All new E-commerce businesses should address one vital question first and foremost: Will you collect and store payment card information on your Web site or offload credit card processing to a PCI Compliant merchant like Paypal? The answer to this question is paramount and should be well thought out when you are planning and developing your E-commerce Web application.
When feasible, outsourcing the storage and handling of credit cards to a trusted, capable, and PCI compliant payment processing provider is the most secure and most budget-friendly course of action. Even when you outsource payment processing (the riskiest piece of running an E-commerce business), you still must ensure your hosting environment can deliver speed and scalability that meets user expectation and includes security measures that protect your shoppers from a damaging hacker encounter.
Here are the tools and services that you should be looking for:
Web Hosting Security Basics – the minimum requirements you need to transact business securely online
Redundant firewall protection — Firewalls help stop cyber attacks before they can penetrate the network perimeter. Having firewalls tuned and working in tandem helps ensure protection for your E-commerce environment.
Web application protection – In addition to traditional firewalls, you’ll need a Web application firewall (we call them WAFs). This technology helps protect E-commerce organizations from application-level attacks like SQL injections and Cross Site Scripting (XSS) attacks. Application-level attacks is where the hacker is attacking the website itself; your contact forms, login boxes, etc. Traditional firewalls are helpless to these kinds of attacks and WAFs are required.
DoS/DDoS mitigation — (Distributed) Denial of Service attacks hit your Web site with a flood of robot-directed, fake visitors that consume all available resources, lockup your server, and take your Web site offline. DoS/DDoS mitigation devices help ward off such events by providing a barrier between your server and the IP flood.
SSL VPN (Secure Sockets Layer virtual private network) – It’s a mouthful, but it’s important to take note. SSL VPNs create a secure connection for remote users that will be administering the Web applications and hosting environment.
Vulnerability Monitoring – Vulnerability monitoring services scan your Web application code around the clock looking for unexpected changes and malicious code that matches known “diseases” in the threat database. When a potential problem is uncovered, you’ll be notified so you can resolve the problem.
Antivirus protection – Antivirus software works much the same way as vulnerability monitoring, however the target for AV scans is different. Rather than reviewing Web application code, Antivirus software reviews files and services stored on the physical server.
Two factor authentication – 2FA requires website administrators to go thru two layers of security before obtaining access to the hosting environment. Two factor authentication helps prevent the most common cause of data theft – password leaks. Two factor is unique because it challenges you with something you know and something you have.
Encrypted backup, service monitoring and response – While these protective measures are available from most Web hosting companies, they’re not ALWAYS included. Make sure you know what you’re getting.
Performance wish list – Cadillac hosting solutions that provide speed and scalability for for SMBs on a Camry budget:
High Availability – The Web is the front door for your E-commerce site. When your Web site is offline, it is like bolting the door shut and surrounding your office building with caution tape. Really, it’s that serious. This is very discouraging to online shoppers. High availability hosting helps ensure your Web site is NEVER offline, even for necessities like patching, hardware upgrades, and other required maintenance.
CDN (Content Delivery Network) – CDN performs several important functions for online retailers. First, content delivery networks make Web site content available to users around the world. The service also helps ensure multi-media components (product photos, videos, demonstrations) load quickly for every user, regardless of where he/she is located. Finally, CDN provides additional throughput when your Web site receives an unexpected spike in traffic. Oprah, bring it on!
Virtualization – Virtualized servers are quickly scalable, but you need to make sure they are secure. Deploying upgrades, installing patches, and migrating hardware can happen in minutes if not seconds of scheduled downtime rather than the lengthy outages synonymous with traditional dedicated hosting of the past.
Successful E-commerce companies will require all of these performance features at some point. Migrating your Web application is always a risky and time-consuming proposition. While you’re small and agile you should align with vendors that can:
1) Provide security and protection for E-commerce retailers on a budget
2) Provide content acceleration for E-commerce startups with rich multi-media components and/or global distribution, and
3) Provide scalable server resources on demand with built-in business continuity planning
For E-commerce startups, developing a reliable Web application and backing it with a hosting environment to ensure maximum uptime, infinite scalability, and protection from hackers can feel the like the most daunting task. Considering your long-term needs from the start can save you a world of pain, time, and money later when everything comes together, and your online business soars.
A version of this article appeared in eCommerce Times on March 19, 2010.
This entry was posted on Friday, March 19th, 2010 at 8:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
