Optimizing Your E-Commerce Site for Top Performance

Introduction

For nearly three hours on a Tuesday in June, 2010, Amazon.com was down. Its pages were empty and its search functions and shopping cart didn’t

For a site that averages some $51,400 in sales and revenue every minute, the downtime could have cost Amazon $9.2 million dollars, according to the web site Technologizer.

1 E-commerce and retail

A "glitch" cost zappos $1.6 million in less than 8 hours.

2011 Bleum 2

Zappos knows how Amazon feels.

Between midnight and dawn one day

in May 2010, a glitch on its sister

website 6pm.com somehow capped

prices for most Zappos products at

$49.95. Zappos lost $1.6 million during

that overnight stretch. Its losses would

have been much higher if the problem

had occurred during the day.

Traditional retailers haven’t escaped

costly and embarrassing online

problems either. For much of Black

Friday 2010 and sporadically for the

rest of the week, including Cyber

Monday, J.C. Penney experienced

response times of up to 90 seconds.

According to monitoring done by web

performance management software

caused the home page, search, “add to

cart” and “proceed to checkout”

functions to repeatedly time out and

not complete sales.

e-commerce site did exceptionally

well during the 2010 peak holiday

season. Its near-impeccable

availability stood at 99.98%, with an

average response time of 11.58

seconds, according to Alertsite.

Because of this, Alertsite ranked

retailer providing the best overall

experience to shoppers in 2010. Not

sales rose 26% to $1.2 billion in 2010,

a particularly important gain since its

retail sales grew less than 10% over

the same period, ending at $2 billion.

e-commerce sites; security is also

critical. Ask any banking institution

that fell victim to the recent string of

cyber attacks and they will tell you

security regime is. Citigroup’s May

2011 attack had hackers accessing

the data of 1%, or an estimated

210,000, Citigroup customers

according to the International

Business Times. Whether or not

fraudulent charges on these accounts

have been made is still in question.

getting e-commerce right is tough for

even the savviest of companies.

However, it is essential as the

Internet is increasingly having an

outsized impact on company

reputation, growth and market share.

The key is a rock-solid foundation

incorporating security, reliability and

operational excellence. As a growing

list of e-commerce sites have

discovered, however, what was

performance even last year has

become inadequate for succeeding in

the online marketplace of today —

and certainly, of tomorrow.

Companies need to strengthen their

e-commerce platform now or risk

putting their organizations at a

strategic disadvantage especially in

lost sales, customer defections, bad

publicity or even lawsuits.

Identifying and adopting processes to

ensure best practices in security,

reliability and performance will

separate the top performing

e-commerce sites from those that

merely survive.

The Price of Online Success

Building Block: Security

"Web influenced" retail sales- 2010: 46% of U.S. total retail 2014: 53% of U.S. total retail

Forrester

3 E-commerce and retail

Ironically, many e-commerce sites are suffering from

their success. Originally built over the last decade,

many online stores have enjoyed an explosion in sales

according to Forrester Research.

But that modest share of total sales does not begin to

convey the full importance of an organization’s online

stop for consumers to compare brands, prices,

features, reviews and all manner of information for

anything from hotel rooms and airline tickets, to

computers, shoes, tractors and refrigerators. This

holds true even if a consumer ultimately buys a

product through other channels.

Forrester Research estimates that more than $1

retail sales last year and will grow to 53% of the total,

or $1.65 trillion, by 2014.

With online business booming, companies are

layering their websites with new patches, protections

relentless and becoming increasingly sophisticated,

cyber attacks increased 93% from 2009 to 2010. The

according to Javelin Research. Companies face

additional security challenges from within, not the

least of which are disgruntled or criminal employees

and ex-employees. For most companies, however,

their greatest vulnerability is due to a dual failure: a

selective rather than comprehensive approach to

incorporating security measures; and a lack of

consistency in applying security measures.

though, are reaching their limits. The need to address

the emerging impact of mobile technologies is adding

more complexity to the issue, at a time when many

sites are already stretched thin. Mobile devices are

and behavior as well as the interplay between the

two. The impact and reach that mobile will have,

though, is still unfolding.

