What Walmart Learned From the Target Data Breach | eWeek

What Walmart Learned From the Target Data Breach

Walmart CIO
Apr 30, 2015
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

LAS VEGAS—The Target data breach in 2013 sent shock waves through the retail industry that reached all the way to Walmart, the world’s largest retailer. In a keynote speech on April 28 at the InformationWeek Conference, co-located with the Interop conference here, Walmart CIO Karenann Terrell (pictured) answered a question from the audience about the impact of the Target breach.

“What Target taught the entire industry was that you can’t have any single point of failure,” Terrell said.

The ability to protect against every single potential breach vector is zero; that’s why layered security with a hard, crusty exterior protection layer is needed on each individual component, including infrastructure, data and applications, Terrell said. As part of a layered approach to security, analytics and data that tracks what is happening on a network from a threat-vector perspective is needed, she said, adding that it’s also important to watch the movement of data across an organization to see what happens.

Before the Target breach, Walmart knew about the need for multi-layered defensive strategy.

“We have multiple businesses, and in some areas, we look more like a bank than a retailer,” Terrell said. “So what we learned is that single points of failure anywhere can have really drastic effects, and the ability for an attack to go undetected for a period of time, just exponentially increases the damage that can occur.”

The Target breach had a greater impact on the public than many had expected, she said.

“What we learned is we have to have white-hat testing capability on staff for continual testing,” Terrell said.

In the post-Target breach era, Terrell has also focused on the malicious insider threat, which she sees as a real threat (though the Target breach was not caused by a malicious insider). Malicious insiders are extremely difficult to identify today, and that’s where data analytics can play a big role, she said.

Terrell’s keynote focused mostly on how to organize IT to deliver on business objectives. She described technology is a continuum, with a constant evolution of processes and tools.

Walmart has a different view on how it looks at legacy IT assets.

“We prefer to call it classic rather than legacy,” Terrell said.

Using the term “classic” is respectful for the people who are keeping the lights on, and Walmart doesn’t want to alienate people by labeling technology as “legacy” systems.

In addition, Terrell said, rolling IT modernization is just a new way of working. “We are in a continuous build-and-operate cycle now,” she said. “I think there will be a constant modernization of environments.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.