By Dan Dinnar (as posted on HelpNetSecurity)
Your website is the primary way your customers interact with your enterprise. You envision and create a website to:
- Enhance customer engagement and conversion of visitors to customers.
- Optimize revenue per customer.
- Create repeat customers.
- Retain customers, i.e., avoid customer attrition and abandonment.
Adding security to the overall business strategy should initiate the following questions to ensure you are making informed decisions for the safety of your brand and your customers.
1. What scripts are running right now on my website?
What services and scripts are you utilizing to optimize your website? Going a step beyond that, what scripts are running on your website?
There are thousands of third-party website scripts marketing teams routinely employ to achieve these goals. They include analytics, trackers, live or virtual customer engagement, social media scripts, and site monetization through advertising – just to name a few. New and innovative website scripts are constantly being released and those enterprises that best leverage them are at an advantage relative to their peers and competitors.
However, your security department limits your usage of these powerful scripts by:
- Limiting how many third party scripts you use on your website.
- Restricting your usage to mature tools and scripts and limiting your usage of newer, more innovative ones.
- Preventing your usage of third-party scripts in your most impactful (but also sensitive) areas of your website.
Although these limitations were once put in place for good reason, they are absolutely constraining your ability to achieve the goal of maximizing business performance through optimization of your website capabilities.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.
