Another reason for the security problem is that the amount of data being gathered today is far greater than had ever been anticipated by the designers of the security systems being used today.
"A truism in retail is that the only thing that grows faster than the proliferation of systems is the amount of data that is being collected, stored and manipulated throughout the chain. Its hard to get a handle on where all of that data is," Buzek said.
"It gets taken off a variety of different systems and stored in things like Excel sheets, and those Excel sheets are all over the place. This mass-retailing effect over the last 10 years simply has grown these businesses much further than security could handle. The proliferation of data and the proliferation of employees, and how many people are touching the data and Internet to the stores, and everybody having Internet at their desks and access to all these systems, all of that has simply gone way past what the security process is," Buzek said.
Rowen agrees that the sophistication of todays data collections has fallen far short of the capabilities of todays data management systems. To state the obvious, IT cant protect data it cant find.
"The amount of data being collected is unfathomable. The real problem is Where is it?" Rowen said. "I think that an awful lot of times, retailers are caught not really knowing what their own systems are, whether their motivation for not attacking this is a fear-based thing or a cost-based thing or a communication-based thing, it doesnt change the fact that there is a breakdown and a high level of siloed storage of this type of data."
The data problem becomes part of a vicious cycle of a growing retail segment, with mega-chains like Wal-Mart forcing the decisions of other retailers.
"When you have data that grows exponentially and staffing that doesnt grow or even shrinks, it causes quite a problem on the security front. Thats the effect of a Wal-Mart taking over so much of a marketplace," Buzek said. "Everybody else is reacting to that and many are reacting by cost-cutting. When you cost-cut, one of the first things that goes is security."
It seems that many retail execs need powerful fear-based reasons for setting strict security and privacy policies. OK, here are a few. A company today doesnt even have to get attacked by a criminal hacker to be devastated.
As the Veterans Administration and others have recently learned, all thats necessary is for an employee to take files home and be burglarized or perhaps take some disks and a laptop to the airport and lose the company property there. Whether the cause is criminal or careless, spying or sloppiness, the publicity from a breach can cripple a retailers reputation. And the media is in love with high-profile data problems. Thats Fear-Based Reason One.
Having strict data control policies is not merely the right thing to do, its also the safe thing to do.
Evan Schuman is retail editor for Ziff Davis Internets Enterprise Edit group. He has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop anytime soon. He can be reached at Evan_Schuman@ziffdavis.com.
Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.