You are on page 1of 12

Optimizing Your E-Commerce

Site for Top Performance


Introduction
F
or nearly three hours on a Tuesday in June, 2010, Amazon.com was down.
Its pages were empty and its search functions and shopping cart didnt
woik. Within minutes, thousanus of tweets about the pioblem began flying.
For a site that averages some $51,400 in sales and revenue every minute, the
downtime could have cost Amazon $9.2 million dollars, according to the web
site Technologizer.
1 E-commerce and retail
A "glitch" cost zappos $1.6 million in
less than 8 hours.
2011 Bleum 2
Zappos knows how Amazon feels.
Between midnight and dawn one day
in May 2010, a glitch on its sister
website 6pm.com somehow capped
prices for most Zappos products at
$49.95. Zappos lost $1.6 million during
that overnight stretch. Its losses would
have been much higher if the problem
had occurred during the day.
Traditional retailers havent escaped
costly and embarrassing online
problems either. For much of Black
Friday 2010 and sporadically for the
rest of the week, including Cyber
Monday, J.C. Penney experienced
response times of up to 90 seconds.
According to monitoring done by web
performance management software
fiim AleitSite, the long iesponse times
caused the home page, search, add to
cart and proceed to checkout
functions to repeatedly time out and
not complete sales.
0nlike }.C. Penney, Williams-Sonoma's
e-commerce site did exceptionally
well during the 2010 peak holiday
season. Its near-impeccable
availability stood at 99.98%, with an
average response time of 11.58
seconds, according to Alertsite.
Because of this, Alertsite ranked
Williams-Sonoma as the
retailer providing the best overall
experience to shoppers in 2010. Not
suipiisingly, Williams-Sonoma's web
sales rose 26% to $1.2 billion in 2010,
a particularly important gain since its
retail sales grew less than 10% over
the same period, ending at $2 billion.
Sales aie not the only factoi
influencing the peifoimance of
e-commerce sites; security is also
critical. Ask any banking institution
that fell victim to the recent string of
cyber attacks and they will tell you
how impoitant, anu uifficult, a piopei
security regime is. Citigroups May
2011 attack had hackers accessing
the data of 1%, or an estimated
210,000, Citigroup customers
according to the International
Business Times. Whether or not
fraudulent charges on these accounts
have been made is still in question.
As these high-piofile cases illustiate,
getting e-commerce right is tough for
even the savviest of companies.
However, it is essential as the
Internet is increasingly having an
outsized impact on company
reputation, growth and market share.
The key is a rock-solid foundation
incorporating security, reliability and
operational excellence. As a growing
list of e-commerce sites have
discovered, however, what was
sufficient foi secuiity, ieliability anu
performance even last year has
become inadequate for succeeding in
the online marketplace of today
and certainly, of tomorrow.
Companies need to strengthen their
e-commerce platform now or risk
putting their organizations at a
strategic disadvantage especially in
lost sales, customer defections, bad
publicity or even lawsuits.
Identifying and adopting processes to
ensure best practices in security,
reliability and performance will
separate the top performing
e-commerce sites from those that
merely survive.
The Price of Online Success
Building Block: Security
"Web infuenced" retail sales-
2010: 46% of U.S. total retail
2014: 53% of U.S. total retail
Forrester
3 E-commerce and retail
Ironically, many e-commerce sites are suffering from
their success. Originally built over the last decade,
many online stores have enjoyed an explosion in sales
anu now account foi 7% of total 0.S. ietail sales,
according to Forrester Research.
But that modest share of total sales does not begin to
convey the full importance of an organizations online
piesence. The fact is, websites have become the fiist
stop for consumers to compare brands, prices,
features, reviews and all manner of information for
anything from hotel rooms and airline tickets, to
computers, shoes, tractors and refrigerators. This
holds true even if a consumer ultimately buys a
product through other channels.
Forrester Research estimates that more than $1
tiillion in ietail sales in 2u1u weie "web-influenceu."
It also estimates that online anu web-influenceu
offline sales togethei accounteu foi 46% of total 0.S.
retail sales last year and will grow to 53% of the total,
or $1.65 trillion, by 2014.
