Computer security in the world of e-commerce.

The growth of the e-commerce sector has been accompanied in recent years by an increasing number of cyberattacks.

Sites under Magento 1 have recently paid the price, these attacks have had several destructive effects on e-merchants; by combining: unavailability of the website, loss of user confidence, theft of sensitive data and often a ransom to be paid to recover this data and see the site come back online.

secu Computer security in the world of e-commerce.

But as an e-merchant, how can you best protect yourself against this type of attack?

First of all, it is necessary to choose an e-commerce partner offering their solution in SAAS (Solution As A Service) and not in On Premise mode (because not updated) or Open Source (whose attacks jumped by more than 50% in 2019).

In fact, in mode SAAS, it is the publisher who bears the hosting of the data and therefore the risks of attacks which result therefrom. They therefore protect themselves more strongly to limit threats.

Nevertheless, even among solution editors in SAAS security levels may turn out to be disparate. Several points should therefore be considered.

First of all, in what type of data center is the data hosted, because several levels of data center are possible:

  • Tier 1: “A Tier 1 data center has only one electrical circuit and one cooling distribution circuit and has no redundant components. Its availability is 99,67% and its customers must take into account an annual interruption of 28 hours. »
  • Tier 2: “This level is assigned to a data center having an electrical circuit and a cooling distribution circuit, with redundant components. The availability offered is 99,75% and 22 hours of downtime must be expected each year. »
  • Tier 3: “Tier 3 classification is given to a data center with multiple power supply and cooling distribution circuits. The availability offered must be 99,982% with an interruption limited to a little more than one hour and a half each year. »
  • Tier 4: “This classification corresponds to the best level of guarantee for a data center and is granted only if the data center has several circuits ensuring the supply of electricity and the distribution of cooling. Customers who choose a data center with this level therefore benefit from a total guarantee for the protection of their stocks of computerized data. »

Tier 4 is therefore the preferred level, allowing you to protect yourself against the loss of your data following untimely power cuts while delivering the best availability rate for your customers.

The second point to pay attention to will be the geographical location of this data center. Accommodation in France (or at least on European territory) is to be preferred, because you will be guaranteed:

  • Proximity to the service provider allowing you to easily visit the facilities and maintain a direct link with the structure.
  • Compliance with European legislation, particularly in terms of compliance with the GDPR.
  • Respect for confidentiality. The law applied depends on the geographical location of your infrastructure, it is advisable to choose an area where you are aware of the law in force, otherwise you will have disappointments. Thus, for example, going through a service provider with a data center on American soil, and in the event of a dispute, the competent court will be the American court, exposing you to confidentiality problems since the implementation of the law. Cloud Act (more details on this law in the source of this article).

It is also important to know how often the backups of your data are made on the server: the most regularly being of course desired.

Finally, to ensure optimal security, check if your host performs recurring penetration tests. As the IT industry is constantly evolving, you need to stay abreast of new attack “trends” and test them on your own IT infrastructure. Intrusion tests can thus be carried out on an annual basis in order to verify the vulnerability of its defense against these new attacks and to adapt according to the result obtained.

More information on the Cloud Act:

https://www.journaldunet.com/solutions/cloud-computing/1488080-comment-remedier-auxravages-du-cloud-act/  https://www.marianne.net/monde/cloud-act-malgre-la-rgpd-les-etats-unis-l-assaut-de-vos-donneespersonnelles

sources:

https://www.cnil.fr/fr/garantir-la-securite-des-donnees https://www.ipe.fr/la-securite-informatique-des-entreprises-de-commerce/ https://www.expressnews.fr/securite-informatique-e-shop/ https://ledabelle.com/datacenter-tier-1-2-3-et-4-quelles-differences/ https://www.ivision.fr/hebergement-e-commerce-3-criteres-pour-bien-choisir-son-hebergeur/ https://infodujour.fr/economie/14165-cybersecurite-un-cout-eleve-pour-lentreprise
https://www.ecommerce-nation.fr/saas-vs-open-source/ https://www.lemondeinformatique.fr/actualites/lire-les-failles-des-logiciels-open-source-bondissenten-2019-78467.html