Running a convenience store operation means continuously finding new and innovative ways to improve the customer experience, maintain a competitive edge and manage the rising complexity of business. This is often compounded when an operator owns many different store locations. Investment in the latest technology plays an important role in solving all three of these challenges and cloud computing has become an increasingly popular approach to help highly distributed organizations, strapped with a minimal budget for technology and personnel, ensure they are up to date with Payment Card Industry Data Security Standard (PCI-DSS) compliance.
Security services delivered through cloud computing have many benefits over the traditional approach of buying, integrating, deploying and managing security technologies. Cloud-based security services can reduce costs, eliminate business operations complexities and ensure a business is always up to date with the latest protection. All of this can be done much in the same way a person at home orders cable or a phone service.
All of the magic happens on the back end, without the business ever really having to interact with the technology. The business simply receives a small appliance or piece of hardware, plugs it in and the security service provider does the rest. This is particularly important in the era of PCI, where requirements constantly change, and store owners must be fast to react with new technologies to maintain compliance.
Before we dive deep into how convenience store operators can use cloud-based security services to better protect themselves and their customers, let's first address the importance of PCI compliance.
PCI Compliance: Why It's Necessary
Today, each convenience store location must be considered a self-contained, Internet-connected business. A store's technology infrastructure might include any combination of sophisticated point-of-sale (POS) and inventory management systems, credit card processing and loyalty card systems, and digital signage. All of these are usually networked applications, reaching out via broadband or dial-up Internet connections to transmit and receive information. The more connected a location is, the greater the risk of IT security threats.
Not a day goes by when you don't hear another example of customer credit card data being stolen. As security breaches and identity theft cases have grown more widespread, protecting sensitive data has become more important than ever for convenience store operators. Complying with the PCI-DSS, adopted by major payment brands including American Express, MasterCard and Visa, is mandatory for any convenience store that stores, processes or transmits credit card data.
Failure to comply with the PCI-DSS not only increases the risks to sensitive customer payment card data, but also results in fines, lawsuits, lost customers, brand damage or even loss of the ability to process credit cards. Without compliance, if a merchant has credit card information stolen, PCI-related fines can be as high as $500,000 per incident. To put this into an even greater perspective, according to the Ponemon Institute's Fifth Annual U.S. Cost of a Data Breach Study, the average cost for merchants dealing with a data breach in 2009 rose to more than $6.7 million. The cost per customer record breached was estimated at $204. These significant costs could easily put a small- or medium-sized operator out of business.
Unfortunately, the safeguards outlined by PCI-DSS come with immediate costs to operators. The conventional technology approach protecting store networks and maintaining PCI compliance has been an arduous, complex and expensive proposition. Most security technologies are overkill for the highly specific needs of convenience store merchants. The task of implementing the mandatory technology infrastructure and applications to meet PCI compliance requirements can be an intimidating task. As a result, many operators are still not taking the actions needed to ensure that credit and debit card information is secure.
Cloud Security: Reduced Cost and Complexity for PCI Compliance
Traditionally, with the introduction of each new application, convenience store operators have pieced together various technology components from multiple providers -- a secure router here, a new firewall there, maybe a security log management application. This type of security is hard enough for an enterprise with a full IT staff to implement and manage, let alone a one-man IT shop serving 20 stores over three states.
The use of security services delivered via servers in "the cloud" is changing this paradigm. Cloud-based services can turn a convenience store operator into the chief security and compliance officer of their own small business.
A standard convenience store network needs to include an internet connection, a firewall to protect who can get on and off the store network, a wireless scanner to protect against rogue wireless access points trying to steal information, and some form of security information, event and log management application to establish an audit trail for PCI compliance. If you need remote access to applications running at many different stores, you might also need a virtual private network connection. This means you could potentially have to purchase four different pieces of technology and deploy them at each store.
Then, you have to add the cost of keeping them up to date, or replacing them when they break. And with the speed at which Internet threats evolve these days, imagine how fast these security technologies become obsolete. So, every few years you're buying new equipment. It's not hard to see how fast the costs add up.
Cloud-based security services provide convenience store operators with the opportunity to slash these costs. With cloud security, all of the important security services are handled by a service provider at a remote data center. Owners can drop in a single security appliance at each location, which often will be pre-configured by the security service provider, and then never touch the device again. No additional equipment has to be maintained on premise. Nothing has to be updated or managed onsite. One IT person can literally manage the security and compliance of hundreds of stores from the comfort of a central office. Best of all, the store owner can make one annual payment, to one service provider, and eliminate the need to work with multiple different technology providers.
Convenience stores have traditionally been slow to adopt new technologies. This is particularly true with IT security. By making IT security both simple and affordable, cloud-based security services are fundamentally changing how convenience store owners protect both their customers and themselves.
Cliff Duffey has served as president and CEO since founding Cybera in February 2001. He has led Cybera from inception to being a leader in cloud-based network security services. Prior to Cybera, Duffey was chief technology officer at Bluestar, a regional DSL service provider that was purchased by Covad in 2000. Duffey has also served in executive and management roles at Ascend/Lucent, Intermedia Communications and Harris Corp. He holds a bachelor's degree in computer engineering from Clemson University.
Editor's note: The opinions expressed in this article are the author's, and do not necessarily reflect the views of Convenience Store News.