into yours. A key element of that design is ensuring that the data you use to target your customer is relevant to what they are shopping for right now. As in this minute. According to Ofer Fryman, CSO of Syte: “With highly connected data you can ensure all of your channels are updated in real-time according to a shopper’s shifting contexts and provide hyper-relevant recommendations that drive conversion.” 

What your organization needs to deliver on context marketing and an omnichannel view

Contextual marketing requires data — a lot of it — and retailers have gotten good at collecting it. Looking at the average number of active memberships by sector, the 2021 Loyalty Report showed that credit and debit card membership in 2021 decreased 15% versus 2020, while membership in mid-frequency retail programs and high-frequency retail programs increased 14% and 10%, respectively.

According to Thomas O’Toole, executive director of the Kellogg School of Management’s data analytics program, loyalty programs have become “the single best source of individual customer data relevant to developing personalized marketing.”

But context marketing — as the true measure of personalization — requires another big, important piece: an omnichannel system that creates a unified view of each customer’s footprint across the entire business, from online and offline shopping history, to browsing preferences, sometimes even to current location and activity. With this system in place, retailers can support real-time information, offers, and suggestions in the correct context, even as customers walk through a store or move around their site.

Today, the closest thing most retailers have to an omnichannel view is accomplished by pulling data from multiple siloed systems and placing it in a data warehouse ready to be mined for insights. However, because each system updates on its own schedule, the centralized database might not reflect the true, real-time view needed to drive seamless, personalized shopping experiences.

But thanks to APIs, we now have a toolset to update our systems faster and more reliably, making that omnichannel view clearer.

APIs are serving as the connective tissue among retailers’ mobile applications, websites, CRM applications, and ERP systems such as order management, point of sale, inventory management, and warehouse management. By using APIs, relevant data stores and assets — whether they’re in the cloud, on-premises, or in hybrid environments — can all be integrated seamlessly into an omnichannel system.

So far, good news. The less good news is that from a cybersecurity perspective, more data collection and more APIs mean a greater attack surface — and more attention from cybercriminals. As retailers wade deeper into contextual marketing and the creation of omnichannel experiences, there are major security layers they need to have in place.

How to secure the future of marketing now

Two main areas of security go a long way toward ensuring security on your way to achieving the context marketing holy grail:

  1. Secure customers’ loyalty by protecting their data

You can best protect your customers’ personal identifiable information (PII) by moving to a Zero Trust architecture that uses multi-factor authentication (MFA). A recently released study of retail cybersecurity leaders across the United States, Europe, the Middle East, and Africa showed that “80% of respondents are in alignment that achieving zero trust, reducing cost and complexity, and enabling a predictable user experience are the forces driving their network security posture in 2022.”

  1. Secure APIs to reduce an expanding threat surface

There are a number of factors that can make APIs more vulnerable to attacks. One main threat is that developers might deprioritize low-risk vulnerabilities to conform to release schedules. They are not ignoring them completely; the problem is that those low-risk (and at times, unknowingly, not-so-low-risk) vulnerabilities are too often left as is. With no follow-up or post-launch mitigation, too many APIs remain vulnerable or get more so.

Another factor is that retailers don’t know where all their APIs live. (We tend to call this a grown infrastructure — what a nice euphemism.) Taking inventory is a first important step, followed by systematic testing for vulnerabilities. During development and launch of APIs, security should tune its WAF to protect them, or implement a web firewall for APIs (or WAAP). You’ll want to encompass APIs in existing identity management and data protection solutions too.

Protecting customer data powers your retail business like never before

As retailers aim to reach customers in context, they have an unprecedented opportunity to create the optimal shopping experience (both online and off) while enhancing customer loyalty. On the road to that holy grail, security must be a top priority. Customers are willing to trade some privacy for great customer experiences and hyperspecialized offers, but their steadfast loyalty can evaporate with a security incident that compromises their trust.

Read more about what Akamai helps make possible across industries.


Copyright © 2021 IDG Communications, Inc.