At the recent Magento Association (MA) Connect 2021 event, Webscale’s Head of Strategic Partnerships, Adrian Luna, presented a session on Magento Security at the Edge: Cyber Crime’s Next Hunting Ground. Adrian spoke about modernizing cloud security and showcased Webscale CloudEDGE Security, the industry’s most comprehensive security stack, deployed alongside any WAF and CDN, and built to secure both Adobe Commerce Cloud and on-prem licensed versions.
Noah Oken-Berg, CEO and Co-founder of leading digital agency, Above The Fray, was the moderator. Access the full session here or check out our short summary of the discussion below.
2020-2021: Unprecedented growth fosters unprecedented threats
The ecommerce industry witnessed a decade’s worth of growth in the matter of a few months in 2020, as more and more consumers became online shoppers overnight and ecommerce, as a percentage of total retail sales in the U.S., touched a record high of 40%. The unprecedented spike in ecommerce has led to cybercriminals increasingly targeting online businesses, not to mention their customers, who transitioned to remote work, opening up an even larger attack surface with more vulnerabilities. Automation and comprehensive 360-degree security are critical needs for ecommerce businesses to be successful and protect the data of their customers.
Our 2021 Global Ecommerce Security Report shares valuable insights gathered from over 1500 ecommerce professionals we surveyed. Download the free report here.
Taking the security fight to the edge
According to Gartner, 75% of enterprise-generated data will be created and processed outside a traditional centralized data center or cloud, by 2025. So the edge is a term that we all are going to hear a lot more. With that evolution, comes new cybersecurity threats.
Modernizing Magento security is all about building 360-degree security whatever the deployment model. So, for fully hosted Adobe/Magento Commerce Cloud, headless or PWA deployments, or even on-prem applications, we can deploy our award winning security platform at the traffic edge alongside traditional WAFs and CDNs. This is a highly customizable and scalable solution, purpose-built for the ecommerce segment. It uses automation and analytics to proactively identify and protect web applications from the frontend through web traffic, malicious code inserted into the backend, or from browsers executing scripts to steal sensitive information.
Magento Hosting and Security
Magento hosting can be a bit of a choose your own adventure – self hosting or on-prem – which means either going with their self hosted Commerce Cloud platform (All-in-one), or working with a managed Magento hosting provider.
There are levels of management for each of them. But remember, hosting and security management are not the same thing, especially when you talk about edge security, and there are inherent product gaps, regardless of what path you choose to take. And typically, what you’ll find is there is an arm’s length relationship between the hosting and the security provider with some of these traditional hosting providers, or even some of the hosted commerce cloud platforms.
We hear it all the time – a customer saying, “hey, I’m having an issue,” and the ecommerce platform or the hosting provider saying, “I’ve put in a ticket with the security vendor and I’m waiting for a response.” That’s the challenge of working with a platform that, instead of being a deeply integrated solution from a single vendor (like Webscale), is in reality, a collection of cobbled together components from a number of different providers.
- Define your broader security framework, invest in it and follow it
- Implement logging and control outside of the CDE
- Monitor everything
- Partner wisely and benefit from others’ experience
Audience question: Does Webscale WAF enforce Magento soft CSP configurations and/or provide another layer to configure them?
Yes, Webscale enforces Magento soft CSP, but we believe very much in delivering that CSP outside of what’s built into Magento already and doing that closer to the edge as SaaS.