When feasible, outsourcing the storage and handling of credit cards to a trusted, capable, and PCI compliant payment processing provider is the most secure and most budget-friendly course of action. Even when you outsource payment processing (the riskiest piece of running an E-commerce business), you still must ensure your hosting environment can deliver speed and scalability that meets user expectation and includes security measures that protect your shoppers from a damaging hacker encounter.

Here are the tools and services that you should be looking for:

Web Hosting Security Basics – the minimum requirements you need to transact business securely online

Redundant firewall protection — Firewalls help stop cyber attacks before they can penetrate the network perimeter. Having firewalls tuned and working in tandem helps ensure protection for your E-commerce environment.

Web application protection – In addition to traditional firewalls, you’ll need a Web application firewall (we call them WAFs). This technology helps protect E-commerce organizations from application-level attacks like SQL injections and Cross Site Scripting (XSS) attacks. Application-level attacks is where the hacker is attacking the website itself; your contact forms, login boxes, etc. Traditional firewalls are helpless to these kinds of attacks and WAFs are required.

DoS/DDoS mitigation — (Distributed) Denial of Service attacks hit your Web site with a flood of robot-directed, fake visitors that consume all available resources, lockup your server, and take your Web site offline. DoS/DDoS mitigation devices help ward off such events by providing a barrier between your server and the IP flood.

SSL VPN (Secure Sockets Layer virtual private network) – It’s a mouthful, but it’s important to take note. SSL VPNs create a secure connection for remote users that will be administering the Web applications and hosting environment.

Vulnerability Monitoring – Vulnerability monitoring services scan your Web application code around the clock looking for unexpected changes and malicious code that matches known “diseases” in the threat database. When a potential problem is uncovered, you’ll be notified so you can resolve the problem.

Antivirus protection – Antivirus software works much the same way as vulnerability monitoring, however the target for AV scans is different. Rather than reviewing Web application code, Antivirus software reviews files and services stored on the physical server.

Two factor authentication – 2FA requires website administrators to go thru two layers of security before obtaining access to the hosting environment. Two factor authentication helps prevent the most common cause of data theft – password leaks. Two factor is unique because it challenges you with something you know and something you have.

Encrypted backup, service monitoring and response – While these protective measures are available from most Web hosting companies, they’re not ALWAYS included. Make sure you know what you’re getting.

Performance wish list – Cadillac hosting solutions that provide speed and scalability for for SMBs on a Camry budget:

High Availability – The Web is the front door for your E-commerce site. When your Web site is offline, it is like bolting the door shut and surrounding your office building with caution tape. Really, it’s that serious.  This is very discouraging to online shoppers. High availability hosting helps ensure your Web site is NEVER offline, even for necessities like patching, hardware upgrades, and other required maintenance.

CDN (Content Delivery Network) – CDN performs several important functions for online retailers. First, content delivery networks make Web site content available to users around the world. The service also helps ensure multi-media components (product photos, videos, demonstrations) load quickly for every user, regardless of where he/she is located. Finally, CDN provides additional throughput when your Web site receives an unexpected spike in traffic. Oprah, bring it on!

Virtualization – Virtualized servers are quickly scalable, but you need to make sure they are secure. Deploying upgrades, installing patches, and migrating hardware can happen in minutes if not seconds of scheduled downtime rather than the lengthy outages synonymous with traditional dedicated hosting of the past.

Successful E-commerce companies will require all of these performance features at some point. Migrating your Web application is always a risky and time-consuming proposition. While you’re small and agile you should align with vendors that can:

1) Provide security and protection for E-commerce retailers on a budget

2) Provide content acceleration for E-commerce startups with rich multi-media components and/or global distribution, and

3) Provide scalable server resources on demand with built-in business continuity planning

For E-commerce startups, developing a reliable Web application and backing it with a hosting environment to ensure maximum uptime, infinite scalability, and protection from hackers can feel the like the most daunting task. Considering your long-term needs from the start can save you a world of pain, time, and money later when everything comes together, and your online business soars.

A version of this article appeared in eCommerce Times on March 19, 2010.

These new strict data loss prevention measures include file encryption, digital rights management, storage policies, data classification, and new staff security procedures. For the interesting specifics, click here.

Although your company may not deal in national secrets, your company should consider similar measures to prevent data loss, which can prevent the loss of confidential information, trade secrets, and vital business and customer records.

Protecting your business online means you have consciously taken a look at the cost risk and business risk of having all your data compromised. Can you afford to have your lead-generating website down for a period of time? Is there a competitor that would benefit from knowing your company’s intellectual property? Can you afford to have your clients’ entrusted data hacked and made public, or worse exploited?

With growing eCommerce and so many companies using Content Management Solutions and Customer Relationship Management solutions, protecting your company in its industry requires industry-leading security measures. Some advanced security measures are not found with over 90% of hosting providers including advanced web application firewalls, dynamic intrusion detection, and sophisticated traffic analysis software. Proper security hardware, software, dedicated personnel and proactive protection prevents malicious hackers from stealing information from you and your clients.

Another part of protecting your business online is reviewing your business continuity plan. What happens when a fire occurs in your building destroying your local computers or servers, or a natural disaster or a virus takes out a vital source of information? You can protect your records, files, and databases using FireVault, which encrypts and backs up your data from any number of computers and servers to a secure, cloud sever in the U.S. or UK.

Be leary of hosting companies that provide only hacker reports as their measure of protection. Your business cannot afford to wait until after a breach occurs to be told there’s a problem. The damage is done. Real secure hosting protects you proactively, mitigating and eliminating attacks starting at the HTTP level against your data before they get to your servers. The consequences of inaction could be insurmountable for businesses of any size. Online threats require businesses of all sizes to ensure they have secure web hosting.