With online business booming, companies are
layering their websites with new patches, protections
Secuiity issues aie evolving iapiuly. Backeis aie
relentless and becoming increasingly sophisticated,
as Sony uiscoveieu to theii ueep embaiiassment in
Nay 2u11. In fact, a iecent Symantec iepoit noteu that
cyber attacks increased 93% from 2009 to 2010. The
total cost to 0.S. companies last yeai was $S7 billion,
according to Javelin Research. Companies face
additional security challenges from within, not the
least of which are disgruntled or criminal employees
and ex-employees. For most companies, however,
their greatest vulnerability is due to a dual failure: a
selective rather than comprehensive approach to
incorporating security measures; and a lack of
consistency in applying security measures.
anu capabilities. Some unueilying technologies,
though, are reaching their limits. The need to address
the emerging impact of mobile technologies is adding
more complexity to the issue, at a time when many
sites are already stretched thin. Mobile devices are
cleaily changing online anu offline buying patteins
and behavior as well as the interplay between the
two. The impact and reach that mobile will have,
though, is still unfolding.
An e-commerce sites foundational elements can get
lost or shortchanged in the rush to build capabilities
to capture buyers using mobile devices, or to add the
latest in business analytics for a better understanding
of buying behavior. While the other initiatives clearly
are important, they will ultimately fail if the
e-commerce site lacks a solid and secure base built
with a secure and reliable architecture.
To move into the top tier of online stores, e-commerce
sites need to focus on improving the foundations of
security, performance and reliability. The right
builuing blocks will cieate an efficient anu stiong
platfoim with the necessaiy flexibility to keep up with
customer demands and evolving business needs.
2011 Bleum 4
Overall, a companys defense needs to be
two-piongeu. The fiist aiea is to piotect the site
against malicious cyber attacks intent on disrupting
the site oi siphoning off confiuential infoimation like
credit card numbers. The second area is to protect
piivate anu confiuential infoimation in case of a
breach, employee tampering or other malicious forays
insiue the fiiewall. Companies, then, neeu to auopt
certain measures to keep hackers out and take other
steps to protect a sites sensitive data should hackers
oi otheis get insiue the fiiewall anu othei secuiity
barriers.
For both types of security threats, companies must
establish a disciplined, consistent program for
integrating security at all levels and keeping it
For example, a May 2011 cyber attack against Honda
Canada resulted in the theft of 283,000 car-owners
personal information from the e-commerce sites
myHonda and myAcura. According to Michael Lewis of
thespec.com, Honda thought the records contained in
the database were destroyed by an outside vendor in
charge of the project. When interviewed, Hondas
Chief Compliance 0fficei iesponueu that
apparently, they were not. This is just one example
of how pieces slipping through the proverbial cracks
can have disastrous implications.
The reasons for the failure to adopt and follow
impoitant best piactices aie vaiieu. Some sites use
code from the early days of e-commerce, a time when
attacks were less sophisticated and sites less complex.
Often, programmers are used to building systems for
internal use and are not skilled at writing code with
security vulnerabilities in mind. They are also lax in
searching for security issues during software testing.
Too often, security features are added after the fact
rather than being built into the software and
hardware of an e-commerce site. Companies face the
added complication of maintaining security when they
integrate with partners, such as payment or e-mail
marketing providers.
Piopei netwoik aichitectuie with fiiewall
protection;
Constant and timely virus protection;
Couing guiuelines to pievent SQL injection anu
visible IRL data;
veiiSign piotection anu tempoiaiy cieuit caiu
numbers through using PayPal;
Protection against simulated transactions that
cause spikes in usage;
0tilization of 0pen Web Application Secuiity
Pioject (0WASP) open-souice uocuments;
PCI compliance as another layer of protection
within a broader security protocol, not a
singular method of defense.
updated as code and hardware changes. World-class
e-commerce companies begin with application
development and maintenance. They create formal
processes, rather than relying on individual
programmers or testers, to embed security when
writing and testing applications. In addition, they
conduct regular security testing, at least once a
quarter, to try to break the code or infrastructure.
