Posted by & filed under List Posts.

 

 

  • Huge potential for ecommerce sites
  • Elements of online shopping behavior
  • How the market is adjusting to changing needs
  • High-performance ecommerce hosting

 

Ecommerce is a massive economic phenomenon. According to the US Department of Commerce, more than half of web users across the planet (53%) bought something online in 2016. That means no less than 1.7 billion people (out of the 3.2 billion global users) proceeded at least once through a shopping cart checkout.

 

Furthermore, the amount that the average Internet shopper spends is higher than you might think: numbers suggest American users spends an average $1800 annually, while the typical British consumer spends $1600. As would be expected, a large proportion of these shoppers are in the lower age brackets, with 2 in 5 men (40%) and 1 in 3 women (33%) aged 18 to 34 saying they would prefer to make all of their purchases online.

 

Clearly there is a huge amount of ecommerce activity occurring, which means is there’s a vast amount of potential for the growth of your online store. However, as with any efforts to build your website, it’s critical to understand how the user behaves. Plus, it helps to know how marketers, based on user behavior, are adopting more effective means to appeal to the visitors whom they hope to convert.

 

Elements of online shopping behavior

 What are some aspects of the ecommerce user that can help you better understand them, so that you can meet their needs on their developing “buyer’s journey”?

 

Element #1 – Pre-purchase research

The way that we buy online is fundamentally different than how we purchase in-person, because the former offers immediate access to a wide range of product information. Four out of five online shoppers (81%) make use of that data.

 

The resources through which shoppers gather their perspectives on products and services range from testimonials to reviews, from forums to social media, from comparison sites to third-party ratings. One way or another, ecommerce users make an effort to get informed before they buy.

 

Element #2 – Different needs of men and women

 

Different groups of people tend to diverge in the way that they approach an ecommerce transaction – and that’s particularly evident along male/female lines:

 

  • Women (on average) want shopping online to be more social, while men want it to be a no-frills, linear experience.
  • Men shop because they need something now, while women are often planning ahead.
  • Men are more geared toward finding a solution they view as acceptable, while women make their buying decisions more carefully.
  • Men tend to make purchases to meet their own needs; women, on the other hand, are often getting presents for loved ones.
  • Women tend to be more impulsive in their online purchases.
  • Women are also more attracted to discounted pricing.
  • Women are likelier to find out information about a product from their friends, while men tend to get their ideas from strangers posting on review sites.
  • While men are more concerned with content such as reviews and product descriptions, women are more interested in forums, images, and live chat.

 

Element #3 – The multi-faceted user

Nearly all ecommerce users (90%, according to one study) use different devices for online shopping. Since consumers are typically accessing your site from different technological environments, it’s important to leverage a multi-screen approach.

 

Does that sound unlikely? The truth is that a significant amount of ecommerce moves from mobile to desktop. The majority of online shopping is completed on the latter, but the breakdown of where people start the buying process shows how important the former is for research:

  • smartphone – 65%
  • tablet – 11%
  • PC (desktop or laptop) – 25%.

 

Element #4 – The concept of “showrooming”

Not everyone appreciates e-commerce, of course. To a brick-and-mortar business that doesn’t have a big Internet presence, your online shop means unwanted competition. What particularly bothers these offline stores is showrooming.

 

What’s showrooming? It is “the situation in which a customer goes to a physical store to touch, try on, or interact with a product and then purchases the product online from a different retailer,” explained John Rampton in Forbes.

Note that while this does happen, it isn’t really a rampant activity: one study suggests that only 1 out of every 10 consumers look at products in-person before buying them online from a different retailer.

 

Element #5 – Checkout expectations

As people have grown more accustomed to making purchases online, they have developed more specific expectations for the checkout process:

  • They want it to be snappy, and that’s especially the case on mobile. When using smartphones or tablets, users like to be able to buy in just 1-3 clicks.
  • They don’t like surprises but want the shopping experience to be straightforward. (That means it’s usually a good idea to list shipping or other added costs upfront.)

