Ecommerce is broad topic spanning many areas of an organization: business, technical, and users to name a few. Though these areas have differing goals and objectives, they have to work together to build and maintain a successful end-to-end buying experience. Consider the following sample of stakeholder concerns around an ecommerce site:
Each perspective adds value to the overall strategy. However, accounting for each voice means there is no one-size-fits-all ecommerce strategy applicable to every organization.
Current ecommerce merchants or anyone thinking about entering the world of ecommerce must consider the demands of multiple stakeholders to build a successful strategy. Whose goals and objectives are most important? Ultimately, the desired customer experience drives the business focus, the technologies used, and the security measures implemented to build trust, loyalty, repeat business, and referrals.
Is an Ecommerce Strategy Important to My Business?
Having an ecommerce strategy helps you meet your goals and objectives—regardless of your organization’s focus. We’ve established that there is no one-size-fits-all strategy, and that no one strategy is better than another. The key, then, is ensuring that you have a strategy appropriate for your unique business needs.
What Happens without Strategy?
Best case scenario, nothing. But the worst case scenario could cause a breach of customer information resulting in the loss of customer trust, large fines, bad press, and other associated horror stories. Imagine a great marketing opportunity that gets your website or product a prominent media mention. When hordes of eager customers come knocking at your site, there’s no answer because your site crashed under the load. We’ve all heard stories of large-scale security breaches that damage a company’s reputation and stock price. Many of these types of disasters arise from an incomplete or non-existent strategy.
Starting with a sound ecommerce strategy helps you identify and plan for gaps, account for compliance, and support customer experience by thoroughly considering all the moving parts of your store.
If sensitive consumer information is transmitted, stored and/or processed through your ecommerce system, you need to factor compliance into your strategy. Compliance plays an important role in the architecture and security requirements of your ecommerce site. As such, it is extremely important to understand the role an ecommerce system plays in the payment card authorization process.
If an ecommerce system processes, stores and/or transmits cardholder information, specifically the primary account number, Payment Card Industry Data Security Standards (PCI DSS) compliance is required. Measures to meet those requirements should be included in the inventory.
Ecommerce sites have three ways to meet the PCI DSS requirements. Merchants can either:
Ultimately, the route an organization takes to meet the requirements of PCI-DSS is a business decision and should be evaluated carefully. Each approach has benefits and downfalls to consider.
96% of businesses in 2012 that were subject to PCI DSS and suffered a breach were not in compliance.1
Ecommerce transactions must be performed in a way that helps build consumer trust by limiting the risk of fraudulent activities, while ensuring the privacy of consumer information. The reality, however, is that since 2005, the Privacy Rights Clearinghouse has recorded over 152 million breached records resulting from retail transactions in the U.S. alone.2 These records include credit card numbers, personally identifiable information, or other cardholder data that was lost, stolen, or accessed without authorization.
PCI Benefits to Business
To minimize this risk, the Payment Card Industry (PCI) created a commission, the Payment Card Industry Security Standards Council (PCI SSC), charged with setting and maintaining the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS helps alleviate the vulnerabilities associated with the transmission, storage, and/or processing of cardholder data, specifically the Primary Account Number.
Achieving compliance with PCI DSS is a continuous process of performing assessments, remediation efforts, and reporting the results. The Council maintains a library of documentation to help merchants and service providers mitigate risk and maintain secure online transactions.
General PCI Best Practices
Because ecommerce is more complex than simply purchasing a shopping cart or setting up an account on Square or PayPal, businesses that utilize online transactions must first identify potential risks both to the consumer and to the business itself. Once risks are identified, they should then consider how well existing resources can meet those needs and mitigate risks. If the existing resources cannot sufficiently and reliably perform those functions the business should consider a solution that best fits the business and protects all parties according to PCI DSS.
Overall Site Security
PCI DSS is based on best practices for the protection of sensitive cardholder information. There is little to no guidance on how to scale an ecommerce environment while maintaining compliance and performance. Nor does it provide guidance on how to manage elements of an ecommerce strategy outside of PCI compliance. Additionally, the systems (server, storage system, etc.) that support ecommerce transactions are not always in the scope of PCI DSS. This is an area where hybrid cloud solutions, which allow merchants to combine cloud and dedicated or on-premises gear, is growing. With a hybrid approach, merchants can take advantage of cloud efficiencies while maintaining compliant systems to actually transmit, process, and/or store cardholder information.