An e-commerce site’s foundational elements can get

lost or shortchanged in the rush to build capabilities

to capture buyers using mobile devices, or to add the

latest in business analytics for a better understanding

of buying behavior. While the other initiatives clearly

are important, they will ultimately fail if the

e-commerce site lacks a solid and secure base built

with a secure and reliable architecture.

To move into the top tier of online stores, e-commerce

sites need to focus on improving the foundations of

security, performance and reliability. The right

customer demands and evolving business needs.

2011 Bleum 4

Overall, a company’s defense needs to be

against malicious cyber attacks intent on disrupting

credit card numbers. The second area is to protect

breach, employee tampering or other malicious forays

certain measures to keep hackers out and take other

steps to protect a site’s sensitive data should hackers

barriers.

For both types of security threats, companies must

establish a disciplined, consistent program for

integrating security at all levels and keeping it

For example, a May 2011 cyber attack against Honda

Canada resulted in the theft of 283,000 car-owners’

personal information from the e-commerce sites

myHonda and myAcura. According to Michael Lewis of

thespec.com, Honda thought the records contained in

the database were destroyed by an outside vendor in

charge of the project. When interviewed, Honda’s

“…apparently, they were not.” This is just one example

of how pieces slipping through the proverbial cracks

can have disastrous implications.

The reasons for the failure to adopt and follow

code from the early days of e-commerce, a time when

attacks were less sophisticated and sites less complex.

Often, programmers are used to building systems for

internal use and are not skilled at writing code with

security vulnerabilities in mind. They are also lax in

searching for security issues during software testing.

Too often, security features are added after the fact

rather than being built into the software and

hardware of an e-commerce site. Companies face the

added complication of maintaining security when they

integrate with partners, such as payment or e-mail

marketing providers. protection;

Constant and timely virus protection;

visible IRL data;

numbers through using PayPal;

Protection against simulated transactions that

cause spikes in usage;

PCI compliance as another layer of protection

within a broader security protocol, not a

singular method of defense.

updated as code and hardware changes. World-class

e-commerce companies begin with application

development and maintenance. They create formal

processes, rather than relying on individual

programmers or testers, to embed security when

writing and testing applications. In addition, they

conduct regular security testing, at least once a

quarter, to try to break the code or infrastructure.

defense in protecting the site’s infrastructure and

network against outside attacks, while encryption is

vital for protecting sensitive data within the site.

Like authentication and encryption, most security

best practices are well known and proven. Yet too

many companies pick and choose rather than

incorporate all of them. To lower risk and safeguard

their sites, companies need to take a comprehensive

and evolutionary approach to security that involves

these multiple layers of protection. Additional

security practices should include:

Building block: Reliability and

Scalability

5 E-commerce and retail

There’s no question that customer expectations about

reliability are exceedingly high. They want sites to be

up, running and fast. The goal for uptime really needs

Yet, as features proliferate and site volume swings

wildly based on time of day, day of the week and the

time of the year, e-commerce sites face a complex

challenge in being able to scale and achieve an

appropriate level of reliability while also keeping costs

effective. Few companies can afford to simply throw

money at this issue. Installing dozens upon dozens of

servers to handle the rare surge in volume, for

example, may ensure uptime but at quite a prohibitive

cost.

While uptime is a major gauge of reliability, it is not the

only one. In fact, e-commerce sites must address the

root cause of reliability issues, which come in two

when the system falters or crashes because a site

exceeds its capacity.

addressing both types of reliability issues, companies

need to combine superior software development with

capacity planning and infrastructure management,

begins with the robustness of the site software itself.

