Target to hire 1,000 for IT, reduce outsourcing

Target (NYSE:TGT) has a new plan to boost its technology capabilities. To reduce reliance on outsourcing, the retailer is hiring 1,000 people for IT, including 500 software engineers to focus on mobile and open-source tools for its online endeavors.

The retailer had previously laid off 275 employees from its IT function in August, but new CIO Mike McNamara, hired in February, said he wants to focus on agile development and open-source technology, among other up-to-date IT practices, The Wall Street Journal reported. This comes almost two years after the massive data breach that greatly damaged the company's image and sales, was one of the first of a series of major breaches at retail companies, and led to the industry's focus on security as a top priority.

By keeping the intellectual property generated by the in-house software engineers, the company can preserve competitive advantage, McNamara told WSJ's CIO Journal. Target had been outsourcing significant parts of its application development and backend systems to India and domestic companies including Infosys and IBM. "We got to a stage where almost half the team is in third parties. It's unhealthy," he said.

Target can boost its market advantage over competitors by making strategic use of technology, optimizing the supply chain, and cutting the time it takes to get products to customers. "If you can get advantage through shorter lead times, you don't want a third-party provider sending it to Retailer B down the road."

The retailer's plans call for additional engineers at the Minneapolis headquarters who have skills and knowledge of open-source technology, such as Hadoop data management software, Jira project tracking tools, the Cassandra database and Kafka message broker tools. Target will hire 500 more at its in Bangalore, India, IT facility.

Walmart also has been upgrading its IT capabilities by transforming e-commerce operations to open-source software and searching for IT talent from online companies like eBay. In related news, Visa, which is expanding its digital financial services, is in the process of hiring 2,000 technology professionals, including security experts and software developers.

McNamara was formerly at Tesco in the U.K. and joined Target in February. He replaced interim CIO Bob DeRodes, who was hired to stabilize the company's internal IT after the 2013 data breach compromised 40 million credit and debit card accounts. Beth Jacob, the CIO in place at the time of the breach, left the company in March 2014.

Target proposed a $10 million settlement in March as part of a class-action lawsuit related to the breach. Then in August, reports surfaced that Target was nearing a settlement with MasterCard, similar to a $67 million deal it reached with Visa that month. A previous $19 million settlement with MasterCard fell through in May when card-issuing banks and credit unions did not agree.

Meanwhile, confidential information about the 2013 breach that has just been made public confirms the informed conjecture of pundits, according to security expert Brian Krebs writing in his Krebs on Security blog. An assessment by Verizon security experts said, "Once inside Target's network, there was nothing to stop attackers from gaining direct and complete access to every single cash register in every Target store," he wrote.

Verizon found no controls limiting "access to any system, including devices within stores such as point of sale (POS) registers and servers." Krebs said this supports the theory that a breach at a small heating and air conditioning firm in Pennsylvania led to criminals stealing the virtual, private-network credentials that technicians used to connect remotely to the Target network.

Molly Snyder, a Target spokesperson, would not confirm or deny the authenticity of the newly revealed documents, but pointed out the strides the retailer has made in cybersecurity. "We've brought in new leaders, built teams, and opened a state-of-the-art cyber fusion center. We are proud of where we stand as a company and will be absolutely committed to being a leader on cybersecurity going forward," she said.

For more:
-See this article in The Wall Street Journal
-See this Krebs on Security blog post

Related stories:
The strategy behind Target's digital transformation
Target accelerates $100 million chip-and-PIN adoption
Target opens cybersecurity center to fight online threats
Krebs on Security: why retailers need a better response to data breaches
How to prevent Target-like data breaches