5 key e-commerce risks and how to solve them, part 2
The e-commerce market continues to grow year after year. In direct proportion to the number of online stores, the number of threat scenarios for digital businesses is also growing. How to protect against them? To begin with, it is worth knowing your enemy and preparing a defense strategy in advance.
Application server failure
Risks in performance of an e-commerce platform is the failure of the main server or one of the servers that hosts your online store application. Such an event makes the application unavailable and prevents you from using it, as well as making any orders. In such a case, it is worth understanding if your vendor has developed scenarios and procedures that clearly define behavior in such cases. How do we manage this at Monogo? Here are some key aspects:
1. Active monitoring of components at the hardware, service and overall application level allows you to observe trends and diagnose potential problems in advance.
2. Redundancy in key infrastructure components - the use of clusters and mechanisms that allow the infrastructure to operate in case of failure. After a failure, we have the ability to use self-healing mechanisms when restoring services to full capacity.
3. Infrastructure as Code (IaC) - the use of automation to build environments allows the entire technology stack to be restored very quickly in the event of widespread failures.
4. Optional use of multiple data centers to increase redundancy.
5. 3-2-1 Backups - you'll read about this in the article As Secure As Possible and the first part of our series 5 Threats to Your E-Commerce You Need to Protect Against, Part 1.
Data leakage
Imagine the situation when an unwanted person gains access to your store? Data theft is a serious threat to both your business and your customers. In addition to loss of reputation and trust in the eyes of your customers, unpleasant legal consequences may also face you. Taking care of your business, we recommend solidly securing your online store against unexpected data leaks. The reason for this can be not only hacker attacks, but also very poor site security. It is worth checking whether our provider offers the possibility to configure IDS - intrusion detection service and IPS/IDS. How will this be detected by your infrastructure provider? How will your provider respond if such an incident is reported? It is worth asking these questions before signing a contract.
Unauthorized access to files
Another black scenario is an unauthorized person who, after gaining access to some of the files on the server, starts making changes to configuration or system files. Does your provider monitor this activity and have alerts configured to help detect such events?
File Monitoring is performed by an integral security monitoring system. It alerts you each time a monitored file changes.
All components of the service must have defined access rules and be secured at various levels (starting with 2FA, time-varying tokens, Firewalls, IPS/IDS systems, cyclic verification of authorized persons, onboarding/offboarding)
Application security vulnerabilities
It's also worth being aware that there may be vulnerabilities, or security holes, in the e-commerce applications themselves. Does your provider offer the ability to perform IT Security Scans to help detect these threats? Is the tool used for said scans tailored to the realities of online stores?
At Monogo, we offer our partners the Web Application Security Scanner monitoring service. This is a periodic monitoring of an application (publicly available) for security holes, vulnerabilities (for example, SQL Injection attacks, XSS, vulnerabilities in the components used). The idea here is monitoring rather than a one-time scan. In addition, before production execution, we are able to check the prepared package and make sure that we are not introducing new threats into production.
Server security vulnerabilities and risks in e-commerce
A possible black scenario affecting the availability of your store could also be the appearance of vulnerabilities in packages or software installed on servers. Does your provider monitor and keep up-to-date all the infrastructure components in use?
When it comes to guaranteeing server security, in Monogo we operate on several key levels. First of all we conduct version monitoring of all components and services used. At any time we are able to verify what version of a component is used and on how many machines (estimate the scale). Components that do not directly participate in serving the application are updated daily. Components indirectly involved in serving the application are updated once a week. Those that participate directly in serving the application and have an update are updated ad hoc when communicating with the client (we set the date). All solutions are individually selected to meet the needs of our partner establish even the smallest details.
In the article we mentioned just a few of the dangers , which threaten your website. The bad news is that there are a lot more ( you will read about more in part 3 of this article series). However, we also have good news, you can reduce risks in e-commerce. If you are not sure whether the above-mentioned security areas are adequately taken care of in your store write to us in the form below.
Keep in mind that you can never be sure that using the best and most expensive solutions will provide us with a 100% guarantee of security. That is why we have procedures and developed plans of action in case of critical incidents. Take advantage of our experience to avoid problems and properly take care of the security of your store.