How the market is adjusting to changing needs

Understanding the consumer is, of course, just the beginning. How are ecommerce businesses adapting their efforts to better meet the needs of potential and current customers? Here are a few strategies that are becoming more central to online success:

 

Strategy #1 – Cohort-specific targeting

When you think about the value of a one-on-one interaction with a salesperson, it can be difficult for an online store to compete (since chat just isn’t the same). However, using the power of data, ecommerce sites can use cohort-specific targeting to zero in on the needs of certain types of buyers.

 

How does that work? “If data shows that customers tend to buy blue scarves after they purchase black boots,” suggested CellularOutfitter marketing VP Edwin Choi, “companies can now craft ad creative that speak to this specific merchandising experience.”

 

Strategy #2 – Mobile moving images

Cellular data costs are on the decline, as are mobile page load times. The result of those two trends is that the way people use their smartphones and tablets is quickly evolving. Specifically, apps are becoming more immersive, and video is generally becoming more prevalent.

 

To cater to the changing mobile world, savvy ecommerce sites are creating video ads that rapidly present their product in all its dimensions.

 

Strategy #3 – Engaging across channels

The ways in which businesses appeal to online consumers has become diversified, and not just in terms of the multi-screen experience. Marketers now speak in terms of multi-touch conversion and multi-channel attribution.

 

These concepts have become important because we now have a more sophisticated understanding of the way that people shop on the web – and that information has also become more widely accessible. For example, low-cost platforms such as Kissmetrics are giving websites a more granular viewpoint on user behavior, allowing them to make connections based on a full spectrum of data points.

 

Even free systems such as Google Analytics can provide powerful insights on how an integrated blend of channels leads to sales. It can even inform cohort analysis. “Marketing channels will continue to bake in this type of transparency into their baseline reporting metrics on a post-click and post-impression basis,” advised Choi.

 

High-performance ecommerce hosting

The interaction between online stores and online customers is rapidly changing, as user behavior evolves and businesses adapt to meet changing needs. One aspect we haven’t yet discussed is the pivotal role of hosting infrastructure on your site’s speed and reliability. At Total Server Solutions, our high-performance hosting plans can accommodate everything from the smallest, static websites all the way up to large operations getting massive traffic. See our plans.

Posted by & filed under List Posts.

 

Have you heard of The Worst-Case Scenario Survival Handbook? When we talk about a business impact analysis, that is basically what it is: a guide of everything that can bring down your business, along with steps for restoration.

 

  • Business impact analysis: exploration and planning
  • Why the BIA is important
  • 7 types of impact you’ll frequently see
  • 7 common ways businesses are disrupted
  • When and how long is the business disruption?
  • Tapping internal intelligence: the BIA questionnaire
  • Putting it in writing: the BIA report
  • Smart hosting protections: SSAE 16 compliance

 

 

Business impact analysis: exploration and planning

Business impact analysis (BIA) is one of those business buzzwords that sounds quite a bit like the TPS reports that were ridiculed (sort of) in Office Space. However, the concept is actually very straightforward; it means just what you would think. A BIA is simply a process to look at the possible results of natural disasters, human errors, and malicious activities on operational elements ranging from credibility to liability, compliance, safety, and finances.

 

A well-strategized business impact analysis doesn’t just pessimistically describe worst-case scenarios, of course. It foretells the effects of an interruption to business continuity and collects knowledge to help create a disaster recovery plan. These two aspects of the BIA are called the exploratory and planning components.

 

During the risk assessment component of the BIA, you should delineate possible forms of loss that can occur internally. Additionally, the analysis should evaluate what the consequences would be if a vendor weren’t timely or otherwise didn’t meet expectations.

 

Why the BIA is important

Boy Scouts will understand right away why you need to conduct a BIA since it’s written right into their motto: “Be prepared.” Why specifically is this preparation wise? There are three primary reasons it makes sense to invest your time and resources in a business impact analysis:

 

#1 – You aren’t improvising when a disaster occurs. During the stress of a business continuity disruption, it isn’t easy to make the most logical, practical and sound decisions. The business impact analysis gives you a rational and straightforward process with which to recover, not just broadly but in the specific scenario the business is experiencing.