Noie specifically, authentication is the fiist line of
defense in protecting the sites infrastructure and
network against outside attacks, while encryption is
vital for protecting sensitive data within the site.
Like authentication and encryption, most security
best practices are well known and proven. Yet too
many companies pick and choose rather than
incorporate all of them. To lower risk and safeguard
their sites, companies need to take a comprehensive
and evolutionary approach to security that involves
these multiple layers of protection. Additional
security practices should include:
Building block: Reliability and
Scalability
5 E-commerce and retail
Theres no question that customer expectations about
reliability are exceedingly high. They want sites to be
up, running and fast. The goal for uptime really needs
to be thiee 9s (99.9 %) foui 9s (99.99%) oi five 9s
(99.999%).
Yet, as features proliferate and site volume swings
wildly based on time of day, day of the week and the
time of the year, e-commerce sites face a complex
challenge in being able to scale and achieve an
appropriate level of reliability while also keeping costs
effective. Few companies can afford to simply throw
money at this issue. Installing dozens upon dozens of
servers to handle the rare surge in volume, for
example, may ensure uptime but at quite a prohibitive
cost.
While uptime is a major gauge of reliability, it is not the
only one. In fact, e-commerce sites must address the
root cause of reliability issues, which come in two
types: 1) technical, causeu by a malfunction oi bug in
coue oi infiastiuctuie; oi 2) opeiational, incluuing
when the system falters or crashes because a site
exceeds its capacity.
To cieate a cost-efficient anu effective appioach foi
addressing both types of reliability issues, companies
need to combine superior software development with
capacity planning and infrastructure management,
incluuing configuiation management. Reliability
begins with the robustness of the site software itself.
Best practices in application design and development,
such as adhering to CMMi Level 5 standards, can
maximize performance by minimizing defects and
inefficient coue that cause site malfunctions, slow
response time and require more processing power.
This is, howevei, only a goou fiist step.
Beyond solid design and development, companies
need to develop an expertise in capacity planning and
management. With capacity planning, a company
routinely monitors and balances its network and
infrastructure to anticipate load changes, especially
as it alters its system and accommodates changes in
usage. New tools allow mathematical models to be
built to simulate the applications and infrastructure
so that volume can be tested and likely bottlenecks
found even before completing the software or
deploying the infrastructure.
Determining the right balance for a companys
infrastructure load is a complicated undertaking.
Fiistly, the uemanu fluctuations thiough the web aie
more unpredictable than from internal systems used
by a finite numbei of employees. Auuitionally,
third-party integrated components and systems add
complexity and uncertainty.
Since an e-commeice system is only as stiong as its
weakest links, a capacity management program
targets those possible single points of failure. It
iuentifies possible pioblem spots anu auuiesses
them through such steps as:
Once the solutions are in place, leading e-commerce
companies can then routinely do stress testing,
especially after making changes to the sites
hardware or software.
Building in redundancy such as clustering
seiveis oi auuing a seconu fiiewall oi
network;
Tuning applications, databases and networks;
Using tools to test load to prepare for new
applications and hardware;
Segiegating functionality so most of the site
remains operational even if a capability or part
of the site goes down.
Building block: Performance
The ultimate goal of any e-commerce site is to move
the consumer to a sale, with the minimum number of
clicks to conversion. For the customer, its all about
making the site intuitive to use and relevant. If a site
puts too many obstacles in the way to a sale too
many pages, iegistiations, haiu-to-finu shopping caits
or inaccurate search results the customer is just one
click away from switching to a competitors site. Poor
or even mediocre performance costs more, in more
ways than one. Not only does it drive away frustrated
customers due to longer wait times, but it also requires
more support hardware, more processing power and
related hard-dollar outlays.
uoou peifoimance uepenus on smait, efficient uesign
and development, coupled with processes to ensure
the site is monitored and adjusted to maintain
operational excellence. For applications, CMMI Level 5
development processes help ensure everything from
the business requirements to the quality are exactly
what a company neeus, the fiist time. This
best-practice software development approach also
enables on-time delivery and provides a proven path
to better performance when upgrading existing subpar
software. CMMI is, however, not a magic pill. It should
be one part of a comprehensive plan to create a
high-performing site, along with several other
components.
