Buying SD-WAN and Network Security for Retail

Compliance and Regulatory Considerations

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) mandates how companies should accept, process, store and transmit credit card information, ensuring that they maintain a secure environment in order to facilitate this. With the vast majority of the retail sector accepting card payments, the PCI DSS rules are of essential importance to the sector.

SD-WAN can assist with meeting these strict requirements, offering retailer networks with segmentation functionality and secure communication protocols. Software-Defined WAN efficiently segments the network, splitting traffic up based on features such as application, protocol or priority.  The separation of payment card data from other network traffic minimises the risk of payment traffic being exposed to other systems, which in the event of a breach, keeps card data isolated and outside the attack surface to prevent breaches.

GDPR

For retailers operating within the UK and Europe, the General Data Protection Regulation (GDPR) has required that personal data must be processed for specific, explicit and legitimate purposes, whilst also being processed securely and maintaining integrity. Since its introduction in 2018, retailers have had to consider how they process and protect personal data in Customer Relationship Management (CRM) systems, e-commerce platforms, customer service platforms and payroll systems, to name a few.

Through SD-WAN's security solutions: encryption, segmentation and secure data transmission capabilities, retailers can implement strong access controls and monitor data flows to evaluate vulnerabilities and view, with confidence, that they are maintaining GDPR compliance.

CCPA & PIPEDA

For retailers, protection isn’t only limited to network activities but also extends to the physical world through CCTV and surveillance systems.  In the UK, businesses must comply with the Data Protection Act 2018 and the UK GDPR, which require the lawful, fair, and transparent processing of personal data captured by CCTV. Similarly, in North America, regulations such as the California Consumer Privacy Act (CCPA) in California and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada enforce strict guidelines on the use and protection of CCTV data, ensuring consumer privacy and data security.

This means that retailers must put security systems in place in order to manage their surveillance systems and SD-WAN facilitates this by providing secure and efficient transmission of CCTV data across multiple retail locations. This not only fulfils the security requirements of the regulations but also reduces the complexity of managing multiple sites' surveillance systems, ensuring overall compliance with surveillance regulations.

Integrated Security for Retail Operations

Whilst SD-WAN has many benefits for retailers, it can be extended to reap even more benefits. Secure Service Edge (SSE) combined with SD-WAN (providing the access component) forms Secure Access Service Edge (SASE).

The security capabilities offered by SASE include:

Cloud Access Security Broker (CASB)

Ensures secure access to cloud applications such as POS/Inventory systems, applying security policies for cloud resources.

Secure Web Gateway (SWG)

Protects against web-based threats and applies internet use policies, which can be essential for the security of customer WiFi networks.

Zero Trust Network Access (ZTNA)

Provides secure, segmented access where both users and devices have to continuously authenticate themselves prior to gaining authorisation to resources. ZTNA therefore prevents unauthorised access to malicious actors and can help to authorise Internet of Things (IoT) devices (which are increasingly being leveraged for managing inventory through trackers and smart cameras).

Next-Generation Firewall (NGFW)

Inspects traffic at the application level to detect and block potential cyber threats, protecting retailers against Distributed Denial of Service (DDoS) attacks, ransomware targeting inventory management and unauthorised access to customer data.

Further to SASE integrations, one of the key security features that SD-WAN provides for retailers is its network segmentation capability. Network segmentation isolates network traffic, applications or data into their own subsections of the network. Often considered as a foundational security strategy, segmentation can be utilised to improve network performance and also to prevent lateral movement in the event of a breach. This allows retailers to create isolated network segments for different operations, such as CCTV and customer Wi-Fi, protecting them from breaches that might have occurred on other areas of the network and reducing the attack surface.

Ensuring Reliable POS System Connectivity

Another system that can benefit from the introduction of network segmentation is Point-of-Sale (POS), adding protection against breaches and minimising the risk of downtime. With POS systems being integral to retailers making money, the need for high availability is essential and therefore disruptions, especially during peak hours, must be avoided at all costs.

But segmentation isn't the only way that SD-WAN for retail can improve availability, with built-in failover handling dynamically switching network paths in the event of a link outage, allowing for rerouting and continued business operations.

For large retailers, collating POS data from multiple branches into a single platform can be essential for understanding market trends. By utilising SASE as a network infrastructure, retailers can leverage Cloud Access Security Broker (CASB) offerings, for protecting cloud resources and applications.

Supporting Omnichannel Experiences

SD-WAN supports retailers to provide customers with aligned online, in-store and mobile shopping (omnichannel) experiences.

Arguably the most important system for retailers is an Inventory Management System (IMS) or stock control system; without it, retailers are left in the dark as to what stock needs re-ordering and how much of each item is on display shelves. This problem is also magnified when considering large scale retailers, who are dependent on cloud-based IMS and downtime to these systems can be detrimental to business operations. SD-WAN enables the seamless integration of inventory systems, providing retailers with real-time stock tracking and control. By also integrating with cloud services, SD-WAN can create reliable connectivity for multiple sites, interconnecting point-of-sale (POS) systems and stock systems, whilst also reducing potential downtime. These improvements over traditional WAN networks means that retailers can offer multiple store fronts, all in sync to immediately reflect stock levels, reducing errors and improving user experience.

