Archive

Posts Tagged ‘#NRF14’

AirTight Networks Joins with EarthLink for Social Wi-Fi and Analytics

January 13th, 2014

AirTight Networks secure cloud Wi-Fi will power EarthLink’s new WiFi/WIPS solution designed for the multi-unit retail industry. EarthLink announced the upcoming launch of this solution at NRF 2014.

Cloud, analytics, simplicity set AirTight apart

“Consumers are already using their mobile devices in-store to enhance their shopping experience. With EarthLink WiFi, retailers can roll out corporate applications to connect with those consumers and service them more efficiently, while gathering valuable data for marketing and store operations. AirTight’s offering stood apart with its cloud-based management, rich retail analytics and ease of deployment.” — Greg Griffiths, EarthLink Vice President of Retail Solutions

Live social media integration demo at NRF

The solution will be demonstrated at AirTight’s booth #1256 and EarthLink’s booth #1567. AirTight and EarthLink experts will be on hand to demonstrate and discuss the Wi-Fi offering. Visitors to either booth will get to experience the social media integration capabilities by logging into an actual social media portal. The demo will build AirTight’s and EarthLink’s social media reach, and visitors will get something of value – the same experience retailers are now able to provide in their stores.

Wi-Fi – now Infrastructure as a Service

“EarthLink’s full-service network capabilities make our enterprise-class Wi-Fi and security accessible to all retailers, whether small or large. Through our partnership with EarthLink, the technology can now be delivered as Infrastructure as a Service (IaaS). The IaaS model is ideal for multi-unit retail, where IT resources are often not available at an individual store level.” — Kevin McCauley, Director of Retail Market Development at AirTight

Retail-ready, “business first”

AirTight has served retailers for over a decade and has translated that knowledge into an enterprise-grade solution that does not compromise on features and security. AirTight’s secure cloud Wi-Fi dramatically reduces IT resources needed to roll-out and manage the network, resulting in low total cost of ownership. This is Wi-Fi with a “business first” approach, delivering business intelligence and brand engagement. The solution is retail-ready right out of the box, with secure guest and private Wi-Fi, PCI compliance scanning and 24/7 protection from wireless threats.

‘Appification’ of Wi-Fi

“The partnership with EarthLink validates the maturity of our cloud offering and our focus on the ‘appification of Wi-Fi. AirTight has raised the bar on wireless connectivity, converting it from ‘IT plumbing’ to a revenue-generating business initiative. We are excited about partnering with the number one managed service provider in North America and getting this solution into the hands of many more retailers.” — David King, CEO of AirTight

Are you at NRF? See the demo yourself and get a signed copy of The Retail Revival by Doug Stephens courtesy of AirTight. Meet Doug Stephens on our booth between 2 and 3 p.m. on Monday January 13, 2014.

NRF-2014

Retail, WiFi Access ,

Will Target Breach Prompt Retailers to Raise the Security Bar?

January 8th, 2014

Did 2013 have to end with the somber news of a big credit card security breach? But it did! It is reported that 40 million credit cards were compromised in the security breach in stores of a major U.S. retailer Target. This is only a shade second to the earlier TJX breach in which 45 million credit cards were compromised. (After this blog was published, it was reported that the number of affected accounts in the Target breach is as high as 110 million, which would make it more that double the TJX breach!)

After any breach, and surely after the breach of such dimension, discussion on the data security issues at the retailers escalates. Earlier, the TJX breach resulted in stricter wireless PCI (Payment Card Industry) compliance requirements. The current Target breach can also trigger tightening of the compliance requirements. This breach may also prompt IT, security and compliance managers at major retailers to take a hard look at the information security aspects of the various technologies that they have deployed. Add to it the fact that retailers are aggressively deploying mobile and wireless technologies like POS, kiosks and tablets in stores. What are some of the core issues they should be looking at?

Don’t be content with “compliance”, demand “security”!

Retailers in these types of breaches often pass the security audits like PCI with flying colors. That exposes the harsh reality that security is distinct from compliance. 2014 is the year of the world cup soccer (football). So let us use soccer analogy to understand this distinction.

Compliance vs security, wireless PCIWhen you are defending a free kick in soccer, you make a wall and your goalkeeper is on alert to block the ball that could go through or around the wall. No soccer team would be comfortable with a sole reliance on the wall and allowing the goalkeeper a break during the free kick. The wall is like “compliance” – it’s one line of defense.

Retailers work hard to get check marks from auditors on their PCI compliance. Vendor marketing does a good job of selling features that help get those coveted check marks. Compliance does help improve the security posture, but is it adequate? Every now and then, this line of defense is breached and if the goalkeeper isn’t standing behind the wall, you are toast! However, if you demand security in addition to the compliance check marks, you can build that inner line of defense.

