Critical Infrastructure Security, Incident Response, TDR

Tips to protect eCommerce website availability and security during the holidays

With the holiday shopping season quickly approaching, internet retailers are gearing up for an onslaught of web traffic – which is great, as long as they have the right measures in place to keep their customers safe and satisfied. 

Even one hour of downtime due to a website outage or a malicious attack can have significant impact on a retailer's reputation and revenue, especially during the holidays, a time which the National Retail Federation says can add up to 40 percent of an online retailer's annual revenue. With some large e-commerce sites earning millions each day during the holiday season, even a few minutes of downtime can lead to financial losses in the tens of thousands of dollars, not to mention customer frustration.

With the stakes so high, internet retailers need to adopt a 360 degree approach to security during the holiday season, and year-round ideally. Luckily, there are steps they can take to ensure this.

First, prepare for the worst, plan for the best. To ensure website availability and security, online retailers must prepare for the worst through escalation and incident response planning by outlining standard operating procedures for downtime, including establishing and training incident-response teams. They should also monitor their site diligently to determine service health and identify anomalies quickly and accurately, as well as provide failover to back-up IP addresses to ensure the site is always available.

Next, improving your infrastructure is important. Optimize the scalability and performance of your internet infrastructure with demonstrated management of the increased traffic load coming your way during the holiday shopping season. Whether you manage your site internally or through a vendor, a track record of maintaining satisfactory service levels during the rest of the year may not be a reliable indicator that service levels can be maintained during the peak holiday traffic season. If scalability and performance of your infrastructure are not optimized, it could damage your sales revenue and reputation at the worst possible time.

Don't forget about DDoS. With the increase in size and complexity of distributed denial-of-service (DDoS) attacks, companies should consider leveraging upstream service providers to protect both Web servers and DNS. If either goes down, a company could be out of business. A cloud-based approach to both DNS management and DDoS protection provides a cost-effective alternative to maintaining uptime.

Lastly, make sure to implement security best practices by partnering with a security provider for holistic support. Not all ecommerce sites can develop an internal cyber intelligence capability. Security service providers can help to quickly identify and understand the various security incidents and their implications, determine effective mitigation and remediation tactics, and develop a clear plan to enhance security. For the holiday season in particular, online retailers should take advantage of holistic services that are designed to help protect e-commerce sites during the peak online shopping season. Delivered via the cloud, such services combine fully reliable DNS resolution and DDoS attack protection to support critical Web-based systems and reduce the risk of downtime.
Sean Leach

Sean is the Chief Product Architect at Fastly, where he focuses on building and scaling products around large scale, mission critical infrastructure. He was previously VP, Technology for Verisign, where he provided strategic direction along with product and technical architecture and was a primary company spokesperson. Sean was previously CTO of name.com, a top 15 domain registration and web hosting company as well as a Sr. Director at Neustar.
He holds a BS in Computer Science from the University of Delaware. His current research focus is on DNS, DDOS, Web/network performance, Internet infrastructure and combating the massive internet security epidemic.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.