Wednesday Mar 25, 2015

How Leveraging the Cloud Can Unleash Retailers’ Business Agility

A Viewpoint from Jeff Warren, Vice President Solution Management, Oracle Retail 

Newly launched Oracle Retail Cloud Services combine reliability, security, cost savings and built-in interoperability

The ever-accelerating pace of change in retail puts pressure on everyone within the retail enterprise, but perhaps no one feels it more acutely than the CIO. Technology is rapidly reshaping key elements of the traditional shopping experience, from m-commerce and mobile payments to store-based fulfillment. IT departments are tasked with discovering, and bringing on line, these fast-emerging functionalities, while at the same time maintaining the existing architectures that support both basic corporate and retail-specific systems.

Given these competing demands – “keeping the lights on” while simultaneously serving as the engine for business agility – retail CIOs require cloud-based applications from a trusted technology partner with extensive industry expertise. Oracle is responding with a new offering of Oracle Retail Cloud Services applications for managing e-commerce; customer engagement; order management and order brokering; loss prevention; and brand compliance. (See product list below.)

Cloud-based applications, which in essence outsource many elements of IT management, maintenance, and upgrades, address retailers’ need for business agility. It’s increasingly common that when an IT organization can’t supply the new functionality that the business side seeks, a simple lack of time is cause. Cloud deployments free up IT resources for more strategic projects, and they also allow technology vendors to deliver innovation to retail users more quickly and with more frequent updates.

Keeping Costs in Check

The other benefits of cloud-based applications have been well documented, and are part of the reason so many businesses and individuals have been embracing cloud-based applications, data storage, and processing. They include:

● Lower initial hardware and software costs

● Lower ongoing costs, leading to a lower TCO (Total Cost of Ownership)

● Faster deployments and streamlined routes for patches and system upgrades

Other cloud features are particularly well suited to a retail environment. Scalability and easy access to additional processing power on an as-needed basis fit the needs of a highly seasonal business, one that must often deal with unexpected spikes (such as when a retailer seeks to promote a suddenly “hot” product) and dips.

Oracle’s subscription-based pricing for retail applications maximizes this benefit, bundling software, hardware, and upgrades into a predictable cost structure. In addition, by pricing IT services like a utility, retailers only pay for the processing power they require and actually use.

Mitigating Risk, Maximizing Security

Many retailers have hesitated with cloud deployments based on concerns about data security and overall reliability. This is understandable, given that retail data breaches are highly visible and can tarnish both individual companies and the entire industry. The ability to protect data and maintain the trust of their customers necessarily remains top-of-mind for retailers.

Oracle Retail Cloud Services benefit from the company’s worldclass culture of operational excellence. Oracle Data Centers are classified as Tier 4, the highest level of sophistication, providing 99.995% of uptime. This translates to less than 30 minutes of downtime during an entire calendar year – performance that very few (if any) retailers could match. Oracle Retail also has access to Oracle’s top-notch expertise in the cloud, security, and networking.

Security features inherent to Oracle technology solutions allow for transparent data encryption at the column level, allowing PII (Personally Identifiable Information) to be encrypted using keys that are held in a separate “wallet.” Backups are automatically encrypted, and keys can easily be changed on an as-needed basis. The Oracle Retail solutions leverage Oracle Identity Manager solutions to manage and enforce authentication and authorization for applications, and all elements are PCI-DSS certified.

Built-In Interoperability

Retailers will also benefit from the strategy behind Oracle Retail Cloud Services. These solutions are part of the retail industry group’s comprehensive Commerce Anywhere strategy, which encompasses technology ranging from financial applications to system hardware, so they are designed for maximum interoperability with both on-premise and cloud-based systems.

Oracle also offers flexibility in cloud deployment options. Because different retailers will be at different points in the cloud adoption curve, Managed Cloud services (also known as hosting) allow users to get more comfortable with the concept of outsourcing elements of their IT infrastructure. As the technology provides “wins” and the retailer’s culture adapts, the adoption path can ultimately lead to Oracle Infrastructure-as-a-Service and Platform-as-a-Service offerings. Oracle offers choices that retailers can leverage based on where they are in terms of their own maturity level and business needs.

