As multi-site retailers modernize and more IP-enabled devices are connected to their network, managing them becomes time-intensive and complex. Handling IT operations internally or tapping an outside managed network service provider comes down to three key considerations.
Whether you run IT for a national multi-site retailer, a growing c-store or a quick serve restaurant operator, it seems most of your time is spent attending to network or device issues.
It’s not your imagination. It’s getting tougher to make sure your stores’ network is up and running to prevent lost revenue and keep your customers happy. Part of the challenge is the changing expectations of tech-savvy, on-the-go lifestyle millennials who demand a connected experience wherever they go.
At the same time, new digital technologies like more sophisticated POS systems, kiosks, digital signage, mobile payments, and customer Wi-Fi can add complexity to managing your network and test the limits of your PCI-compliance.
Your IT team essentially has two options if you want to stay on top of the demands of today’s digital retail landscape.
1. Do-it-yourself (DIY) where you and your group go it alone and internally handle day-to-day network operations, security threats, PCI compliance, adding new technologies, and managing services upgrades across all your sites.
2. Managed Network Service Provider where an outside expert service provider handles your network design, connectivity, and security providing your team tools and applications to simplify PCI requirements and network management.
Four Key Considerations for Managing Your Network
To support your assessment, we offer four considerations to help you as your business expands and your IT needs become more complex.
1. Expertise: First and foremost, you need to assess your team’s skill in managing back-office functions required for cloud-based accounting, inventory, and time tracking software as well as Internet-enabled devices in stores like ATMs, temperature gauges, security systems, and self-service kiosks. All require secure, stable, and reliable connectivity.
2. POS Security: You handle a great deal of sensitive data when processing customer payments which increases network vulnerability. Being PCI-DSS compliant when accepting common forms of card payments is more critical than ever.
PCI compliance can be tricky and require many steps that retailers can overlook if they are not vigilant or adequately trained. Noncompliance can result in fines from card brands, but most importantly, failing to follow the guidelines dramatically increases the risk of a data breach.
Resource: The Five Gray Areas of PCI Compliance
That’s why many multi-site retailers opt for a PCI-compliant managed network and security services partner like Acumera to support their PCI compliance efforts. A partner can help navigate the often confusing process of card payments, strengthen the security of your customer data, and reduce PCI-compliance errors.
A trusted managed services partner can be expected to:
- Provide a responsibility matrix of what a PCI-compliant service provider handles and what is the business’ responsibility (e.g., physical inspections of all devices that touch customer data).
- Assist with firewall configuration as required by PCI requirement 1.2.1.b to help contain a data breach if one should occur. Firewalls are especially critical in limiting data exposure given the increasing variety and number of IoT devices like public Wi-Fi, printers, and “smart” technology.
- Monitor, disconnect and restrict remote access as required by PCI Standards 12.3.8 and 12.3.9
- Log and manage data as required by PCI Standards 10.7 which dictates how long where data is stored and log data should be encrypted.
- Diagram all card data flows as required by PCI Standards 1.1.3 to establish procedures to follow data through payment processing — ideally in real time.
- Zero Trust Networks (ZTN) and segmentation. ZTN assumes all network traffic is untrusted. A security architect ensures that anything added to the network is trusted. Segmentation splits the network into subnets that are and adequately secured and separated from the card data environment (CDE). By proactively architecting security into the CDE, segmentation is achieved, and threats are prevented.
3. Personnel or Staffing: Another critical consideration is maintaining the optimal level of staff. Do you have a team available 24/7 to monitor your network and handle an outage or data breach whenever and wherever one occurs? Can your team scale as your operations expand and your network management grow more complex?
The time spent on visits to troubleshoot store technology issues and manage PCI compliance can stretch your IT staff beyond its capacity. Without the necessary team, compliance can be relegated to the back burner as you stay focused on running your business.
Especially with today’s millennials, businesses that don’t deliver high speed, reliable connectivity can result in lost customers.
4. Budget: Closely related to staffing is budget. How is your IT budget best optimized? At what point is turning to managed network services partner a better use of resources than hiring and continually training more headcount? Depending on your needs, relying on an outside team will mean long-term cost savings for your company. Your team will also get back valuable time to focus on delivering revenue generating technologies that will also delight your customers.
DIY or selecting a partner each has its advantages. It comes down to the confidence you have in your organization’s IT capabilities and how you want to allocate your resources best. It is a prevailing ethos among IT professionals to handle whatever comes their way. However, at a certain point, turning to managed services will help your team be more productive.
Organizations that require an annual PCI compliance audit have many options when it comes to choosing a Qualified Security Assessor (QSA) company. While the PCI Security Standards Council validates each QSA company’s adherence to the PCI DSS, there are still differences between QSA companies, their approach …
Organizations can improve their compliance status and reduce the internal burden of compliance by carefully choosing PCI compliant service providers. Selecting the right provider for your company requires careful attention to detail since there is a wide variety of service providers and levels of services they …
Secure, remote connections to POS, ATG, DVR and other devices for fewer onsite tech visits and faster issue resolution
In the current environment of social distancing and uncertainty, as a store or restaurant operator, you are focusing on protecting staff, customers and your business. However, it’s also critical to make sure you don’t let your guard down when it comes to protecting your network. Even …