 

#2 – You use your recovery funds meaningfully and systematically. Part of a BIA is determining restoration priorities so you can allocate funds and apply effort correctly during a crisis. You also have an estimate of how long each step of the recovery process should take.

 

#3 – You are able to evaluate your vendors appropriately. You want to look deeply at your own system but also the aspects that are handled externally (as with your hosting provider – see below).

 

This type of analysis is essentially a framework that helps you more wisely determine how to spend money and time. “Identifying and evaluating the impact of disasters on business provides the basis for investment in recovery strategies as well as investment in prevention and mitigation strategies,” explained the U.S. Department of Homeland Security.

 

Specific to the provider you choose for hosting infrastructure and other IT services, this process helps you better understand the extent to which a secure, stable, high-performance infrastructure should be a priority. You can assign an appropriate value to a datacenter that is audited to meet the standards of the American Institute of CPAs (AICPA) – via Statement on Standards for Attestation Engagements No. 16 (SSAE 16).

 

7 types of impact you’ll frequently see

 

A BIA should give you a better sense of how your business could potentially malfunction and how money could be lost if a business system goes down or anything else isn’t fully operational. To look at it a bit more broadly, here are seven ways in which companies suffer when infrastructure or other elements become unavailable:

 

  1. Revenue is lost.
  2. Revenue comes in later than expected.
  3. Your operational costs rise (such as having to pay overtime or expedite).
  4. You incur fines for regulatory violations.
  5. You fail to meet bonuses or get penalized for not meeting contractual parameters.
  6. You lose or irritate customers.
  7. Projects you were planning to start don’t get launched on time.

 

To look specifically at the money, expenses related to disasters can be more extensive than you might initially think. One cost for which many companies fail to account properly is reputation management. For instance, your business could reasonably spend four times as much for marketing simply to retain your customers’ trust when your services aren’t working as your users expect.

 

7 common ways businesses are disrupted

 

How might your business be blocked from continuing to operate normally?

  1. Your facilities are damaged.
  2. Equipment becomes broken.
  3. You are unable to access facilities.
  4. Supply chain problems occur, either at the vendor or in transit.
  5. Power or other utilities go down.
  6. Software or hardware malfunctions.
  7. Key staff members are either out or make errors.

 

When and how long is the business disruption?

In terms of negative impact, there’s clearly a vast gulf between a split-second blip in your services and an outage of multiple days. It’s not just about duration, though, but timing as well. For instance, a B2C ecommerce site could miss out on a much larger chunk of annual sales if it were derailed by a distributed denial of service (DDoS) attack on Black Friday than if it had unscheduled downtime at a less pivotal time of year.

 

The business impact analysis covers all possible scenarios – not just the scariest and most far-reaching ones. Certainly it is a top priority to think in terms of those most devastating disruptions, such as your site going down for a full day or a product becoming unavailable for 48 hours when everyone is making their holiday purchases.

 

However, you also want to look at the situations that seem to just be momentary inconveniences – such as an electrical outage of just 5 or 10 minutes. After all, Gartner reports that the average cost of a minute of downtime is $5600 – or more than $300,000 per hour. Your own BIA should reveal how much your costs for downtime and other elements are over certain timeframes.

 

Tapping internal intelligence: the BIA questionnaire

 The business impact analysis is, to a large degree, a fact-finding mission. You want to organize the effort by distributing a standard form, a BIA questionnaire, to leadership and other personnel.

 

You want to get ideas from those who are knowledgeable about each type of business process. “Ask [these individuals] to identify the potential impacts if the business function or process that they are responsible for is interrupted,” said the DHS. Plus, the analysis should detail the key systems that will allow the organization to maintain varying degrees of operation.

 

Putting it in writing: the BIA report

You obviously want to have documentation of this process, and that’s all detailed in the business impact analysis report. It’s especially important (although certainly an imperfect science) to put an estimated dollar figure on every potential situation you can. These numbers are helpful because they give you a better sense how to evaluate the costs of preventive and mitigation services. Plus, you want to list out step-by-step recovery that should occur in the event of disruption, moving from the most to least mission-critical systems.

