Flourishing Ecommerce and scaring security

Ecommerce is probably the biggest disruptor in business areas in modern era. It's fascinating how technology is making a difference in people's life but do we know the other side of the coin? Lets check it out.

Know the obvious - In terms of technology ecommerce is among one of those B2C areas which almost uses most of the modern technology which is ever evolving and becoming better and better. Fantastic!!! Isn't it. New technologies , new generation of employees ,  everything needs to be done immediately!!! Truly Agile!!! 

This makes life of security person extremely difficult....Can we stop business from growing answer is no. So lets get back to what is required.

a) Understand the business model - know what your customers need - This will help to understand your marketing landscape and their needs, your business and customer and their consents. This will help to align to right goal.

b) Understand the technology landscape - Know all platforms , Most platforms say they are SaaS etc , so go back and recheck if they are compliant enough - Perform 3rd party checks in details

c)  Understand your PII and Customer Data journey - Criticallllllll --- Know what data is shared to whom , which systems are talking , What format your data is shared , Is there excess information being shared, Is data encrypted? ---- This is biggest gap areas in ecommerce platforms as it's micro architecture

d) App and Api's --- Once again this is most bypassed and most unexplored area. Get a list of details and go back to specialized api's and app based security testers and follow the journey of your data.

e) Security architecture -- Once again secure by design , secure dev ops , SAST, DAST , VA , PT , WAF , Bot and Fraud ..This can vary for each use case. Understand your business needs and balance out what is needed and what is must. 

Design right and be agile  - Once again all above when you spend time they help you to understand the right picture and design right solutions. Once again as every day there is new business and new requirements bringing in new IT tools .That introduces new threats and explored areas , so be prepared and keep upto date on changes to follow the trend to be protected.