Outside of PCI DSS compliance, ecommerce websites have a host of other security considerations that need to be captured and accounted for when building out strategy. Malicious attacks from DDoS attacks and email-borne viruses can still grind operations of a compliant site to a halt.
Just as compliance plays an important role in the architecture of the environment, risks to performance, availability, and scalability are equally important.
97% of breaches in 2012 were avoidable through simple or intermediate controls3
The risk mitigation portion of an ecommerce strategy includes threats associated with availability, performance, and scalability. The areas discussed in this paper represent a broad range of audiences from a single merchant hosting their own ecommerce site, to a hosting provider for ecommerce merchants, to a company that makes shopping cart software, or someone considering public or hybrid cloud offerings as an ecommerce solution.
Not having the ability to handle faults or spikes to maintain operations is a big risk to an ecommerce site. If your environment encounters an issue with a patch, an update to code, a service or hardware component failure, or a natural disaster, what happens to your site? Can it still serve your customers? If not, do you have a ‘sorry’ page or a contingency plan for expected and unexpected downtime issues that cannot be quickly resolved?
Nearly half of companies (48%) report that downtime negatively impacts their brand and reputation.4
Say your marketing effort was more successful than expected, is your environment prepared to handle large bursts of traffic or would it cancel out your marketing efforts by shutting down and becoming unavailable? Your ecommerce strategy must identify and address infrastructure needs to support availability.
Stable and reliable performance is also a critical factor for an ecommerce environment. If a site does not respond in a timely fashion or reacts erratically, customers will abandon the site. Performance must be monitored in real time and over a period of time to determine if resources are overtaxed from both a hardware perspective and from a response perspective. Without these tools to test and monitor the overall responsiveness of a site, an ecommerce merchant could lose valuable response time without even knowing it.
Performance should be considered throughout the entire ecommerce environment—from network throughput to disk I/O and even memory or CPU utilization—as the single weakest link can cause the entire environment to respond poorly.
1-sec delay in response can lead to 7% drop in conversions.5
Your store needs to deliver a consistent experience whether serving five concurrent users or 5,000 concurrent users. Some merchant sites may experience predictable seasonal traffic which provides time to prepare the environment. Other sites—particularly new sites—may not know what levels of traffic to expect but need to be adequately prepared. Both environments need to have a strategy in place to account for scalability but may end up taking vastly different approaches.
One of the biggest scalability questions for any ecommerce site is focused on how many connections the site can handle, which is a difficult question to answer without performing tests. Every system has physical limits and most ecommerce environments will have some uniqueness to them. The only real way to know an environment’s scaling capacity is to test all aspects of the site and view the results from an end user’s perspective.
Performance, availability, scalability, and compliance and security are critical factors in building a solid risk mitigation strategy in any ecommerce environment. By understanding the potential threats to each of these factors, you can start evaluating ideal site flow and building an inventory to serve as the foundation of a strategy to create the optimal ecommerce experience with each site visit and transaction.
Choosing Your Ecommerce Store Platform
The effort needed to execute a sound ecommerce strategy revolves around the platform you choose to run your store. There is no one-size-fits-all answer applicable to every ecommerce site. Each operator needs to review their options against their strategy to choose the right combination. Options include:
Sit in the role of the consumer and follow the steps they need to take to purchase on your site. Though it sounds simple, taking the time to carefully connect all the dots between the inventory line items, back-end processes, and customer experience to find and fix gaps is critical to future success.
The following sample connects the site flow process as categorized into areas of focus: business, technical, and customer facing activities:
With an understanding of how your site needs to operate (Steps 1 & 2) and the processes required to support user experience (Step 3), you’re ready to create an inventory.
Plan for Mobile: Mobile commerce (M-commerce) accounts for 1 in 10 e-commerce6 dollars and is set to grow to $86 billion by 2016.7 Incorporating mobile elements (design, features, and infrastructure) to best represent your brand and web properties across multiple devices gives you more access to more opportunities to engage.
An inventory defines the pieces that make up an entire ecommerce site allowing the organization to take a strategic look at the individual components it has, or needs to have, in order to operate. An ecommerce site’s inventory may include:
These items span across departments. All stakeholders should point out aspects of their particular focus that are not represented. For example, examining the inventory from a business perspective may point out that marketing isn’t listed, and without marketing there wouldn’t be any customers visiting the site. The technical perspective points out that there isn’t any hardware or even a data center listed. The security perspective points out that there isn’t a firewall, SSL certificate, or the 200+ other requirements that should be considered for an ecommerce site. All of these points are valid and demonstrate that each organization’s ecommerce inventory is unique and needs to be tied to your goals and the requirements of those goals.