 

Smart hosting protections: SSAE 16 compliance

As stated in the title of this piece, your BIA should show you how to make the best hosting decisions – meaning that it helps you place a value on stable and secure infrastructure. The SSAE-16 Type II audit is your assurance that Total Server Solutions follows the best practices for keeping your systems running strong. Learn more.

Posted by & filed under List Posts.

A content management system, or CMS, is software that includes a user interface, allowing you to post and edit content on your site. In other words, just as its name sounds, a CMS allows you to manage content in an organized and straightforward setting. Since content has become so incredibly important to online success, these platforms have become very popular.

That’s why the statistics on the use of a CMS are so mind-blowing, as best indicated by the prominence of WordPress (WP), which has been the dominant market leader for years. W3Techs estimates that WordPress is in use by 58.6% of sites that utilize a CMS – meaning that the technology is incorporated into 27.4% of sites worldwide.

How a CMS operates

The CMS is for those who like efficiency, basically. A website is created using databases, which can be rudimentarily understood as massive spreadsheets of information. It would be painful for developers to have to enter the server and make adjustments one by one. To address this pain-point, “groups and individuals have created content management systems to help users communicate easily and efficiently with [their] database using a secure and easy-to-use interface,” explains Josh Medeski of Lifehack.

 

 

How a CMS presents content differently than a book

Bill Powell of Lifewire discusses the presentation of content within a CMS in contrast to the way that a book introduces material.

Typically a book is read from the first page through to the end. A content management system is different because it’s unreasonable to expect someone to move step-by-step through your blog articles and other pages.

There is less need for various pathways to content within a book. Many will contain a table of contents and/or index, but those sections are nonessential.

In the case of a site, the order in which content is consumed will tend to be more random. Therefore, an important feature of a CMS is to provide your audience numerous methods to navigate to useful content.

Specific examples include:

  • Lists of newer articles, along with short summaries
  • Tags and categories that group your content
  • Articles that are related to the current one
  • An Atom or RSS feed to syndicate pieces
  • A date-organized archive, a sort of content timeline.

 

The most popular CMS options

To expand beyond WordPress, let’s briefly review the four most commonly used content management systems, along with their market-share numbers. All of these options are free and open source; people appreciate the nonexistent cost, of course, but may also like the opportunity to help expand and improve these platforms. The four top systems, with usage proportion among sites using CMSs and throughout the Internet, are:

 

WordPress (58.6%; 27.4%)

The statistics on WordPress are astounding, as discussed above. To put that percentage into perspective, it represents almost 75 million websites. How much is 75 million? Well, have you heard of Baby Boomers or Millennials? There are as many websites using WP as there are either of those two groups.

How is WordPress so absurdly popular?

  • Simple installation – Typically hosts make it possible to get WordPress up and running through one-click installation (which isn’t favored by everyone but is helpful for many). Even if you go through a conventional installation process, initially setting it up only takes 5 minutes.
  • Flexibility – WordPress has far more themes and plugins that the other CMS options, notes Robert Mening of WebsiteSetup.org. “Because of it’s widespread popularity,” he says, “more third-party designers and developers will create free (or relatively inexpensive) new WP tools to help you create/start a blog that looks like a high-dollar custom website.”
  • Free – There is no cost. Some plugins and themes are paid, but literally tens of thousands of them are also available for nothing. That means startups and others on a shoestring budget don’t have to second-guess choosing it.
  • Community – When you run into challenges with WordPress, there is an incredibly active support community to help you find a path forward. One of the best places to visit in these situations is the software’s support forum.

Now, obviously, not everyone is using this platform. Why? Part of the reason the framework is simple is that it makes it challenging to overhaul the way it looks. It isn’t easy to make major structural adjustments unless you hire a designer.

Nonetheless, this platform is typically viewed as the go-to option for someone new at websites or who wants to simply set up a blog without any technical challenges.