Further to this, SD-WAN (and SASE) security features can protect digital retail technologies, like POS and in-store mobile aplications. Essential to the user experience, these platforms often handle traffic such as sensitive financial information or operational data and therefore retailers must maintain both performance and security to ensure that the end-user has a positive experience. On top of this, complying with regulations such as PCI DSS require that payment data is kept secure, adding to the benefits of implementing SD-WAN for retail environments.

By connecting all these retail channels, SD-WAN enables retailers to create seamless and secure experiences that meet customer expectations for improved omnichannel experiences.

Retail-Specific Scalability

When connecting multiple sites, one of the biggest challenges that retailers face is the difficulty of integrating new locations and the timeframe it takes to do so.

Temporary Locations

One of the more cost-effective ways to for retailers to operate is to use pop-up locations. These pop-up locations do not necessarily need dedicated hardware-based WAN connectivity and can often utilise alternative connectivity links, such as 5G.

Remote Sites

Similarly, with SD-WAN, remote sites can also make use of mobile and satellite connectivity options for improved availability. This means that communication links can be leveraged as and when there is demand, meaning that SD-WAN can support seasonal traffic surges.

The Role of Zero-Touch Provisioning

One of the ways that managed SD-WAN can quickly deploy new sites is through Zero-Touch Provisioning (ZTP) capabilities. As the name suggests, ZTP is designed to remove the hands-on elements of SD-WAN deployment, enabling organisations to send new edge devices to remote locations without the need for on-site expertise. These edge devices then automatically connect to the network and apply templates/configurations in order to match already running network edges, easing the process and reducing the cost of SD-WAN deployment.

Centralised Management and Visibility

For larger retailers that do operate over many sites, centralising all management enables greater network visibility into activity, current performance and ongoing security issues.

SD-WAN achieves this through a single dashboard that providers retailers with all of the above metrics, alongside insights into store uptime, customer Wi-Fi performance and IoT (smart sensor) device health.

Data Security for Retail Analytics

Retail analytics give retailers insights into what customers want, how they can be personally marketed towards, allowing retailers to create engaging loyalty programmes and optimise inventory on-hand that aligns with demand.

Given the reliance that the retail industry has on analytics, it only serves to show just how important it is to protect these platforms from potential threats. When focusing on protection of any system through access control, the best way to ensure protection is to deny all access. Whilst this isn’t practical, retailers can utilise SD-WAN solutions Principle of Least Privilege (PoLP), in which users, devices and applications are only granted the minimum access required to conduct their duties. This granular access control and network policy enforcement, ensures that only authorised personnel can access sensitive data and systems, helping to adhere to GDPR and PCI DSS requirements.

Further to PoLP, some of the security features that SD-WAN implements to enhance retail security are encryption, intrusion detection, and real-time monitoring of traffic. These features provide a secure network for retailers, helping to meet data protection criteria by safeguarding sensitive data, which in turn maintains customer trust.

Vendor Expertise and Customisation

When moving to a Software-Defined approach, retailers must ensure that they choose the vendor offerings that best align with their needs. To determine how well the vendor can achieve this, we recommend choosing vendors that are experienced with retail environments and can integrate SD-WAN solutions with legacy systems (such as warehouse software).

For maintaining security and performance across multiple stores, POS systems and managing inventory, vendors with retail-specific expertise and offerings are ideal for supporting retailers. These offerings can include optimised bandwidth for high-traffic periods and secure connectivity for customer-facing services like Wi-Fi.

Cost-Efficiency and ROI for Retail IT

For retail businesses on a budget, the cost efficiency of any given solution can be the make or break as to whether it gets implemented. SD-WAN helps retailers reduce these expenses by leveraging multiple cheaper connection types, such as broadband, 5G and LTE, instead of relying solely on costly MPLS connections.

By utilising multiple connections, retailers gain greater flexibility, allowing for multiple store locations to ensure consistent performance for essential applications.

Whilst lowering connectivity costs, SD-WAN delivers measurable ROI through this improved operational efficiency. For example, by simplifying network management, network administrators can better control network services and applications, ensuring there is no downtime that might interrupt sales or customer experiences. This means that retailers lower their network costs and provide a greater customer experience, from faster transaction times at the checkout to uninterrupted access to in-store customer WiFi.

Case Study: Streamlining Connectivity for a Large Retail Chain

Brook Brothers are an American-style clothing business within the retail industry that were experiencing network outages, preventing transactions from being porocessed and this caused Brook Brothers to lose sales.

Given their limited IT team and resources, their options for improving network quality was limited and they needed a simple but effective solution to prevent loss of sales.

Brook Brothers chose VMware SD-WAN as the solution to fit their network, which was cemented by a successful trial of the solution. Once deployed, VMware allowed Brook Brothers to use capabilities such as traffic segmentation to separate customer browsing traffic from internal data, traffic redirection and VoIP integrations.

The most essential of these features was the traffic redirection, which acted as a mitigation plan in the event of an outtage, dynamically switching paths to make sure that sales transactions completed successfully. Further to this, by segmenting customer data from internal data, Brook Brothers improved their security posture and VoIP integrations reduced the hardware footprint of traditional phone switches.