The fiist is a seivice-oiienteu aichitectuie (S0A),
which offers an opportunity for major performance
improvement, whether in unifying an e-commerce site
that has been built over time using different software
oi foi staiting a new site fiom sciatch. S0A integiates
disparate system components and applications while
providing a modular design that enables functionality
to be compartmentalized and easy to identify. It is
geneially easiei to maintain, as well. Bone iight, S0A:
2011 Bleum 6
Configuiation management helps ensuie the
redundant systems are ready and able to step in if
theie is a pioblem. An active configuiation
management program helps build consistency
between the primary systems and the backups by
keeping a database of how every server and system is
configuieu, then upuating the backup systems to
parallel changes in the main system. In addition,
configuiation management builus in iegulai tests of
the backup servers and systems to keep them ready
to take over as seamlessly as possible when a main
system goes uown. Configuiation management also
helps to ensure the test system matches production,
critical for proper testing.
7 E-commerce and retail
the consumer typically does (with an aim to making
stanuaiu paths veiy fast) anu wheie anu (peihaps)
why abandons typically occur. This insight is used in
building better online applications and functionality.
As discussed in relation to reliability, load
monitoring and balance testing is also critical for
peak performance. Load monitoring is essential to
anticipate majoi shifts in tiaffic, which coulu slow oi
stop performance. Like UX, performance and stress
testing is key to maintaining operational excellence,
especially foi high-volume sites. Stiess testing
involves placing dummy transactions or simulating
user activities on a mini-production environment
created to mimic the software and hardware
settings of the live site. Stiess testing tools can help
keep the simulated and live environments in sync
and minimize the hardware and software necessary
to replicate the actual site.
Stiess testing shoulu be caiiieu out whenevei an
organization introduces a software or hardware
change of any significance.
For example, Black Friday and Cyber Monday in the
0niteu States typically see a laige inciease in ietail
sales. In 2010, Ebay and PayPal both saw extreme
increases in their mobile site usage, with Ebay
doubling its mobile sales and PayPal seeing a 310%
increase from 2009, according to Techcrunch. Sites
must prepare for these inundations prior to
occurrence, or else risk slow performance or
crashing.
Noving to an S0A-baseu aichitectuie is a significant
effort and is often completed in stages. As a starting
point, companies should determine their weakest
applications, capabilities or parts. They can pinpoint
these weak spots by looking at the sites problem
history, where the company is spending too much
time and money, where there is weak documentation
and by the age of technologies. Once these areas are
iuentifieu, they can be fuithei assesseu thiough the
use of such techniques as cyclomatic complexity,
which encourages continuous program improvement,
anu best-piactice coue analysis oi coue piofiling to
understand program behavior under various stress
scenarios.
Banu-in-hanu with efficiency is uesigning foi usei
friendliness. To that end, companies need to dedicate
a gioup to focus on usei expeiience (0X.) This gioup
monitors online customer behavior and analyzes such
issues as how long the consumer must wait, what
Enhances the IT organizations ability to analyze
and respond to performance issues;
Enables module reuse creating software
capabilities, such as a payment module, that can be
reused in other applications (e.g., on the company
website anu in call centeis foi ieps) helping to
uiive efficiency, ieliability, anu ieuuceu costs;
Minimizes database searches and response times
because it stages likely data to be used;
Offers potential to perform asynchronous data
lookups or other processing in parallel to prime
navigation paths to speed likely further steps.
Focus on the Key Building Blocks
While a strong e-commerce platform is of clear strategic importance, CIOs and their e-commerce teams
often struggle to balance a deluge of IT demands and crises against a backdrop of budget and time
constraints. Understanding and focusing on the key pivot points for achieving top-notch security,
reliability and performance, though, can spell the difference between online success and mediocrity.
