As retail enters its next generation, one dominated by omnichannel storefronts, the process to keep your e-commerce system up and running, not to mention updated and optimized, is even more critical than keeping the store open. As retailers hone their online business and it becomes a larger share of revenue, they are frequently turning to the cloud as a tool for creating a more scalable and secure e-commerce system. Yet as the clouds steadily roll in, often key considerations are missed that may lead to some stormy days as the business grows.
Having worked with successful retailers for well over a decade, we’ve distilled some of the most commonly overlooked – but also very essential – components of a well-planned cloud for e-commerce:
High availability and high performance are table stakes for any e-commerce site that wants to survive in a wildly competitive market. With the multitude of services out there, it’s amazing how uptime continues to be an issue for some retailers, and many have accepted that their site will crash under certain circumstances. If you aren’t getting 99.9% uptime from your cloud on a regular basis, it is time to find another vendor that can offer your better resiliency. There should be no excuses for frequent site outages or poor performance, even when Mother Nature throws a curve ball like Hurricane Sandy (which we survived without an outage) or the rainstorms currently drenching Texas and the Midwest.
In a similar vein, business continuity (BC) and disaster recovery (DR) are features nearly every cloud e-commerce system has built in today. But did you know that there different levels of BC and DR that impact your time to recovery and recovered data quality in the case of an incident? There are two terms you need to know: recovery time objective (RTO) describes your target in terms of how quickly you can restore your business after an incident. It can be influenced by factors such as the location of your datacenters and their availability. Recovery point objective (RPO) describes the maximum targeted period in which data might be lost from an IT service. It is influenced by how often you are backing up your data and how long that data is stored.
Would your site be impacted by natural disaster, or do you have measures in effect that would protect your business? How long would it take you to recover, and how much data would you potentially lose? It is important to understand the extent that your cloud provider will go to in order to keep your e-commerce site going in the event of a disaster, and exactly what stakes are on the table.
What would you do if your company was featured on Good Morning America and endorsed by Oprah? Could your site handle the onrush of traffic during and after the segment? One retailer we worked with has landed in this happy but stressful situation three separate times. Needless to say, their site traffic went from steady, to extremely heavy, and back again on each occasion.
While it isn’t every day that your company will be featured on a national morning news show, varying site loads are something that every retailer will experience. How would you handle a 10x, or 20x increase in business in one day? Retailers need to be prepared to handle changes in traffic volume from something as predictable as a special event or seasonal shopping rush, or as unpredictable as a surprise product endorsement from a celebrity. However, you also want to balance your spending on infrastructure to avoid overpaying for resources you don’t use.
Leading-edge managed cloud providers today have the ability to help their customers create an environment that expands and shrinks the resources that support a site based on traffic volume. If your cloud is experiencing heavy loads, you can “burst” out to use additional resources on a temporary basis and only pay for the incremental resources for as long as you need them. Burstability gives you the flexibility to scale up when you have that surprise endorsement and back down when business returns to normal. It’s also key to balancing cost vs. customer satisfaction.
Security and Compliance
Target, Home Depot, Neiman Marcus – there are countless examples of high-profile breaches in recent memory that keep retailers on edge when it comes to security. Security, backup and disaster recovery are among the first things retailers ask us about in the consultative design phase for their infrastructure. It’s also common knowledge among retailers that you need to have certain security measures and procedures in place in order to be compliant with regulations such as PCI 3.0.
Security and compliance are often lumped together, but they shouldn’t be. There is a crucial distinction between the two – being secure doesn’t mean you are compliant and being compliant doesn’t necessarily mean you are secure.
When working with a cloud vendor, be sure to discuss the intersection between security and compliance, but also pay attention to the spaces where they don’t overlap. Although your e-commerce system may be up to current compliance standards, there are additional security measures you should take that go beyond the regulations. And by the same token, you may have outstanding security measures in place, but you may be missing other aspects of your compliance requirements. Know the difference, and adjust accordingly. Better yet, pick a managed cloud vendor who can help you navigate through the challenges of getting and staying safe and compliant, and that you can trust to stand with you when it comes time for an audit.
David Fowler is Vice President at INetU