How will you know if you have the inner line of defense or not?

That is a hard question. One way to answer it is that whether you have it or not depends on the compliance solution you have chosen. If you are using a solution which has compliance reporting bolted on to meet the compliance standard in letter, you probably lack the inner line of defense. On the other hand, if your solution offers PCI compliance as a natural outcome of the strong security fundamentals, you automatically get the inner line of defense.

I can testify to this dichotomy from my experiences with the wireless PCI compliance standard and solutions that are touted to facilitate meeting that standard. Many Wi-Fi vendors have come up with bolt-on WIPS (Wireless Intrusion Prevention System) features with check mark PCI reporting. The real question to ask is: While these systems generate PCI reports in letter and may please your auditor, will they pass the security scrutiny in spirit? So, what are some of the questions you should be asking when scrutinizing the wireless PCI solution to ensure that you are getting the security in addition to the compliance?

  • How much of the security information that the PCI report contains is based on actual scanning of the environment? I have seen many PCI reports based mostly or even entirely on the Q&A type documentation or PASS/FAIL check marks merely based on what feature configuration in enabled in the system. That is fail on security.
  • Is threat scanning 24×7 or is it only occasional spot scanning? PCI does not require 24×7 scanning. It only requires quarterly scanning, but didn’t we just say that we are not interested in mere PCI check marks, we want security. Notably, entire Target breach occurred only over 3 weeks – that is much smaller period than a quarter!
  • Does the scan merely throw raw data at you or does it filter out genuine threats so you can actually act to mitigate them? All too often, I have seen wireless PCI reports simply document all APs seen across all locations to satisfy the so called rogue AP scanning requirement. So, if the report shows 10,000 APs found in of the scan of 100 remote retail locations or 100,000 APs found across 1000 remote retail locations, how in the world are you going to distinguish threat posing APs from this list? If you can’t, this report will meet the PCI clause in letter, but fail miserably on improving the security posture.
  • Is the solution capable of detecting all types of vulnerabilities? For example, can it identify various types of rogue APs? If it only can identify a few types of rogues (such as rogues with correlation between their wired and wireless MAC addresses – so called MAC adjacency), how can you trust that report since there could be unidentified rogue APs connected to your CDE (Cardholder Data Environment) among the large number of APs detected during the scan?
  • Is the solution capable of automatically containing the identified vulnerabilities? Although automatic mitigation is not a PCI requirement, in large nationwide deployments, automatic containment is a requirement for security. Automatic containment reduces the window of vulnerability. Moreover, automatic containment has to occur without  false alarms which can disrupt your  and neighbors’ legitimate operations.
  • Is the solution certified against security standards other than PCI? Again, this is not a PCI requirement, but it meets the litmus test of strong security fundamentals of the solution.
  • Is the solution capable of full security operation at the store level without critical dependence on WAN links?

Does security have to cost more than compliance?

Again, the answer depends on the compliance solution you have chosen. If the solution has PCI compliance reporting bolted on to check against clauses in the standard, you will probably have to add security on top of it, paying considerably more from a total cost of ownership perspective or continue to carry the risk of a breach. On the other hand, if the solution offers PCI compliance as a natural outcome of the strong security fundamentals, you can get security without the extra effort or cost.

With Airtight, there isn’t a chasm between compliance and security

AirTight provides a wireless PCI compliance solution that also meets the critical security criteria. Central to AirTight’s solution is its best in class wireless intrusion prevention engine, the only one today to earn the highest industry ranking. It excels both in the depth of security and the ease of use at the same time – due to core innovations and patented technology. So with this PCI solution, retailers can enjoy the same level of security that financials, governments and defense organizations demand without the additional complexity and cost.

In order to simplify the deployment and management across 100’s or across 100’000’s locations, AirTight provides cloud managed PCI solution with its plug & play APs/scanners in stores and centralized management console in the cloud. In fact, it was the first to launch such a solution when wireless scanning was added in the PCI standard after the TJX breach in the past.

24×7 wireless PCI scanning and WIPS are an intrinsic part of AirTight’s Secure Wi-Fi offering and is provided at no extra licensing cost. It also offers pure OPEX pricing model for its solution to further alleviate the cost burden. Moreover, retailers can also leverage AirTight’s social Wi-Fi and business analytics built into its retail Wi-Fi offering to increase brand following, recruit into brand loyalty programs and offer secure guest Wi-Fi services in stores. It can’t get better than that!

Wishing you a happy and SECURE 2014!

Upcoming events

Meet AirTight at NRF14 on Jan 13-14 and at ACTS event on Jan 15.

Tune in to AirTight’s technology sessions at WFD6.

