Skip over navigation

Contact us to learn more about OroCommerce's capabilities

Contact us

B2B eCommerce

Podcast Recap: Security and Compliance in B2B eCommerce

May 27, 2022 | Oro Team

In our third episode, we sat down Jeff Man, Security Consultant, Advisor, and Information Security Evangelist. He was joined by Joseph Kirkpatrick, Founder, President, and IT Security Strategist of security auditor KirkpatrickPrice.

This episode also marks a turning point for the B2B Commerce UnCut podcast. 

We’re thrilled to introduce our new host, Jary Carter. His experience in B2B goes back to the early days of Magento. Later, he served as a Chief Revenue Officer at Oro, Inc, and now holds the same role at WordPress VIP. Jary is a talented, engaging, and truly one-of-a-kind interviewer, and we’re glad to have him on board!

Depending on who you ask, cybersecurity will mean different things. Most, however, will agree it’s not something you check off during an audit – but a complex and ever-changing process. Ultimately, this responsibility falls on everyone within the organization, from the CEO to the customer-facing employee.

In this engaging discussion on Security and Compliance in B2B eCommerce, we uncover numerous insights, best practices, and some entertaining stories involving enterprises and how they addressed their security challenges.

Our Guests at a Glance

Jeff has been an evangelist for data security for over 40 years. His experience spans security research, management, and product development roles for public and private companies as well as governmental agencies such as the Department of Defense and the National Security Agency.
Joseph is an IT security professional specializing in data security, cybersecurity, IT governance, and regulatory compliance. He is a CPA with 25 years of experience, holding CISSP, CISA, CGEIT, CRISC, and QSA certifications. He spearheaded numerous initiatives at KirkpatrickPirce and led thousands of audit reports and IT security engagements around the world.

Episode Highlights

What is cybersecurity?

“It really depends who you ask this question,” believes Man. Some see compliance as a silly nuisance exercise and it’s not real security. Therefore, it’s viewed by one camp as a simple checklist to follow and requirements to meet.

“I’ve worked with companies that had a list of over 400 specific requirements, and they struggled to do every single one of them,” continues Man. And as time goes on, they struggle to consistently meet these requirements.

Are security and compliance the same thing?

Compliance is a one-time once-a-year, come in and see how you’re doing deal. And security is something that you do all the time, admits Man. Security is about doing specific actions to prevent bad things from happening to your organization. 

“Both [security and compliance] are reflective,” says Man. The goal is to detect how prepared a company is to deal with something terrible happening to the organization. And hopefully, minimizing the damages and consequences of that.

What is required of manufacturers and distributors?

Most organizations moving online from a traditional brick-and-mortar environment are eager to do business online. “So there’s a bit of a reactive response to things that a customer or a regulatory body may ask,” says Kirkpatrick. 

Today privacy is at the forefront. You really have to be aware of the laws relevant to your line of business and where you’re doing business. For example, in California, there’s the Consumer Protection Act. If you are working with a client in Europe, you have to be concerned about GDPR.

“Lastly, B2B businesses are quite complex,” says Kirkpatrick. Organizations tend to share data with other business units or entities that the company owns, not to mention various third parties. It’s just some of the considerations businesses should explore.

What is the current state of B2B enterprise security?

I was excited with the industry 10 years ago, admits Kirkpatrick. “I thought, were at the peak. But the funny thing is, I can say the same thing right now.”

Take the releases that come out from government agencies from industry groups, he continues. It’s impossible to keep up with them.

The trend is now “What do we not know?” With every new release, there’s a breach that we didn’t know about. So it’s constant checking, revelation, and the never-ending pursuit of the unknown.

Quotes and Takeaways

The essence of enterprise security is that we learn from bad things happening. - Jeff Man
There’s a strong desire for people within organizations to pass the buck on security, and they don't want to feel responsible. It’s just human nature. - Joseph Kirkpatrick

They feel unprepared; they don’t have the knowledge; they don’t have the skills to confront this growing complicated threat. And so they just want somebody to be responsible for it.

There's a mistaken belief [initially by consumers and now enterprises] that…security is going to be taken care of somebody else. - Jeff Man

At the same time, there’s tension between users, organizations, and technology providers, believes Man. The prevailing thought is that technology should solve everything; the technology should be secure. So it’s both an education issue and a responsibility issue.

It’s not enough to put the technology in place - you must also know what to do with the results and the outcomes. - Joseph Kirkpatrick
There's no one pill to swallow - service providers, auditors, and technology all bear responsibility. - Joseph Kirkpatrick
If you think of security as a burden, you've already lost. you can outsource the responsibility, but that doesn't mean you've outsourced the liability. - Jeff Man

You can listen to the podcast and view the full transcript here.

Liked this episode of B2B eCommerce UnCut? We want to hear from you! Ask us a question, suggest a topic, or leave feedback by heading to our podcast landing page.

Back to top