Drupal (4.8%; 2.2%)

Let’s skip to the third most popular content management option, Drupal. Drupal is a little bit more advanced than WP, but it is also considered by many to be more robust.

Here are its basic strengths:

  • Technical complexity – From a technical standpoint, this CMS is the most sophisticated.
  • Speed – A page within Drupal will generally have a better load time than those within Joomla or WordPress. Essentially, it is more efficient and lightweight, so the strain on infrastructure is reduced (meaning your resource expenses should be minimized – especially if you use high-performance cloud hosting).
  • Flexibility – Like WordPress, the Drupal community has created a broad range of plugins and themes. You can even edit the root files.
  • Free – You incur no direct costs to install and use it.

Drupal is incredibly robust, but you may feel overwhelmed if you feel uncomfortable “looking under the hood” at your site’s code.

Mening recommends having an introductory understanding of standard coding languages such as PHP and HTML. “You don’t need to be an expert necessarily,” he says, “but being able to troubleshoot error messages and identify code problems will be a HUGE benefit.”

Joomla (7.2%; 3.4%)

Now let’s take a look at the 2nd most popular content management system. We’re looking at this one last because it is generally considered to be a middle-ground between WordPress and Drupal.

This option isn’t as technically complex as Drupal is, but it is similarly robust.

Here are basic reasons why so many people choose it:

  • Flexibility – Similarly to the other two major platforms, Joomla can be customized by simply picking out the themes and plugins you want – out of a catalog of more than 6000 of them.
  • Social networking – Many users consider Joomla the best CMS in which to seamlessly create social networks.
  • Commerce-ready – This platform is also probably the fastest and least challenging in which to place an online store.
  • Technically approachable – This option is a good fit for those who find WordPress overly simplistic and Drupal excessively advanced. The majority of people won’t require technical help to create and maintain a Joomla website.
  • Support on-demand – Joomla’s help portal may not be as wide-ranging as the WordPress support forum is, but it is more easily manageable than what Drupal has available.
  • No cost – Like the other two major CMS environments, Joomla doesn’t cost anything to download and use.

People who adopt Joomla appreciate that they can get great user-friendliness while still being able to craft their site relatively freely. “Joomla has brilliantly combined the power and flexibility Drupal has to offer,” Mening comments, “while also retaining the intuitive, user-friendliness that WordPress excels at.”

High-performance CMS hosting

Do you want your CMS to load as fast as possible for your audience? The Total Server Solutions Cloud, with its SolidFire SSD-based SAN storage backend, provides lOPS levels that are unmatched by virtually any other cloud hosting provider. Your cloud starts here.

Posted by & filed under List Posts.

The CentOS 5 End of Life is fast approaching.  If you still use CentOS 5 on your server(s) now is the time to update to a more recent, supported version of this popular OS.  This was posted back in October 2016 but with the impending EOL coming up fast it’s well worth reading again.  If proper support and PCI Compliance are important to you, you need to read this.  We can’t stress enough how important this is!

On March 31, 2017, CentOS 5 will reach its End Of Life (EOL).  At this time, CentOS 5 will no longer receive any further updates.  At the same time, various software vendors such as cPanel, OpenSSL,and Redhat who produce applications which run on CentOS 5 will cease to provide support and updates for their products that are specific to CentOS 5.  

Additionally, server owners who continue utilizing CentOS5 without updating to a new, more current operating system will fall out of PCI Compliance and will no longer be able to accept credit card payments via their sites/servers on their servers running CentOS 5.  