 

Best practices, Compliance, PCI, Retail, Wireless security , , , , , , , ,

The Holy Grail of Retail, Part 2

January 6th, 2014

This is part 2 of last week’s post The Holy Grail of Retail. In today’s installment, I discuss what it takes to reach it.

Operational Implementation

There is a set of coordinated technologies required to affect the Holy Grail. A complex set of variables if you will. It’s the responsibility of manufacturers to implement this set of technologies in such a way that they become a simplified, unified structure. This keeps the learning curve short, deployment and operational costs down, and assures a less error-prone implementation. Consider the following parts:

    • Wi-Fi infrastructure with cloud management & social media authentication
    • CRM system integration
    • Mobile devices, operating systems, and applications
    • Managed Service Provider (MSP) enablement (for those customers who want someone else to manage it for them)
    • Security services, such as WIPS and PCI compliance and reporting
    • Location services, which may be integrated with mobile applications
    • Infrastructure analytics and reporting, which may be tied into other systems

What’s even more of a challenge is when one or more of these technologies are provided by multiple vendors who have loose (or no) integration. I shudder to think…

Organizational Unity

Then there are the organizational challenges. While most people avoid this topic like the plague, I’m just the guy to bring it up because it’s reality and because ultimately those who care enough to investigate in this area will benefit.

I’m not young anymore, and I’ve been in the corporate world longer than I care to admit. If I know anything about corporate America, it’s that 9 out of 10 corporations are not operationally efficient or effective. We might have some bright minds and even good products or technology, but we often have poor peer (horizontal), reporting (vertical), and intra-/inter-departmental communication and even worse leadership and people management skills. It’s an epidemic and extremely costly, both to the individual corporation and to the American economy in general. Some other countries and cultures may differ, perhaps significantly, and I’m not speaking on their behalf, but being American, having lived in half a dozen states and worked in large and small companies across those states, I’m asserting that I know what I’m talking about regarding US-based companies.

So, to build upon that assertion, organizations are often unknowingly silo’d whereby, and THIS IS ONLY AN EXAMPLE, you might find within a prospective customer that a CIO and a CMO aren’t really communicating all that well. The CIO has her organizational perspective, goals, and tasks lists. The CMO has his organizational perspective, goals, and tasks lists. They should be coordinating and, at some point, their goals and execution should join hands for the benefit of the company and its customers, right? Well, they should, yes, but do they? Not always. In fact, not nearly as often as you might think.

In addition, most merchandising organizations within retailers are segmented by channel as well. What do I mean? The buyer who forecasts, orders, and is compensated on laundry detergent sales in-store is completely different than the buyer who forecasts, orders, and is compensated on laundry detergent sales online – within the same organization. If retailers want to truly enable ‘omni-channel’ services that are transparent to the customer and to provide a great customer experience, the internal organizational (which could even include the compensation structure) of retailers must change!

Obviously if you took a serious look at 1,000 companies of varied size across various vertical markets, you would find variations on high-level organizational issues, but you could expect findings like: poor communication, personality clashes, internal political situations, lack of leadership, lack of management skills, and probably more. These issues affect a retailer’s ability to execute on the Holy Grail just as much, if not more, than having the expertise and funding to execute on the operational implementation side of things.

Enter AirTight

How does AirTight, as a manufacturer, help retailers speed the Holy Grail process?

AirTight provides tightly-integrated technology solutions that are specifically tailored to the retail market. We understand the Holy Grail and how to reach it. Rather than just selling widgets to whomever will buy them, we have simplified a complex set of technology variables into a solution for the retail market.

AirTight provides enterprise-class Wi-Fi infrastructure with a user-friendly HTML5 management platform that can be delivered in one of four ways (hardware appliance, virtual appliance, private cloud, or public cloud) to offer flexibility and scale. Over the high-performance infrastructure, high-value services such as wireless intrusion prevention (WIPS), location services (RTLS), PCI compliance and reporting, robust analytics, social Wi-Fi authentication, BYOD on-boarding, and managed services enablement, and others are available.

Wi-Fi Holy Grail

The technology is there. Some vendors are ahead of others on integrating the complex set of system-wide components that enable the Holy Grail of Retail, and obviously I wouldn’t have spent my entire Friday night writing this blog if I didn’t believe that AirTight Networks was the front-runner among them. What I hope I have conveyed, however, is that there’s more to this puzzle than just some scattered technology and buzzwords. There are multiple technical pieces to the solution that have to be tightly integrated, and there is the human element, which is equally complex. Both are equally important if you are a retailer looking to nab your Holy Grail anytime soon.

NRF2014

Want to see this in action? See AirTight at NRF 2014, where will be demoing social media integration and retail analytics. Schedule an appointment, or stop by our booth 1256!

 

Retail, WiFi Access ,