For retail chains like Modell’s Sporting Goods, participating in the wireless technology revolution is hardly a luxury. Wireless means advancing new business models, achieving new operational efficiencies and delivering new services to customers. Retailers can hardly afford to wait to join in.
WiFi, says Modell’s director of network technology Tony Roman, offers retailers a degree of flexibility they cannot achieve from their wired networks. “You become very mobile,” he says, “and that’s the big thing today — mobility.”
Modell’s, a family-owned sporting goods, apparel and athletic footwear chain with more than 140 retail stores, launched WiFi largely for internal purposes, including inventory and vendor management, recalls, returns processing, price verification and remote communications with field supervisors and district managers. But with the retail industry intent on reaching customers through multiple selling channels, Roman says adapting wireless technology to the customer level “is in the works” as Modell’s builds out its infrastructure.
Yet as with any burgeoning technological advance, wireless security concerns bubble to the surface. To protect their WiFi buildouts, retailers are turning to intrusion protection systems.
Doing so is not just smart, it’s necessary, Roman says. Smart because a disastrous breach could spell a public relations and customer service nightmare. Necessary because PCI rules mandate that organizations processing electronic payments through wireless local area networks (LANs) protect data being transmitted via radio frequencies. Traditional firewalls for wired environments offer little help because they lack visibility into wireless traffic.
Wireless intrusion systems detect network issues by analyzing data across the radio spectrum. Systems can check for unauthorized devices on the network as well as anomalies like spoofing attacks, where intruders seek to inundate online networks with bogus files.
Through reporting, network administrations can quickly determine what threats are affecting the network and take steps to resolve them.
“When you are in a wireless environment, you have inherent threats that can affect your network,” Roman says. “One thing, of course, is somebody setting up a rogue client. With a rogue client, you can have somebody connect to your network via a wired connection and then transmit to an access point that is outside of your network.”
This means intruders can “pull files from your network to someplace else,” he says. “They can actually grab information out of the air from your access point.”
The wireless tipping point
After considering the solutions of various vendors, Modell’s selected SpectraGuard Enterprise from Mountain View, Calif.-based AirTight Networks. Such solutions have centralized and automated wireless detection and prevention protocols, offering subscription-based plug-and-play features that include portal-based administration, centralized policy enforcement and alert notification.
AirTight’s SpectraGuard Enterprise software-as-a-service solution is marketed as a complete, end-to-end platform that clients can host in their own data centers. AirTight also offers a cloud computing-based version of its solution that provides automated scanning and reporting responsibility exclusive of the client site.
Roman says it was vital for Modell’s to acquire a solution that would easily overlay and integrate with its existing infrastructure. Additionally, he placed a premium on the solution’s ability to prevent breaches around the clock without his staff having to intervene manually.
During a testing period at Modell’s Manhattan headquarters, Roman says his staff instantly was able to identify several violations of its corporate security policy.
Mike Baglietto, AirTight director of product marketing, says retailers’ fervent embrace of wireless technologies is being driven by what he calls the “consumerization of IT” — the proliferation of wireless devices like smartphones and tablet computers. Consumers’ growing use of mobile shopping and payment processing places the onus on retailers to ensure consumer data is protected within the wireless realm.
“What we’re seeing is that wireless is sort of at that tipping point right now [with retailers],” Baglietto says. “Everybody is trying to figure out how to leverage it for mobile retail and mobile payments.”
Finding rogue access points
As retailers undertake technology refreshes and add wireless components to their enterprises, PCI compliance comes into play. In July 2009, the PCI Security Standards Council wrote compliance guidelines for organizations that process cardholder and other data wirelessly, and recommended that large organizations employ automated intrusion solutions. Additionally, organizations must secure their wireless networks to ensure compliance with federal regulations, like the Sarbanes-Oxley Act governing public companies’ financial reporting.
“PCI comes up in every conversation we have in retail,” Baglietto says. “PCI compliance is not just wireless: It’s everything from database security to Internet security to every aspect of your network security. The rules are broad enough that they apply to Walmart as well as to Mike’s Bait Shop, but the problem with wireless is that it is not so simple.”
Baglietto explains that the focal point of wireless intrusion lies primarily in keeping intruders from compromising data on wired networks and then accessing it in a wireless environment. He says network administrators know how to find rogue access points, but preventing them from sprouting up is another issue.
“Now all of a sudden they have created a bridge from what was once a secure wired network that has no WiFi to an unsecured WiFi network,” he says. Rogue access points “create a bridge from the inside out. So it’s not just finding the rogue access points on the network, it’s finding all unauthorized wireless connections from the secure network.”
Modell’s expects to complete the store rollout of its wireless intrusion efforts this month, setting the stage for wireless customer engagement.
“What we would like to do in the future is offer our customers hotspot access systems to enhance their shopping experience,” Roman says. “Like many other retailers, we’re in the process of exploring our options to obtain true multi-channel capabilities” while also striving to “protect both the customer and our systems from intrusions.”