The average site visitor never considers most items in the inventory, but the inventory must capture as much information—high-level and granular details—to formulate a solid site strategy for a seamless experience. What customers will notice is the site’s ease of use, its accessibility, its performance and its availability, none of which are listed on the inventory. The educated consumer might also pay attention to the privacy or chargeback policy, the ‘lock’ or ‘green bar’ image on the browser (Extended Validation), the available payment options, or even the ability to purchase over a mobile device (M-commerce). A well-developed inventory guides the strategy that delivers a superior user experience. It can also uncover areas for improvement and those areas no one thinks about until something goes wrong, like security or shopping cart functionality.
Creating a vetted inventory is exhausting, however it’s an important first step to understanding how all of the site’s pieces work together. Once you’ve completed this inventory, you’ll have a better understanding of what you need to do to implement the technologies and processes needed to support your site.
According to the 2013 Forrester and Shop.org “The State of Retailing Online” study, the benefits of incorporating the elements of ecommerce strategy discussed in this paper do pay off. For example, survey respondents indicated a 40% increase in ecommerce-related IT spending gained a 58% increase in conversions between 2011 and 2012.8 If your site isn’t designed to bring customers back, you could lose the 41% of sales accounted for by repeat customers. This may explain why four out of five respondents plan on re-designing to optimize their ecommerce properties this year. The impact of building and executing a thorough ecommerce strategy can mean the difference between the success and failure of your ecommerce empire.
From planning to deployment, we’re here to serve you. Whether you need our Enterprise Cloud Services team to help plan your configuration, Critical Application Services for guaranteed uptime, or our experienced, Fanatical Support® staff to help manage your server—we’re available. Hundreds of thousands of businesses count on Rackspace due to our experience, commitment to transparency, and responsiveness. Our focus on support is why we we’re the #1 hosting provider to the top 1,000 web retailers, according to InternetRetailer.com.
Real Customers Talk Real Benefits Employing Rackspace Cloud into their Ecommerce Strategy:
“When PCI standards were first issued, we realized we needed a hosting provider that was an expert in security. Rackspace is that provider. They know how to configure our infrastructure which helps us in our compliance with PCI standards and are working with third parties to provide the ongoing monitoring to stay compliant. Not only did this make it easier for Modern Retail to get its PCI compliance but it also eliminated much of the work and time it takes to become compliant, which of course saves us money.”
President, Modern Retail
read full case study
“Rackspace provided us with three different firewalls in three days when growth was exploding. It took only hours to stop the bottleneck caused by users flooding to our site because I can call Rackspace and say ‘here’s the problem, here’s what we need, how do we solve this.’ Rackspace’s Fanatical Support is real.”
CTO and Co-Founder, LivingSocial
read full case study
“Key factors in our choice of Cloud Sites were the convenient and cost-effective pay-per-use model, load balancing, and high availability (HA) capabilities. As we migrated our corporate site, sales extranet and career site to The Rackspace Cloud, the ability of the service to support multiple platforms simultaneously was also a significant driver in our decision to move to Cloud Sites. We are able to run both our PHP and .net asp sites in parallel—eliminating the need for multiple web servers.”
Director of Information Technology, Radio Flyer
read full case study
“We love being able to scale both horizontally and vertically. After New Year’s, everyone goes on a diet, so that’s when our traffic peaks. We might get three times the traffic from January to March. With Cloud Servers, we’re able to spin up new web front ends within a matter of minutes, and then take them back down once traffic goes down. We have this elasticity in our farm that is only possible in a virtualized environment.”
Chief Technology Officer, Live Smart and Beyond Diet
read full case study
“Before Cloud—what I think of as ‘BC’—we used to have to figure out ahead of time what hardware we needed to run on and estimate future growth. In the past we looked at our computer technology as capital expenditure, but by utilizing your cloud environment, it just becomes operational cost.”
Co-founder, LoveBook Online
read full case study
5http://www.strangeloopnetworks.com/resources/infographics/web-performance-and-user-expectations/ poster-visualizing-web-performance /
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License