Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Practical Tips to Improve your eCommerce Website Performance and Security

627 views

Published on

Practically every modern retailer has an online presence where their products and services can be purchased by new and returning customers. The average consumer practically expects it, and they often want the shopping experience to be smooth, easy and secure.

Whether you’re just now beginning to expand your online retail presence, or have a more established site that you want to increase conversions on, view this presentation to learn the following:

- Common pitfalls and shortcomings in many online retail sites
- Guidance on protecting your site against fraudulent attacks
- Tips to increase your site reliability and performance
- How Cloudflare can help you

Published in: Internet
  • There is a useful site for you that will help you to write a perfect and valuable essay and so on. Check out, please ⇒ www.HelpWriting.net ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Did u try to use external powers for studying? Like ⇒ www.WritePaper.info ⇐ ? They helped me a lot once.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Practical Tips to Improve your eCommerce Website Performance and Security

  1. 1. Practical Tips to Improve your eCommerce Website Performance and Security
  2. 2. Speakers Derek Yee Product Marketing Lead, Performance Solutions Tim Fong Product Marketing Lead, Security Solutions Austin Davies Site Reliability Engineer, AO.com
  3. 3. 2010 Launched at Techcrunch disrupt 700+ employees and counting 9 Offices San Francisco // London // Singapore // Austin // Miami Washington D.C. // Champaign // Boston // New York Cloudflare at a glance
  4. 4. The Cloudflare Advantage Integrated Performance, Security, and Reliability 9.5 M domains and routing traffic for 2.5 Data Centers with 15 Tbps capacity 150+ HTTP Internet traffic 10% All DNS queries 38%& SCALE INTEGRATED STACK EASY FINE- GRAINED CONTROL Global Data Center Anycast Network China Network WAF/Firewall DDoS Content Optimization Load Balancing Rate Limiting DNS Argo Workers Latest Web Standards TLSSpectrum Mobile SDK Access CDN Stream
  5. 5. eCommerce News Events Amazon $90 million lost in a concentrated 75 minute outage Adidas Millions of contact information, usernames and encrypted passwords leaked Macy’s Personal information and credit card information potentially exposed to a third party
  6. 6. Securing your online presence
  7. 7. Factors increasing exposure to security risks Greater scrutiny by government and media around data, privacy and security Greater attack surface area from more public APIs, moving to the cloud, and increasing third-party integrations Stronger and more sophisticated attackers
  8. 8. Customers’ Security Threats SYSTEM DDoS Attack Attack traffic impacts availability or performance Vulnerable Applications and APIs Multi-vector attacks that exploit vulnerabilities Webpage
  9. 9. Volumetric DNS Flood Bots DNS Server DNS Server Server Amplification (Layer 3 & 4) HTTP Flood (Layer 7) 1 2 Bots 3 Bots Degrades availability and performance of applications, websites, and APIs HTTP Application Application/Login Types of DDoS Attack Traffic
  10. 10. Application and API Vulnerabilities Fake Website Visitors 1DNS Spoofing Malicious Payload eg: SQLi that ex-filtrates PII and credentials 3 Attacker Bots Brute Force 4 Data Snooping 2
  11. 11. Building faster websites and apps
  12. 12. Customers’ Performance Challenges INFRASTRUCTURE Unavailable Applications Overloaded or unavailable infrastructure stops users from accessing applications Slow Internet Applications and API Heavy pages and long distances from the origin slow down Internet applications and APIs Internet Application Mobile Slow Mobile Sites and Apps Mobile clients introduce performance and content delivery constraints that hurt user experience Users
  13. 13. Slow Web Pages, Applications, and APIs Business, customers, and users are more globally distributed, requiring content to travel longer distances Origin Heavier pages from more and bigger assets like images and javascript take longer to load More interactivity and personalization require more trips to the origin
  14. 14. Slow Mobile Sites and Apps Origin Mobile devices have limited compute, memory and power which slows down processing content like images or client-side code Mobile apps use APIs which increase calls to the origin Mobile devices have slower and more erratic networks which hurts throughput
  15. 15. Overloaded or Unavailable Infrastructure Applications or individual origin servers experience unexpected downtime and hard-to-troubleshoot outages, which prevent user access Traffic, both expected and unexpected, exceeds capacity of the origin server or data center, making them unavailable or less performant Manual disaster recovery and in- house load-balancing exposes applications to downtime while increasing maintenance and operational costs Primary Failover