For security, a holistic approach to best practices, backed by processes that enforce consistency, is critical.
Reliability depends on software quality combined with expertise in infrastructure and capacity planning
anu management. Softwaie uesign anu uevelopment that ueliveis efficiency anu ease of use, along with
regular performance and stress testing, can help ensure operational excellence.
Companies that invest in the people, partners, processes and capabilities for achieving excellence in those
areas will go a long way to ensuring they create an e-commerce platform that will help deliver exceptional
online results.
2011 Bleum 8
Building and keeping an e-commerce site at peak performance requires a wide
and deep IT skill set, from application and middleware design and development
and UX to infrastructure and network capacity planning and management.
Moreover, it requires building and implementing processes to ensure security,
reliability and operational excellence are consistent priorities.
Given all of the demands on IT departments, it is no wonder that few companies
have the necessary experience, capabilities and discipline to excel at all of these
aieas. So, many companies team up with outsouicing expeits with stiong
e-commerce capabilities and experience, like Bleum. Bleum offers a rare
combination of expertise and client success in all key e-commerce areas.
Partnering for E-commerce Strength
9 E-commerce and retail
Experience. Bleums executive team, as well as its programmers and
testers, bring a proven track record of building and optimizing e-commerce
sites, including expedia.com and one of the worlds largest online stores. For
a top 5 global retailer, Bleum serves as half of the development team for the
online stoie anu iuns the netwoik opeiations centei (N0C). The ietailei has
expanded Bleums responsibilities to include building a new Chinese
e-commerce site.
Results. Since biinging on Bleum, one majoi ietailei's e-commeice site has
handled the highest shopping volume in its history without a single outage.
Bleum produces hundreds of new features every month, helping drive an
online sales growth of 22% in 2010.
Capability. Bleum provides a full range of e-commerce technology services
from infrastructure assessment, platform recommendation, site design and
implementation anu mobile stiategy uefinition anu implementation. Bleum
also provides end-to-end NOC solutions for mission-critical operations,
from NOC strategy consulting and process setup through full ownership of
NOCs.
2011 Bleum 10
ATG Expertise. Bleum has the biggest ATG resource pool in China and can
build an e-commerce infrastructure from scratch, including store site, backend
oiueiing anu fulfillment, supply chain, customei seivice, business intelligence
and integration with existing retail IT systems. Bleums ATG team includes
piofessionals fluent in English, Chinese anu }apanese.
Talent. Hiring some of the best and brightest Chinese engineers, Bleum builds
dedicated teams for its clients and makes acquiring domain knowledge a
priority for the team, reducing the learning curve and proving client value
faster. All Bleum employees speak English and the company further develops
theii fluency thiough extensive language tiaining as well as couises in
Western culture and technical skills.
Quality. An industry leader in software development, reappraised in 2010 as
CMMi Level 5 companywide, Bleum delivers more than one-third of all
projects at production with zero major or moderate defects. Overall, we
average 1 defect per 10,000 lines of code versus the market average of 7
defects per 1,000 lines of code.
Discipline. Using proprietary project management and quality systems,
Bleum applies highly mature and effective processes to everything from
design, development and testing of the NOC. The systems also allow clients to
track progress in real-time based on key metrics from productivity per
engineer per hour to schedule variance.
Security. Ceitifieu ISu 27uu1, Bleum auheies to the highest secuiity piactices
foi uata piotection. Bleum also piomotes the 0pen Web Application Secuiity
Pioject (0WASP), a non-piofit oiganization focuseu on impioving secuiity foi
applications through the creation of freely-available articles, methodologies,
tools and technologies. Bleums security processes limit employee access,
require legal agreements with employees and build in multiple layers of
physical security. Bleum also regularly conducts security tests, holding
bi-monthly examinations for all staff members.
WO R L DWI D E HE A B Q 0 A R T E R S
Cloud-9 Mansion 8F
1118 West Yanan Road
Shanghai, 2uuuS2
+86 (21) 6282 1122
sales@bleum.com
www. b l e u m. c o m
Copyright 2011 All rights reserved.

You might also like