Black Friday is just around the corner, and there are lots of things that IT teams need to do to prepare. Here, various industry professionals offer their advice for IT teams, covering business continuity, security and storage.
Business continuity
Hubert Da Costa, vice president for EMEA at Cradlepoint:
“UK retail sales reached £3.3bn during 2016’s Black Friday weekend. However, despite these unprecedented numbers, there were significant problems as servers couldn’t cope with demand and in-store bandwidth issues meant that POS transactions were slow (sometimes impossible) to process.
“Getting it wrong, just for that short trading period of a few days, can break a business. I expect to see lessons learned this year. IT teams within retail organisations should have implemented and tested reliable failover solutions. Black Friday lines are already notoriously long and slow; having them stop altogether can be devastating. Even companies that are able to process and approve credit card purchases offline beneath a certain purchase amount, or ‘floor limit’, during a network outage may not have the security mechanisms necessary to keep POS info safe. Reliable failover solutions ensure the retailer can proceed with POS confidently, even amid the hustle and bustle of Black Friday.
“As well as having reliable failover, many retail teams have turned to cloud-based applications to help retailers with inventory tracking, human resource management, and even customised promotions. Additionally, information on top-selling items can be tracked at the store level, provided to sales associates, and incorporated into the inventory management process.”
Michael Hack, SVP EMEA Operations at Ipswitch:
“In recent years Black Friday and Cyber Monday have become key landmarks on the calendar for both shoppers and retailers. This is a perfect time for bargain hunters to snag a great deal, but also an opportunity for retailers to maximise revenue going into the Christmas season.
"However, for this to be a success for businesses, IT systems needs to work properly in order to allow customers to purchase goods without any hiccups. IT teams have this daunting task of ensuring networks stay up and running. They must be prepared to anticipate and overcome any obstacle. They know they’ll be held accountable if all goes wrong. However, this isn’t just an important day for retailers. All retailers’ IT teams across the board will be left to manage the impact of employees clogging up network bandwidth shopping online.
“Both scenarios call for deep visibility and detailed visualisation of the network and applications, servers, VMs and traffic flows within the environment to manage bandwidth and isolate issues before they spin out of control. With this type of comprehensive and flexible network monitoring, IT teams can ensure that websites are receiving adequate bandwidth to support customers’ needs, transactions requests and online shoppers are not hogging company resources searching for the best deals.”
Peter Godden, VP EMEA at Zerto:
"Imagine being unable to process retail transactions due to a website crash, or other back office IT issues during the busiest shopping days of the year. Retailers stand the risk of losing significant revenue with every minute their critical systems are not operational during Black Friday and Cyber Monday.
"Every year retailers are focused on driving increased revenue, but in the lead up to this hyper-active shopping period they need to ensure their IT infrastructure is prepared to be inundated by not just returning customers, but new ones who have high expectations about brand experience. Retailers need to rigorously test their business continuity and disaster recovery strategy and the underlying technology that supports IT resilience, which will allow them to be up and running within minutes, for when – not if – a crash or widespread outage occurs.
"Last year shoppers spent $4.45 billion during these two days and retailers cannot afford to miss capitalising on this high site transaction opportunity.”
Security
Wieland Alge, VP & GM EMEA at Barracuda Networks:
"The sale waits for no one. Regardless of how much personal Internet use you allow in your network, you will almost certainly have some users thinking about shopping on their work computers this Black Friday weekend.
"When reviewing your security in the run-up to the Black Friday and Christmas season, it’s essential to look both at the consumer-side and the network-side security. The consumer-side includes hardening your workstations with up-to-date software, firewalls and anti-virus installed and conducting awareness training around best practices for online shopping. It might sound obvious, but you don’t want to harden the network only to find that one of your users has joined a botnet on their workstation.
"On the network side, you should start by more closely monitoring your internal traffic and bandwidth, keeping an eye out for the users who are most likely to fall prey to a scam and any unusual spikes that could uncover a stealth attack on the network. Next up you should review your firewall rules for conflicts, gaps and outdated rules, using the monitoring data to inform the new ruleset. Finally, check that your firmware is up to date and that all other electronics, devices and policies are running with the latest security fixes in mind."
Simon Moffatt, Senior Product Manager at ForgeRock:
“In today’s ‘always on’ world of digital, we are increasingly seeing online sales dominate the profit lines of retailers. But the challenge of combining digital services with existing brick and mortar operations is no walk in the park. Shoppers expect consistent, frictionless and most importantly, secure retail experiences – online, in store and through mobile apps. They expect to browse, shop and buy in whatever way works best for them, at any given moment.
"For retailers to remain competitive in the digital age, they must revolutionise the way they operate to meet these demands and provide a personalised, secure customer experience at every point of interaction – digital or physical. As digital retail success becomes more about how well you know your customers in an omnichannel world, digital identity will be vital to ensuring purchasing habits and customer data are safe and sound with a trusted retail outlet.”
Ryan O'Leary, VP Threat Research Centre at WhiteHat Security:
"This Black Friday weekend, retailers will be unable to successfully fill the public’s stockings with cut-price Christmas cheer if they cannot guarantee that their websites will run smoothly and securely. But, while the cyber spotlight is firmly on the ecommerce sector, almost all businesses have something to learn from three key application security best practices.