To learn more about current PCI compliance requirements please have a look at this link:  https://www.venafi.com/blog/post/new-pci-dss-v3.1-ssl-tls-requirementsbut-many-arent-compliant-with-pci-dss/

Here are some of the reasons that CentOS 5 based servers will no longer be PCI Compliant:

  • RHEL/CentOS 5 based servers cannot support SNI which is becoming more important as IPv4 address space dwindles.  SNI was unsupported prior to OpenSSL 0.9.8f but RHEL/CentOS 5 shipped with OpenSSL 0.9.8e, meaning that unless you update, you cannot utilize SNI.
  • RHEL/CentOS 5 base servers also can’t support OCSP stapling.  This decreases the latency of the handshake in establishing secure TLS transactions.  OSCP checks certificates for revocation and was not supported prior to OpenSSL 0.9.8g, but, once again, RHEL/CentOS 5 shipped only with OpenSSL 0.9.8e.
  • OpenSSL 1.0.1+ adds support for the AES-NI instructions in Westmere/Sandy Bridge/Ivy Bridge or later CPUs.  This support increases performance of SSL/TLS connections and prevents timing attacks against AES.

We everyone who is running servers with CentOS 5 to update to CentOS 6 or CentOS 7 as soon as possible.  We are making every effort to keep our customers notified of this important update requirement.  Our technical & sales teams stand ready to help you update to a more current, modern OS on your server.  Please take the time to let us help you get up to date and maintain PCI Compliance and more effective security for your content & customers.

More information regarding the CentOS5 EOL can be found at the following places:

https://wiki.centos.org/About/Product

https://blog.cpanel.com/end-of-life-for-centos5/

https://wiki.centos.org/FAQ/General

The TSS Sales and Support team is ready to help you upgrade your OS.

Posted by & filed under List Posts.

In the modern world, everything seems to be in a perpetual state of flux. There is perhaps no field to which this omnipresent change is more central than computing. Here are 11 IT trends and how to be prepared as they transform data centers in 2017.

 

  • Introduction: Information technology comes of age
  • IT trends becoming more prevalent in 2017
  • Innovative and responsive high-performance infrastructure

 

The long-range trends that are reshaping data centers through 2020 – limitless infrastructure, unceasing business needs, and an evolution of control – can sometimes seem beyond challenging. However, IT leaders must be prepared.

 

 

Introduction: Information technology comes of age

It’s impossible to know exactly what will happen in the coming years, but one trend that is impacting business at all levels is the transition from a mechanistic to an informational approach. This transformation has involved an overhaul of policies and procedures, management expectations, internal roles, and company culture.

 

IT is of course not new but is maturing, delivering a major impact to the consumer and business worlds at each phase of its development. Russian-American sociologist Pitirim Sorokin believed that the rise of the “information age” represented a radical cultural revolution that resembles the inception of agriculture or the advent of the scientific era – although more shocking because of its sheer speed.

 

The blisteringly fast increase in knowledge that is so readily acknowledged today was addressed by William Conboy in the 1960s, noted Chris Anderson of Bizmanualz. “Conboy estimated that the amount of knowledge in existence doubled between 1 AD and 1750,” reported Anderson. “Knowledge doubled again by 1900, 1950, 1960, and Conboy projected it to double again by 1963 and beyond.”

 

IT trends becoming more prevalent in 2017

Lists of trends are sometimes not given the credit they deserve. Yes, the Internet does become a bit obsessed with trends. However, genuine analysis of how the industry is evolving is invaluable.

 

For instance, esteemed analyst David Cappuccio listed top trends for IT decision-makers to use in their strategic plans at Gartner Symposium 2016.

 

One thing that is certainly changing is the perspective toward what is possible within a data center. Business leaders increasingly expect internal infrastructure to resemble the expense and scalability of high-performance public cloud.

 

Trends mentioned by Cappuccio include:

 

  1. Data centers aren’t over

The on-premise data center is on the decline. By the end of the decade, 4 out of every 5 workloads will run off-premises, in Cappuccio’s estimation. These workloads are occurring through a patchwork of third-party locations.

 

Hybrid means flexibility but not simplicity, noted Cappuccio. “As workloads move off premise, our lives are not getting easier,” he said.

 

It’s necessary for CIOs and directors to pay close attention to key performance indicators (KPIs), regardless whether systems are on- or off-premise.

 

  1. The fabric is growing

To foster resilience in a data center, disparate assets are peered within a multitenant fabric. Interconnect fabrics now additionally peer sites that are remote.

