Trusted Application and Data Security Verification in the Age of Hacking
By Yoav Kutner, Founder and CEO of Oro, Inc
To achieve trusted application and data security, B2B eCommerce solutions must examine and identify potentially vulnerable areas of the operation.
Few B2B eCommerce applications are built from the ground up to support sizeable B2B enterprises and complex, multi-level organizational hierarchies with thousands of employees and millions of website customers.
Incorporating multiple levels of enhanced security measures, ensure applications and data are protected, and maintain compliance with privacy regulations.
Application security features
With daily news of security hacks, B2B eCommerce solutions must provide unparalleled control and customizable access by user and support for complex hierarchies. Customers must take advantage of the latest in encryption and customize login protocols.
Access control
Using Access Control Lists (ACLs) to establish rules that grant or deny access to different data types includes sensitive data.
Every user in an application has a role, and every role has a set of permissions configured to perform or restrict actions to entities and system capabilities.
Different organizations choose to limit data access and control permissions on a level as granular as a personal basis.
All B2B companies must control what actions a user is permitted, whether it is just to view the latest sales report or entirely modify a customer’s order or authorize a payment.
Restricting sales to work with leads and opportunities is distinct from marketing which has access to manage marketing lists and campaigns; administrators access all systems globally.
Maintaining complete control over access to data and records directly from the UI (user interface) without the need for developer assistance is essential.
Layered configuration
Unlike B2C sellers, B2B structures and processes are generally quite complex. A single enterprise may offer both goods and services through multiple sub-organizations, with each having dedicated websites for different regions or countries. Many applications are built to tame the complexity of B2B enterprises.
B2B solutions want to set up and configure any application from the application configuration UI to specifically conform to company needs. Apply configuration at global, organization, website, and user levels.
Use Global settings to affect the entire application.
Tailor Organization settings to configure options specifically for each organization and configure each website to conform to the features needed at each level of the enterprise.
The user level configuration provides employees the ability to adapt certain application settings to personal preferences.
Global enterprises with multiple websites in various countries can set up the appropriate currencies and languages for each site. The ability to add different local warehouses, manage inventory options, control the products displayed and even how they are arranged on each website is critical.
A multi-layered configuration allows B2B businesses to adapt the application to fit virtually any need. This provides the flexibility necessary to keep data and applications secure in complex B2B, B2C, and B2B2C businesses with multi-level hierarchies, numerous organizations, and multiple websites.
Keeping Applications Secure
Encryption
To prevent security breaches, B2B eCommerce applications must encrypt original data to keep it secure. The company constantly reviews new technologies to support the latest and most robust encryption solutions.
- Database column encryption allows us to choose what pieces of data to encrypt instead of encrypting the entire database file.
- User passwords are stored as irreversible hashes not open or encrypted text.
- HTTPS forced redirect ensures the security of the link between the browser and the webserver.
- Safe architecture of the online payment process and out-of-the-box integrations with payment gateways keeps transactions secure
Password and session protection
B2B eCommerce products must incorporate the best password practices to help prevent unsafe passwords and motivate users to create strong credentials. Administrative personnel can customize password and login restrictions for application users to:
- Configure the desired password length and complexity
- Enforce password change policy and password history
- Limit the number of login attempts
- Lock accounts after several failed logins to prevent brute force attacks.
Supporting multi-factor authentication to strengthen application security creates an additional authentication factor.
Businesses must verify that the enterprise software they are using is secure
Application security processes must include PCI DSS and SOC2 compliance. These two badges are a must-have for any software dealing credit card info and with sensitive data.
They are a guarantee that the application does not just claim to be secure, but it was thoroughly audited by an unbiased third party and their ability to maintain highest security standards. Compliance must be confirmed to the auditors on a regular basis ensuring standards are maintained.
Data security is critical for any eCommerce company. B2B eCommerce applications frequently store customer personal data, credit card numbers, and support online payments.
Adhering to the latest security processes to prevent potential security threats, and constantly refines and improves security to remain on the cutting edge of safeguards, procedures, and policies to safeguard customer data.
About the author: Yoav Kutner is the Founder and CEO of Oro, Inc. Prior to founding Oro and building OroCommerce, OroCRM, and OroPlatform products, he was the CTO and Co-Founder of Magento, where he led product and technology development for all Magento offerings from inception until after its acquisition by eBay, Inc. He is a proven product visionary in the business application market. He received a Bachelor’s degree in Computer Science from UCLA.