Isolating applications on a parallel network protects against attacks on sensitive data
Enterprise networks have more nooks and crannies than ever before, which is why the legacy methods of network segmentation no longer are sufficient for retail network security. The traditional monolithic network architecture is vulnerable to attacks that start in seemingly unimportant areas of the network before pivoting into parts containing sensitive data. When an attack occurs, the short-term loss of business, as well as long-term reputational damage, can be substantial.
One of the best ways to boost retail network security at the WAN edge is to leverage a separate router to move a specific application — such as digital signage or customer Wi-Fi — off the enterprise network and onto a separate air-gapped network dedicated to that application.
How does the retail tech landscape benefit from air-gapped networks?
According to Gartner, by 2020 100% of large enterprises will need to report to their board of directors on cyber security and technology risk. And between 2014 and 2015, there was a 38% jump in security incidents detected. Privacy Rights Clearinghouse also reports that retailers in the U.S. have lost a reported 300 million customer records to hackers.
Traditionally, a company’s IT department might need eight or nine months to conduct a security review for a new application that the executives want to add to the enterprise network. However, as the speed of new technology development continues to increase, this kind of delay can be costly. A retailer interested in implementing digital signage, for example, can instead quickly set up a separate network using cellular broadband that doesn’t require access to or use of the primary enterprise network. New, innovative technologies can be deployed quickly and securely via air-gapped or parallel networks.
This type of agility allows retailers to move more rapidly from proof of concept to actual implementation. Technologies such as capture rates, which track and analyze how many customers walk by a storefront versus how many come through the door, are helpful for marketing and operations. Capture rates allow an enterprise to gauge how different window displays affect customer behaviors. If a retailer wanted to deploy this kind of new technology on the primary enterprise network, doing so would be difficult and time-consuming because of the needed security reviews. In contrast, with air-gapped networking, new technologies can be implemented quickly, securely, and cost-effectively.
How does air-gapped networking improve network security?
Unauthorized users are essentially looking for any possible way into an enterprise network. It is important to recognize that, while attacks can be difficult to stop, businesses can still minimize access and the damage that would occur if an attack were to take place.
Traditional network challenges include an increased attack surface and an increased use of public Internet (through factors such as higher numbers of mobile workers and an onslaught of IoT devices). Also, traditional VPNs are fragile and inflexible, with complex configurations and extended time needed to deploy.
In contrast, with parallel networking, companies physically segmenting enterprise networks into “air-gapped” security zones. Essentially, air-gapped networking breaks up the access a hacker can gain if security mechanisms fail. If an unauthorized user is somehow able to access a digital signage network, for example, they will not be able to access other areas — as could happen if they were to access the main enterprise network.
Additionally, a retail company might have physical security staff who need access to security cameras, inventory management staff who need access to sensors and scales on shelves, and PCI Compliance staff who need access to POS data. Instead of having each team conduct business over the primary enterprise network, IT administrators can use software-defined perimeter technology on routers or directly on IoT devices to instantly set up private overlay networks. IT staff can easily micro-segment users, devices, groups, applications, and resources with simple policies in a matter of minutes, without needing detailed knowledge of command lines or complex on-box configurations.
Key benefits of air-gapped networking in retail
Parallel networks provide many benefits to retailers, including the ability to:
- Deploy technologies without taking up bandwidth.
- Utilize plug-and-play connectivity.
- Implement enterprise-grade security.
- Connect in essentially any location.
- Ensure all applications are supported.
- Limit time and expertise needed to segment networks or for complete network configurations.
- Limit time spent maintaining PCI compliance.