Best practices in application design and development,

such as adhering to CMMi Level 5 standards, can

maximize performance by minimizing defects and

response time and require more processing power.

Beyond solid design and development, companies

need to develop an expertise in capacity planning and

management. With capacity planning, a company

routinely monitors and balances its network and

infrastructure to anticipate load changes, especially

as it alters its system and accommodates changes in

usage. New tools allow mathematical models to be

built to simulate the applications and infrastructure

so that volume can be tested and likely bottlenecks

found even before completing the software or

deploying the infrastructure.

Determining the right balance for a company’s

infrastructure load is a complicated undertaking.

more unpredictable than from internal systems used

third-party integrated components and systems add

complexity and uncertainty.

weakest links, a capacity management program

targets those possible single points of failure. It

them through such steps as:

Once the solutions are in place, leading e-commerce

companies can then routinely do stress testing,

especially after making changes to the site’s

hardware or software.

Building in redundancy such as clustering

network;

Tuning applications, databases and networks;

Using tools to test load to prepare for new

applications and hardware;

remains operational even if a capability or part

of the site goes down.

Building block: Performance

The ultimate goal of any e-commerce site is to move

the consumer to a sale, with the minimum number of

clicks to conversion. For the customer, it’s all about

making the site intuitive to use and relevant. If a site

puts too many obstacles in the way to a sale — too

or inaccurate search results — the customer is just one

click away from switching to a competitor’s site. Poor

or even mediocre performance costs more, in more

ways than one. Not only does it drive away frustrated

customers due to longer wait times, but it also requires

more support hardware, more processing power and

related hard-dollar outlays.

and development, coupled with processes to ensure

the site is monitored and adjusted to maintain

operational excellence. For applications, CMMI Level 5

development processes help ensure everything from

the business requirements to the quality are exactly

best-practice software development approach also

enables on-time delivery and provides a proven path

to better performance when upgrading existing subpar

software. CMMI is, however, not a magic pill. It should

be one part of a comprehensive plan to create a

high-performing site, along with several other

components.

which offers an opportunity for major performance

improvement, whether in unifying an e-commerce site

that has been built over time using different software

disparate system components and applications while

providing a modular design that enables functionality

to be compartmentalized and easy to identify. It is

2011 Bleum 6

redundant systems are ready and able to step in if

management program helps build consistency

between the primary systems and the backups by

keeping a database of how every server and system is

parallel changes in the main system. In addition,

the backup servers and systems to keep them ready

to take over as seamlessly as possible when a main

helps to ensure the test system matches production,

critical for proper testing.

7 E-commerce and retail

the consumer typically does (with an aim to making

why abandons typically occur. This insight is used in

building better online applications and functionality.

As discussed in relation to reliability, load

monitoring and balance testing is also critical for

peak performance. Load monitoring is essential to

stop performance. Like UX, performance and stress

testing is key to maintaining operational excellence,

involves placing dummy transactions or simulating

user activities on a mini-production environment

created to mimic the software and hardware

keep the simulated and live environments in sync

and minimize the hardware and software necessary

to replicate the actual site.

organization introduces a software or hardware

For example, Black Friday and Cyber Monday in the

sales. In 2010, Ebay and PayPal both saw extreme

increases in their mobile site usage, with Ebay

doubling its mobile sales and PayPal seeing a 310%

increase from 2009, according to Techcrunch

must prepare for these inundations prior to

occurrence, or else risk slow performance or

crashing.

effort and is often completed in stages. As a starting

point, companies should determine their weakest

applications, capabilities or parts. They can pinpoint

these weak spots by looking at the site’s problem

history, where the company is spending too much

time and money, where there is weak documentation

and by the age of technologies. Once these areas are

use of such techniques as cyclomatic complexity,

which encourages continuous program improvement,

understand program behavior under various stress

scenarios.

friendliness. To that end, companies need to dedicate

monitors online customer behavior and analyzes such

issues as how long the consumer must wait, what

Enhances the IT organization’s ability to analyze

and respond to performance issues;

Enables module reuse — creating software

capabilities, such as a payment module, that can be

reused in other applications (e.g., on the company

Minimizes database searches and response times

because it stages likely data to be used;

Offers potential to perform asynchronous data

lookups or other processing in parallel to prime

navigation paths to speed likely further steps.