 

The notion of fabric is to increase availability for better service continuity and, in turn, stronger UX.

 

What encompasses a firm’s IT architecture is, effectively, broadening, noted Cappuccio. Infrastructure “is not just on prem, but [involves] all services provided to customers,” he said, adding that IT succeeds when “services are delivered from the right place, for the right price, from the right platform.”

 

  1. Stop: it’s container time

Let’s face it: containers are too legit to quit. Increasingly popular in development and DevOps, they allow apps to be partitioned as microservices for deployment on virtual or physical servers. It’s up to IT to supply the backend and support for this breakthrough model.

 

Containers are tricky because they are ready-made for scalability, but they are also characterized by impermanence – sometimes only existing for a split-second. Orchestration and automation will be key to managing container workloads.

 

  1. Business drives IT

More and more, heads of business departments are looking beyond the boundaries of their organization for their high-performance infrastructure needs. In fact, Gartner-verified data shows that nearly a third of IT dollars (29%) are spent on off-prem solutions.

 

As the cloud rolls in (leading, of course, to fog computing), IT will gradually transition to a more consultative role in brokering or curating services that better support the immediate needs of business.

 

  1. The service-oriented approach

IT can be viewed as a service provider. To extend the brokering or curation idea, the responsibility of the datacenter is about finding the services that most meet continuity, latency, security, compliance, RTOs (recovery time objectives), and other factors.

 

  1. Waste management

Other research validated by Gartner estimates that ghost servers – which are active but serve an unjustifiable purpose – make up 28% of corporate infrastructure. Similarly, two out of five racks (40%) aren’t fully provisioned.

 

Designation of racks for certain departments is a primary reason for this misuse of resources, explained Cappuccio. “We must put more governance in place to understand what’s running and why,” he said.

 

Here are a seven ways you can limit this form of waste:

 

  • Right-sizing your resources (provision to fit the job)
  • Tagging workload lifecycles for company-wide monitoring
  • Avoiding data egress so pointless copying doesn’t occur
  • Throttling workloads that are underused
  • Evaluating price structures to verify they are logical;
  • Prioritizing open source management programs; and
  • Recycling stranded resources.

 

  1. Expansion of IoT

To understand the emerging scope of the Internet of Things, think twenties: by 2020, 20 billion devices will be online. To understand the security challenge, consider how popular IoT endpoints such as thermostats and webcams are as DDoS botnet slaves.

 

“IT must start thinking about an infrastructure to support IoT,” said Cappuccio. Networking and interoperability are key issues to address.

 

  1. Need for IoT management

Use of the IoT could come with extraordinary IT labor and administrative costs. Think in terms of installation, registration, calibration, testing, maintenance, and eventual disposal.

 

Yes, the IoT bears similarity to other data center needs, such as edge computing or bandwidth improvements, but when you map the future of the IoT, the most shocking trait is its scale.

 

  1. Building on the edge

Don’t look down. The centralized nature of infrastructure is being modified rapidly to better serve the business. Placing workloads in greater proximity to your users – especially in the era of real-time IoT needs – better contributes to high-performance infrastructure.

 

Edge computing or microcomputing sites are powerful in these scenarios. User management, distribution, and synchronization are all fields of knowledge that can help architects prepare.

 

  1. Up-and-coming IT roles

As IT continues to shift and reshape, giving rise to new responsibilities, what once were novel roles are becoming increasingly commonplace.

 

Cappuccio highlighted these six:

  • IOT architect – Processing, networking, and management of your IoT.
  • Cloud sprawl manager – Cost containment for stranded per-use resources.
  • Strategy architect – Refinement in delivering high-performance infrastructure to meet business objectives.
  • Capacity recovery/optimization director – Aligning resources with needs in a parallel function to sprawl managers.
  • Vendor broker – Grasp of available providers’ performance, cost, and SLAs.
  • End-to-end/performance manager – These roles “reflect the growing importance of workload performance and user satisfaction management in the enterprise,” said Stephen J. Bigelow of TechTarget, paraphrasing Cappuccio. “Knowing that each aspect of an application is running well can offer early warning for potential problems, as well as insight for improvement.”

