Avoiding IT Outages During the Holiday Season

ErrorThe holiday shopping season is practically upon us, and online retailers don’t want to endure any IT downtime between Thanksgiving and Christmas when many ring up a third of their annual receipts.

That’s a lot of green. Online shopping carts should register nearly $100 billion this holiday season in online sales – up 12% from a year ago, estimates Shop.org.

What can online retailers do to avoid outages and other disruptions? It’s an important issue because an estimated one-in-five retailers suffered outages last year. The damage? Forty-five% estimated they could lose $500,000 to $5 million in one day due to a website crash.

Gartner consultants predict a 10% growth in the financial impact that cybercrime will have on online businesses through 2016. They see distributed denial-of-service (DDoS) attackers taking advantage of new software vulnerabilities to begin an assault with multiple sources and often multiple targets. These can be introduced via employee-owned devices used in the workplace and even via the Cloud.

Actions to Take Now

While it’s probably too late to take major actions this holiday season, retailers can still take some steps to minimize such disruptions. However, to really combat the outage and downtime challenges, retailers should begin taking more effective steps after the New Year starts to get ready for the 2014 holiday rush.

Three-of-four online retailers (77%) strengthened their online IT defenses this year to reduce downtime from last year. Downtime certainly occurs. Considering the common 99.5% system uptime, this leaves 43 hours – roughly one-and-a-half days – of downtime yearly. 

A key focus area should be ensuring your site can handle rapid and unexpected increases in demand. That demand can take two forms: desired demand, which should be scaled up Cyber Monday and undesired demand, which should be mitigated, like a cyberattack.

Here’s what online retailers still can do before the approaching Big Season.

  • Determine whether you can handle the increased traffic from desired demand expected during the holiday season, especially on Cyber Monday, when online sales soar. You might still be able to turn to cloud-based services to add capacity and prevent a site crash. But if you don’t have a cloud provider, it’s probably too late to make those arrangements and transfer your data to the provider’s site.
  • Determine if you have adequate mitigation capabilities for DDoS attacks from hackers. The last quarter of the year, primarily holiday season, is when DDoS attacks increase in size and intensity. In the 2012 fourth quarter, one DDoS protection service mitigated attacks that reached more than 50 gigabits per second directed against ecommerce clients; the average attack duration was 32.2 hours.
  • Find out how various types of DDoS threats can impact different elements of your network and determine mitigation actions that can protect them, including employing a DDoS mitigation service.
  • Keep tabs on blogs and social media sites because hackers enjoy bragging about their activities and sometimes disclose their next industry target.
  • Make sure your payment data being collected remains secure because attackers often are going after customer credit card data.
  • For retailers about to begin or who have begun what’s called the “network freeze,” in which no changes of any type can be made to their network and system components or apps operations until mid-January to avoid triggering downtime, if any severe vulnerability that has the potential to cause downtime is found, an emergency change window should be requested to remediate the problem – even during the “freeze.” This “freeze” practice actually is a Payment Card Industry (PCI) regulation. But only 21%bof businesses that store credit and debit card data comply with that regulation in between their mandatory annual audits, a Verizon study finds.

What to Do for Next Holiday Season

When the holiday and post-holiday sales rush slows, begin thinking about the 2014 holiday season, especially if you’re really bent on enhancing your defenses and scalability against downtime or outages and you haven’t taken major steps yet. Here are some suggested initiatives:

  • Confer with a consulting firm or a data center or cloud provider about what you need to do, specifically, to realize your objectives. Consider actually retaining a service provider that delivers services to help you scale out and protect your IT operations. Going to the cloud doesn’t alleviate your IT responsibility where security is involved. The cloud doesn’t necessarily make your apps secure. A service provider can work with developers to develop and meet these objectives.
  • Shift to a scale-out IT model so your applications scale out, not up, and this may require application transformation efforts to make you application resilient even when infrastructure services are disrupted in local regions.
  • Act early in the year because this type of transformation effort will require changes across all parts of your infrastructure and application; no real shortcut exists and there won’t be time to make these types of changes once the selling season is upon you.
  • Embrace cloud-type platforms if you’re a seasonal online retailer because they’re more dynamic and it’s easy to scale up quickly to meet demand and not incur extra costs when the demand isn’t there.
  • Look into establishing a hybrid cloud so those apps that can’t be moved to the cloud quite yet, can continue to be handled in their traditional manner. For instance, you might use the cloud for web and application tiers and keep other operations in your normal IT setup until you are ready to take on the transformation actives required to update your database environment.

Be sure to test your enhanced system before the holiday season and design it to support 100% availability because your goal must strive to always be up. This means securing secondary and tertiary facilities and resources far apart from your principal facility so if an outage occurs in one site, the load can be automatically shifted to an alternate site.

Lastly, understand your key performance indicators, or KPIs – those measurements used to evaluate the success of particular activities in which you’re engaged. To do this well, you must possess a firm understanding of the KPIs across all tiers of your applications.

Certainly for online retailers, the holiday selling season is critical to their financial strength and even survival. That’s why it’s imperative to keep your IT operations up and running and to recognize and repel cyber-attackers.

But remember. You can’t do everything.  Simply do what you can for this year and move swiftly to prepare for the 2014 holiday season.

Carl Meadows is senior director, Cloud Services Product Manager, at SunGard Availability Services.