Most importantly, Oracle Retail Cloud Services give CIOs the tools to keep up with today’s dizzying speed of change. Retailers can no longer wait one to two years to implement the next big thing; IT departments need to deliver meaningful value to the business in time frames that are measured in months. By outsourcing key day-to-day operational duties to cloud providers, IT departments are freed up to offer higher levels of strategic innovation and business agility.

Monday Feb 10, 2014

E-commerce Passwords

If you're like me, you've likely established many accounts with online retailers, many of which also store your payment information.  How easily can hackers guess your password and control your account?  To avoid storing passwords, websites typically store a hashed version in their database.  A secure hash algorithm creates a unique representation of your password that cannot be reversed.  So when you enter your password, its hashed and compared to the stored hash.  If they are the same, then you've entered the correct password.  If the stored hash is stolen, the hacker can't reverse it back to a password, but they can try to guess your password.  That's why its crucial that online retailers enforce good password creation when accounts are created.  That means they should these best practices:

  • Require a minimize length
  • Mix alphas, digits, and upper/lower case
  • Disallow commonly used passwords like '123456'
  • Use email to verify accounts
  • Limit the number of invalid attempts

Of course enforcement is all over the board.  Dashlane, the provider of secure password management software, recently graded the top 100 e-commerce sites on their password management policies.  You can see the results in the infographic below:

The details of the study are available here. According to the study, Northern Tool and 1-800-Flowers allow one character passwords.  Thankfully, most of the retailers send an account confirmation email, and none of those send the password in cleartext.  Want to use 'password' as your password?  No problem at LL Bean, Gap, and Costco.  When you change your password, Blue Nile, Karmaloop, and MLB will email your password in cleartext.  And and Amazon, Aeropostale, and Shoebuy don't limit your password guesses.

As an industry, we can do better than this.

Thursday Mar 29, 2012

Hello PCI Council, are you listening?

Mention "PCI" to any retailer and you'll instantly see them take a deep breath and start looking for the nearest exit.  Nobody wants to be insecure, but few actually believe that PCI does anything more than focus blame directly on retailers.  I applaud PCI for making retailers more aware of the importance of security, but did you have to make them PAINFULLY aware?  POS vendors aren't immune to this pain either as we have to undergo lengthy third-party audits in addition to the internal secure programming programs.  There's got to be a better way.

There's a timely article over at StorefrontBacktalk that discusses the inequity of PCI's rules, and also mentions that the PCI Council is accepting comments until April 15th.

As a vendor, my biggest issue with PCI is that they require vendors to disclose the details of any breaches, in effect "ratting out" customers.  I don't think its a vendor's place to do this.  I'd rather have the trust of my customers so we can jointly solve the problem.

Mary Ann Davidson, Oracle's Chief Security Officer, has an interesting blog posting on this very topic.  Its a bit of a long read, but I found it very entertaining and thought-provoking.  Here's an excerpt:

...heading up the list of “you must be joking” regulations are recent disturbing developments in the Payment Card Industry (PCI) world. I’d like to give [the] PCI kahunas the benefit of the doubt about their intentions, except that efforts by Oracle among others to make them aware of “unfortunate side effects of your requirements” – which is as tactful I can be for reasons that I believe will become obvious below - have gone, to-date, unanswered and more importantly, unchanged.

I encourage you to read the entire posting, Pain Comes Instantly, and then provide feedback to the PCI Council.

About


David Dorf, Sr Director Technology Strategy for Oracle Retail, shares news and ideas about the retail industry with a focus on innovation and emerging technologies.


Industry Connect


Stay Connected
Blogroll

Search

Archives
« May 2015
SunMonTueWedThuFriSat
     
2
3
4
5
6
7
8
9
10
11
13
14
15
16
17
18
20
21
22
23
24
25
26
28
29
30
31
      
Today