Cost-Effective Data Security: Five Senior Management Principles

Customer service and product distribution are evolving rapidly. Customers are demanding new remote methods to initiate orders, and their expectations for demand fulfillment are expanding, all enabled by handheld technologies. In response, security practices must evolve to handle transactions that are no longer centralized, but rather distributed far and wide. The key is for management to establish a balanced, organization-wide distribution security strategy—rather than a reactionary strategy, which could result in excessive cost, longer implementation timeframes, and customer disruption. The following points are intended to provide guidance regarding shortening capability delivery timeframes, minimizing cost, and maximizing customer satisfaction.

1. Within the context of your organization's evolving distribution structures, have your IT and Operations teams jointly assess risk associated with each transaction process, from order generation to fulfillment. Security concerns within the order fulfillment process should be prioritized; for example, from customers checking on their package shipping status on the low end to customers entering credit card information on a handheld device at the high end. Through this analysis, enhanced security levels can be applied only where needed.
2. Do not be an early adopter of emergent security software applications. For example, in many consumer-facing industries, there is a move toward MFA (Multi-Factor Authentication), which would authenticate customers through facial recognition and/or fingerprint authentication, using smartphones. Currently there are many vendors trying to provide this capability, and demonstrate their software is unique and patentable. While your IT department might be anxious for this emergent software, hold off on purchasing such technologies until they are proven effective for your organization's specific requirements.
3. As new security products that enables MFA-type authentication will likely involve internal legacy software modifications, your legacy system infrastructure will certainly be impacted. Whenever possible, ask your IT team to build enabling software around large legacy systems, rather than within them. In most cases, keeping your software changes outside of these legacy systems materially reduces costs and speeds capability delivery.
4. Your internal customer data is key to the emergent security paradigms. If not done already, build a database which stores material customer transaction history and as much associated demographic data as possible. This database, when populated with enough historic customer data, will enable analytics to be performed as part of every customer transaction. For example, if a customer only purchases a single type of product tied to a specific device, when an order is placed that is not consistent with the customer's purchase history, the transaction can be suspended until direct customer validation is achieved. Stopping fraudulent transactions can represent a material cost savings to your organization, and save your customers time and trouble as well.
5. In general, customers do not mind enhanced security; they are all too familiar with the news reports about data security breaches. However, a well-orchestrated enhanced security communication strategy explaining the actions being taken for their protection will encourage them to embrace, rather than be unpleasantly surprised by, enhanced security during the ordering and fulfillment process.

The points above have been largely related to IT activities. Equally important is the related modification of internal business operations, as well as educating employees about the issues and procedures. By responding to enhanced security needs with a carefully considered strategy, you can save your organization time and costs, prevent negative impact to your business, and deliver secure purchase and order fulfillment to your customers.