  16. 16. Customer examples
  17. 17. Multi-layer Protection Deploy rate-limiting on Cloudflare and build it into our software. Never rely on a single point of protection. Network-Access Based Locking down systems to particular networks using Cloudflare URL lockdown rules and only provide access to what is needed - the principle of least privilege. HTTPS Everywhere Ensure that all customer facing systems communicate over HTTPS at the application level. Web App Firewall Enabled WAF on all of our sites - we're a common target for scraping since we advertise prices on our sites, utilise the WAF not only for protection but also to stop fake bots from scraping our sites. Security Best Practices
  18. 18. Cache Everything With Cloudflare we specify what we don’t want to cache - any new pages added to our site get cached by default. Minification We minify all of our content using Cloudflare Auto Minify. This improves customer download times on mobile, and reduces our bandwidth costs as well. Smart Routing and Tiered Caching The cost of network latency can often be overlooked and it's important that the customer receive the fastest route to our sites. A 50 millisecond win through smart routing is a win that applies to all of your requests. Async Script Loading JavaScript can be deferred and loaded asynchronously (in parallel with each other) - we currently utilise Cloudflare Rocket Loader on 50% of our sites to achieve this technique without having to make changes to our underlying code. Performance Best Practices
  19. 19. Customer Case Study: de Bijenkorf CHALLENGES • Protection against DDoS attacks • Maintain performance CLOUDFLARE SOLUTION • Automatic DDoS mitigation for layer 3 & 4 attacks • Global CDN KEY RESULT • Peace of mind with a protected, secured app • Prevents significant, six figure revenue loss www.cloudflare.com/case- studies/debijenkorf/ de Bijenkorf is a luxury department store based in the Netherlands dedicated to surprising its customers with exceptional products through an inspiring and unique customer experience. "We were really excited about a single vendor solution with easy setup, easy use, maximum protection, and a very friendly team." Christiaan Mourik Head of Technology
  20. 20. Customer Case Study: Lenskart www.cloudflare.com/case-studies/lenskart/ Lenskart has sprinted to be India's fastest growing eyewear business “Cloudflare’s Web Application Firewall blocks over 30,000 threats from hitting our website every month,” Barat noted. “We process sensitive customer data, so having Cloudflare as an extra layer of protection to prevent exfiltration of that data brings us peace-of-mind. Plus, with Cloudflare’s DDoS mitigation we know our site won’t experience costly down-time.” Nirbhab Barat CHALLENGES • Protecting Customer Data • Rapid growth meant high notoriety for attack CLOUDFLARE SOLUTION • CDN • WAF KEY RESULTS • Sensitive data protected with 30,000 WAF blocks per month • 72% (8Tb) bandwidth savings with CDN • DDoS mitigation
  21. 21. Customer Case Study: Touch of Modern CHALLENGES • “We save customer credit cards for reuse, which provides a more convenient shopping experience, but if a customer account got breached, it could result in unauthorized credit card charges, which would be a nightmare for both us and our customers.” CLOUDFLARE SOLUTION • Global CDN with 150+ Data centers • Argo Smart Routing • WAF KEY RESULTS • Sensitive Customer data protected • Estimated 5% increase in conversion with a faster website • 27% faster web presence with Argo Smart Routing www.cloudflare.com/case-studies/touch-of- modern Touch of Modern is a curated commerce destination for the modern man. “We discover the most interesting products in the world,” explained Steven Ou, CTO of Touch of Modern, “and make them available to you at unbeatable prices.” “Cloudflare helps keep us online, provides a faster site experience to our end users, and protects our customers sensitive information.” Steven Ou CTO
  22. 22. Customer Case Study: NatureBox www.cloudflare.com/case-studies/naturebox/ NatureBox is a leading packaged food provider offering their products through their online store and leading grocers. “We use Cloudflare . . . to cache all of our non- customer specific data, including our entirety of our product catalog, inventory, etc. so that we can deliver those responses to the customer as fast as possible.” Shawn Zeller Principal Architect CHALLENGES • “Having a quick website is very integral to us being able to sell a product online.” • “One of our main API requests for our catalog data was taking on average 20 seconds” CLOUDFLARE SOLUTION • CDN • DNS • Application Security KEY RESULTS • Completely edge cached response to ~ 35 ms response time (17x Improvement) • Single vendor for every solution (DNS, CDN, Security)
  23. 23. eCommerce Essentials Ebook
  24. 24. Q&A

×