Focus on the Key Building Blocks

While a strong e-commerce platform is of clear strategic importance, CIOs and their e-commerce teams

often struggle to balance a deluge of IT demands and crises against a backdrop of budget and time

constraints. Understanding and focusing on the key pivot points for achieving top-notch security,

reliability and performance, though, can spell the difference between online success and mediocrity.

For security, a holistic approach to best practices, backed by processes that enforce consistency, is critical.

Reliability depends on software quality combined with expertise in infrastructure and capacity planning

regular performance and stress testing, can help ensure operational excellence.

Companies that invest in the people, partners, processes and capabilities for achieving excellence in those

areas will go a long way to ensuring they create an e-commerce platform that will help deliver exceptional

online results.

2011 Bleum 8

Building and keeping an e-commerce site at peak performance requires a wide

and deep IT skill set, from application and middleware design and development

and UX to infrastructure and network capacity planning and management.

Moreover, it requires building and implementing processes to ensure security,

reliability and operational excellence are consistent priorities.

Given all of the demands on IT departments, it is no wonder that few companies

have the necessary experience, capabilities and discipline to excel at all of these

e-commerce capabilities and experience, like Bleum. Bleum offers a rare

combination of expertise and client success in all key e-commerce areas.

Partnering for E-commerce Strength

9 E-commerce and retail

Experience. Bleum’s executive team, as well as its programmers and

testers, bring a proven track record of building and optimizing e-commerce

sites, including expedia.com and one of the world’s largest online stores. For

a top 5 global retailer, Bleum serves as half of the development team for the

expanded Bleum’s responsibilities to include building a new Chinese

e-commerce site.

Results.

handled the highest shopping volume in its history without a single outage.

Bleum produces hundreds of new features every month, helping drive an

online sales growth of 22% in 2010.

Capability. Bleum provides a full range of e-commerce technology services

from infrastructure assessment, platform recommendation, site design and

also provides end-to-end NOC solutions for mission-critical operations,

from NOC strategy consulting and process setup through full ownership of

NOCs.

2011 Bleum 10

ATG Expertise. Bleum has the biggest ATG resource pool in China and can

build an e-commerce infrastructure from scratch, including store site, backend

and integration with existing retail IT systems. Bleum’s ATG team includes

Talent. Hiring some of the best and brightest Chinese engineers, Bleum builds

dedicated teams for its clients and makes acquiring domain knowledge a

priority for the team, reducing the learning curve and proving client value

faster. All Bleum employees speak English and the company further develops

Western culture and technical skills.

Quality. An industry leader in software development, reappraised in 2010 as

CMMi Level 5 companywide, Bleum delivers more than one-third of all

projects at production with zero major or moderate defects. Overall, we

average 1 defect per 10,000 lines of code versus the market average of 7

defects per 1,000 lines of code.

Discipline. Using proprietary project management and quality systems,

Bleum applies highly mature and effective processes to everything from

design, development and testing of the NOC. The systems also allow clients to

track progress in real-time based on key metrics from productivity per

engineer per hour to schedule variance.

Security.

applications through the creation of freely-available articles, methodologies,

tools and technologies. Bleum’s security processes limit employee access,

require legal agreements with employees and build in multiple layers of

physical security. Bleum also regularly conducts security tests, holding

bi-monthly examinations for all staff members.

W O R L D W I D E H E T E R

Cloud-9 Mansion 8F

1118 West Yan‘an Road

sales@bleum.com

w w w . b l e u m . c o m

Copyright © 2011 All rights reserved.