In an E-commerce environment, the risks associated with availability, performance, scalability and security should take priority in building a risk mitigation strategy. These factors are critical to consider even in a hosted E-commerce environment and should be addressed whether the organization is small, medium or large, currently running an E-commerce environment, or thinking of starting an E-commerce site. Others that will find this information helpful are organizations wanting to know more about mitigating risks to an E-commerce environment as well as maximizing customer trust when using their platform.
This article serves to identify various areas of risk that are commonly associated with an E-commerce environment. It applies to a broad range of audiences from a single merchant hosting their own E-commerce site, to a hosting provider for E-commerce merchants, to a company that makes shopping cart software, or even someone looking into Cloud offerings as a solution. Because E-commerce technologies can apply to a myriad of businesses, the applicability is moreover based on a business's goals with their E-commerce platform.
The Biggest Risk
The overarching risk to any business doing online transactions is not having an overall E-commerce strategy, especially when it comes to the compliance requirements of which a merchant may or may not fully understand or even be aware. Standards can be worked through until the requirements have been met but this doesn't always equate to a solid E-commerce strategy. Tactical risks to an E-commerce environment include availability, performance, scalability and security.
In short, availability—the lack of which is a big risk to an E-commerce site—means having the ability to handle faults and still continue operations. If your environment were to encounter an issue with a patch, an update to code, a service failure or even a hardware component, what would happen to your site? Would it still be able to serve your customers? If not, do you have a 'sorry' page or a contingency plan in case an issue arose that could not be quickly resolved? With DDoS attacks on the rise, would your environment be able to function if attacked, and are tools available or in place to detect and mitigate this type of unwanted traffic?
Say your marketing effort was more successful than expected and site visits raise exponentially, is your environment prepared to handle large bursts of traffic or would this traffic cause your environment to shut down and become unavailable, effectively canceling out your marketing efforts? Any of these events could cause loss of availability to your site, especially without an E-commerce strategy. If these, or similar types of situations, could potentially happen to your environment, it is imperative that you address availability with your hosting provider.
Stable and reliable performance is also a critical factor for an E-commerce environment. If a site does not respond in a timely fashion or reacts erratically it is likely that a consumer will abandon the site. Performance must be monitored in real time as well as over a period of time. Tools should be put in place to determine if resources are overtaxed from both a hardware perspective and from a response perspective. Without tools to test the overall responsiveness of a site and send an alert when the site is not performing as it should, an E-commerce merchant can lose valuable response time.
Performance should be considered throughout the entire E-commerce environment—from network throughput to disk I/O and even memory or CPU utilization—as the single weakest link can cause the entire environment to respond poorly. Keep these things in mind when you are defining a strategy for your E-commerce environment, especially when it comes to performance.
Scalability for an E-commerce site or environment could mean different things to different merchants. For instance, some merchant sites may experience predictable seasonal traffic which provides time to prepare the environment. Other sites—particularly new sites—may not know what levels of traffic to expect but want to be adequately prepared. Both environments need to have a strategy in place to account for scalability but may end up taking vastly different approaches.
One of the biggest scalability questions for any E-commerce site is focused on how many connections the site can handle, which is a difficult question to answer without performing tests. Every system has physical limits and most E-commerce environments will have some uniqueness to them. That said, the only real way to know an environment's scaling capacity is to test all aspects of the site and view the results from an end user's perspective. The end user experience is the true factor that will help measure an E-commerce site's ability to scale; hardware alone is not enough.
Security is perhaps the broadest topic when it comes to an E-commerce site, but the risks of security could have devastating effects to an organization if an incident were to occur—especially if the site transmits or stores cardholder data. A single incident which involves the breach of sensitive cardholder data could involve large fines, and in many cases, bad press and a loss of trust and credibility. Types of security risk depend on the merchant's strategy toward handling the payment transaction at the visitor's point of purchase.
While transactions involving a customer's sensitive data are the most obvious areas of security risk, it is important to note that the overall security of an E-commerce environment is still at risk and steps should still be taken to protect any Internet-facing environment.
Performance, availability, scalability and security are critical factors to address in building a solid risk mitigation strategy in any E-commerce environment. By understanding the potential threats to each of these factors, businesses can proactively build customer trust and create a sound E-commerce experience with each site visit and transaction.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License