Adoption of O-RA for Secure Architecture of an ECommerce Platform

Printer-friendly version
Sub Heading: 
Satish K Sreenivasaiah, TATA Consultancy Services, India

Adoption of O-RA for Secure Architecture of an ECommerce Platform

Satish K Sreenivasaiah, TATA Consultancy Services, India

As we are aware, eCommerce product/application development companies, units are under constant pressure from business to meet the aggressive delivery timelines and faster time to market approaches to reach customers ahead of the competition. Development teams usually focus on getting the functional aspects right and worry less about security requirements despite its criticality to the success of business.

This presentation details how O-RA technical standard based on Open FAIR methodology can be leveraged to arrive at an effective risk analysis for an eCommerce platform from both business and technology perspectives, leading to definition of a secure architecture. The presenter shares his views in adopting O-RA during the project initiation phase to identify the risks, threat agents, threat event frequency, vulnerability, loss magnitude (if any) and related attributes for the online portal.  The analysis helps in identifying risks upfront that impact the stakeholders so that business and technology teams can take suitable measures in mitigating or accepting the risk.

If not for O-RA analysis and the resultant secure architecture, online platform can be rendered as an easy target for the exploits ending up in loss of revenue, loss of reputation, legal action from irate customers and other negative publicity events that impact the business and the stakeholders in a big way. Hence, it is of paramount importance for analyzing the risk and enable information security controls effectively in the architecture to mitigate the risk.

Leveraging FAIR basic risk analysis methodology, one can effectively analyse the risk in 4 stages by Scoping, Evaluating loss event frequency, loss magnitude and deriving and articulating risk. The value created by this analysis is immense for the organization as it addresses the following critical areas:

  • What are the actual information entities/assets that are at risk?
  • What are the threats that need to be accounted for and how often do they happen?
  • What are the vulnerabilities that really need to be addressed?
  • If threat really exploits any of the vulnerabilities, what is the loss magnitude?
  • What are the security controls that need to be put in place?

With the above probing analysis and right recommendations of security controls leading to definition of a secure architecture for an eCommerce platform, - business, technology and the stakeholders should be rest assured of increased customer satisfaction, revenue growth and improved reputation.

Key takeaways:

1. Application of Open FAIR O-RA in eCommerce
2. Definition of Security controls for an eCommerce platform

Satish K Sreenivasaiah is a Consultant in Tata Consultancy Services based out of Bangalore. He is part of the Product Trustworthy Center of Excellence that is responsible for certifying products on Security and Performance. He has overall experience of more than 15 years in IT industry and has held various positions of Solutions Architect, Lead Architect, Business Development Manager and Business Relationship Manger across the geographies.



Home | Sitemap | Privacy | Legal