How to Secure Your E-Commerce Web Site for Online Holiday Shopping

Cyber Monday is just around the corner to officially kick off the 2008 online holiday shopping season. Retail organizations' e-commerce Web sites need to be prepared to handle the surge in online holiday shopping traffic. To help ensure their e-commerce Web site is ready, Knowledge Center contributor Mark Sarbiewski offers IT professionals an e-commerce Web site readiness checklist.


Last year, Cyber Monday attracted 72 million shoppers, who spent a grand total of $733 million in one day. With consumers looking for the best possible bargains, some experts are predicting even more online shoppers this year.

While the holidays may bring the online shoppers, poor e-commerce Web site performance or security vulnerabilities can generate significant losses to a business, including loss in sales, shopper dissatisfaction and site abandonment. And in today's economy, businesses cannot afford to lose a single sale.

Will your e-commerce Web site be able to handle the sudden increase in traffic as the holidays approach? To find out, IT professionals should check this e-commerce Web site readiness checklist before going live:

Task No. 1: Analyze traffic patterns and proactively prepare for growth

Analyzing last year's online holiday traffic patterns will help identify peak dates and times in advance. Does your e-commerce Web site peak on weekdays, weekends or holidays? Will it change over time? How large was last year's holiday peak? What growth rate do you anticipate? Plan your site's capacity so that it can scale to the predicted volumes with a reasonable buffer.

Task No. 2: Validate functionality

Can your e-commerce Web site's visitors easily order products and check shipping status? Can they find out about specials and promotions? Are there places where visitors are getting stuck and abandoning your site? Make sure everything functions as planned with quality management software and, if necessary, improve the usability to increase the likelihood of obtaining customer orders.

Task No. 3: Thoroughly test ERP and CRM

For your ERP (enterprise resource planning) and CRM (customer relationship management) systems, test all the pieces individually. Validate that all Internet gateways, servers and e-mail servers are working properly and at their peak performance. If the front end is bringing in the business, can your back end execute it? Just as important, however, is to do robust end-to-end testing of the business processes that these systems are meant to support.

Task No. 4: Validate the security of your connections, passwords and input

Is your e-commerce Web site secure? Make sure your site is safe by testing for security vulnerabilities with application security software. Be sure to encrypt credit card numbers and other private customer information. It's also important to make sure customers can log in easily. Check this by testing the log-in scripts and making sure that customers can easily obtain their passwords if they have forgotten them or if they change them periodically to ensure security. And finally, validate all user input to prevent against the most common hacker attacks such as cross-site scripting (XSS) and SQL injection.

Task No. 5: Test from both inside and outside the firewall

Check the functionality of your system from both inside and outside your firewall to ensure that it is working correctly. Testing inside the firewall can reveal many performance issues, but only by testing outside the firewall can organizations be assured that all performance bottlenecks have been eliminated from their Web-based applications.

Task No. 6: Validate partner performance

Can your partners match your speed or will they stall your business? These connections are often overlooked because they work today and worked yesterday. But do not forget that a new front end or different business mix can make yesterday irrelevant.

Task No. 7: Validate capacity

How many visitors can your e-commerce Web site currently accommodate? Will it be able to handle the holiday rush? Find out with load testing software. Determine the expected increase in user loads. What hardware or software modifications can you make to increase your site's capacity? Perform diagnostics to help tune your configuration-that alone could double performance and capacity.

Task No. 8: Monitor all business processes from the user perspective

You are probably already monitoring your entire infrastructure (boxes, routers, CPU utilization, memory, disk space and I/O rate), but you should tie it all together by monitoring from the user perspective with end-user monitoring software. Focus on the transaction speed, throughput and how real users traverse your site.

Task No. 9: Monitor the site's traffic 24/7

Observe your e-commerce Web site's activity as it happens because learning of problems immediately gives you the opportunity to react quickly. Real-time monitoring software will alert you when upcoming problems are approaching a level that will start to affect your customers. Always remember that it's better to be notified when an issue is about to occur than after things have already blown up.

Task No. 10: Anticipate problems and fix them on the fly

There is one thing you can always count on with your e-commerce Web site: Problems will happen. Be prepared for them and make sure you are able to fix them as they happen. Use monitoring software to create an early warning system and make sure everyone follows the right processes if problems arise. You need to have the ability to correct performance problems live without having to shut down your site.

Sit back and relax

Now that you have tested and tuned every single aspect and component of your system, and have established robust monitor and alerting capabilities, you can rest assured that you have done everything you can to ensure the proper functioning of your e-commerce Web site. Enjoy the online holiday shopping season! /images/stories/heads/knowledge_center/sarbiewski_mark70x70.jpg

Mark Sarbiewski is senior director of products for HP Software. Mark joined Mercury Interactive (now HP Software) in 2003. Mark is responsible for the design and implementation of all product marketing and go-to-market activities for the Applications area within the BTO portfolio. Prior to joining Mercury and HP Software, Mark was VP of marketing for InterTrust Technologies. Before InterTrust, Mark was a principal consultant for five years with Pittiglio, Rabin, Todd & McGrath, the leading management consultant firm for technology companies. While there, he worked on more than a dozen major consulting engagements, ranging from strategy development to process re-engineering.

Before his stint as a consultant, Mark spent four years with IBM, where he was an application software engineer. Mark received his B.S. in computer science and mathematics from the University of California, Davis, and earned his MBA from the University of Virginia's Darden Graduate Schoolof Business in 1993. He can be reached at [email protected].