"First, those in charge of securing websites and mobile applications need to be proactive and build with security in mind. It may take a bit more time or cost a bit more money, but it’s a solid investment to prevent media embarrassment and loss of trust from your users, which would negatively impact your business.
"Second, the easiest, most dangerous vulnerabilities on your flagship application, or those applications that contain private information, should be dealt with first regardless of how difficult they are to fix. Finally, think 'fast remediation.' The current average time-to-fix vulnerabilities in retail websites stands at 205 days. Considering Black Friday isn’t even 100 days away, perhaps set yourself a challenge to go away, find your flaws and fix them fast."
Thomas Fischer, threat researcher and global security advocate at Digital Guardian:
"In the past few weeks we have seen large scale DDoS attacks against critical infrastructure, so now is a good time to make sure that your business is able to recover from this kind of situation. Malicious parties may decide that the Black Friday weekend is a good time to flex their muscles and show their ability to control our use of the Internet.
"Businesses and retailers should look at continuity planning, taking into account the services that can mitigate any direct denial of service attacks, as well as a plan to recover if the primary DNS provider is taken down. Specifically for those in charge of retail IT systems, in the past we’ve seen eager consumers and malicious parties looking to exploit weakness in the application to allow them to pre-purchase goods, or even “corner the market” on the offers by using scripts to continuously poll and purchase the best deals.
"A good AppSec testing and development program is key in this case. When testing the security of applications, make sure that data integrity is checked as this will stop any pre-sales leakage or make sure that people can’t attack the site and change prices. Another important test is looking for the presence of a real user, to avoid scripting attacks against the site."
Tom Harwood, Co-Founder and Chief Product Officer at Aeriandi:
“According to Financial Fraud Action, more than one million incidents of financial fraud happened in the first half of this year, equating to one incident every 15 seconds. As more of us shop online telephone agents in contact centres are becoming an increasingly attractive target for criminals looking to take advantage of poor phone security practices.
"To help protect their customers and outsmart the fraudsters, businesses should be looking to take advantage of innovative new technology-based solutions such as voice biometrics. The introduction of an effective voice biometrics system, ideally alongside measures such as intelligent fraud detection can significantly bolster any business’s telephone identity and verification security whilst simultaneously improving the customer journey. Who wouldn’t want that?”
Storage, infrastructure & hosting
Tony Martin, UK & Ireland Managing Director, FalconStor:
"Black Friday, as well as Cyber Monday, are amongst the busiest online shopping days of the year. With an increasing demand for online shopping, retailers must ensure their storage infrastructures are able to deal with increased traffic and avoid downtime during these extra busy times.
"With Black Friday taking place over a 24 hour period, any downtime could lead potential customers to competitor’s websites. Software-defined solutions have been crucial in improving uptime for retailers with IT teams now being able to get a view of their whole infrastructure, including the use of analytics. IT teams should utilise these features to prioritise the storage and data layer of the infrastructure stack and manage any bottlenecks which would cause customers to experience a slower service.
"By using analytics, IT teams can foresee any issues before they slow down the website. This approach delivers the performance and flexibility required by retailers in a fast-changing industry."
Campbell Williams, Group Strategy and Marketing Director, Six Degrees Group:
"Black Friday has become a predictable retail phenomenon. Last year UK shoppers spent more than £3.3 billion between Black Friday and Cyber Monday, and the trend seems to be continuing in 2016, with retailers already advertising their deals. It is a wonder then that retailers can still get their Black Friday preparations so wrong.
"More often than not, the key to success on Black Friday is communication. Many retailers know the advantages of hosting their business critical applications, such as websites, on cloud technology. It is perfect for these flash events, when flexibility, scalable, and agility are key. But the real hiccup can be between IT experts who are in charge of these systems, and the business leaders.
"It is vital that they are properly aligned to ensure each knows what is required and at what time. Being business-savvy allows retailer to predict where the peaks are coming from. Being tech-savvy means they allow extra compute resources to be added reducing the risk of downtime.”
Jake Madders, Director of Hyve Managed Hosting:
“Black Friday and Cyber Monday are the bookends to the biggest online shopping weekend of the year, and retailer’s most valuable asset to capitalise on this shopping frenzy is their website. However, last year one in five ecommerce websites including John Lewis, Boots and Argos went down before 9am.
"Learning from this experience, retail IT teams should be preparing their infrastructure to see website traffic spikes of over 600 per cent. A key component of weathering the storm of bargain hunters is ensuring the hosting provider responsible for the website provides scalable options that promise peak performance during predictable high-traffic time. The best way to be confident that a website will hold up when on the hot seat is to work with a hosting provider that runs continuous tests on the website that mimic the rush of shoppers on Black Friday and adjust resources to match.
"Additionally, while performance is the main driver for success, security should be given equal importance when managing an ecommerce website that processes financial data. Hosting providers that are certified as PCI compliant should be top of the list to ensure all transactions are protected, for your sake and your customers."
Image source: Shutterstock/Vik Y