 

Innovative and responsive high-performance infrastructure

 As we look toward how business computing will evolve through and beyond 2020, the focus will be on ramping performance and flexibility through hybrid, on-prem, and off-prem systems.

 

At Total Server Solutions, we provide a performance infrastructure and thoughtfully engineered services that function as a whole. Check out our solutions.

Posted by & filed under List Posts.

E-commerce itself is trending

Yes, the title of this piece is grandiose. However, it may not be an exaggeration. Increasingly, the extent to which a company understands e-commerce is reflected by their success.

Take this statement from Cusha Sherlock of Credit-Suisse: “The e-commerce industry is a force that no investor can afford to ignore.” Also consider this forecast from eMarketer based on the available industry data:

  • 2016 retail e-commerce revenue – $1.915 trillion
  • Expansion will be at or above 10% each year through the end of the decade.
  • Revenue will exceed $4 trillion in 2020.

Now, of course, e-commerce is just a fraction of the global retail market, which totals $22.049 trillion worldwide (and is currently growing at 6.0% annually). However, consider that e-commerce retail is growing at a faster rate than general retail (10 vs. 6), and that it represents an increasingly larger share of the overall figure each year. It’s currently at 7.4% of worldwide retail, and the eMarketer projection estimates it to hit 14.6% in 2020.

The bottom line is that it’s time to pay closer attention to e-commerce to future-proof your business. Let’s look at six top trends:

 

Trend #1 – Smoke-signal analytics

Analytics essentially becomes more sophisticated when it ties in signals related to each different possible avenue a customer can go. That’s the focus of a software such as Kissmetrics, which gives a signal to each source of traffic, tracking users from source to sale (or abandonment, or bounce).

 

Trend #2 – Real-time proposals & engagement

How important is it to interact with customers? Well, it will make you more money.

Gallup describes customers as fitting within three different categories: completely engaged, neutral, and completely disengaged. The pollster’s research reveals that engaged users go to e-commerce sites 44% more than disengaged ones do, and their total purchase is higher (373 USD, compared to 289 USD for a customer that is disengaged).

As businesses realize the importance of engaging visitors in the new year, they will use strategies such as these to do so:

  • Incorporating customer stories into the blog
  • Replying to customer concerns through video or a short piece
  • Sending e-mail newsletters with exclusive loyalty-based discounts
  • Consistently posting helpful information to social and on-site.

Businesses will review and potentially upgrade their adoption of live help desk platforms, advised Michael Lazar of Engadget. “This solution actively engages customers and allows them to ask questions via an online chat system, social media, phone, message and more,” he said. “Tickets are created that the customer support team can respond to in real-time.”

Why do you want to adoption an in-the-moment solution to serve prospects? If you think people like to do it by themselves online, well, that’s not the case: according to a six-nation survey of 5700 digital shoppers, 87% want support at some point during their buying journey.

 

Trend #3 – The money in omnichannel

There are many reasons why people have hesitated to buy products on their cell phones and tablets: the desire to use a bigger screen; concerns over privacy and security; difficulty with the vendor’s app or mobile site; etc.

However, the world has gone increasingly mobile in the past five years. It should be a shock to those who think of the Internet as fundamentally a network of personal computers that recent research revealed 56% of visitors to top sites are on a mobile device.

People still don’t want to use their smartphone or their iPad to buy, though. Robert Allen of Smart Insights described the findings of a study from 2016: “[A]lthough mobile (phone and tablet) accounted for 59% of all sessions by device on eCommerce sites, these mobile browsers made up just 38% of revenue,” he said. “Desktop was still dominating for conversion even though mobile browsing is the norm for research.”

The important thing to realize about your company is that its connection to customers is holistic rather than truly broken up into different channels. That’s the basic guidance behind the notion of the all-inclusive, omnichannel sales approach. After all, the study above also discovered that when a large portion of a company’s traffic is mobile, it comprehensively achieves better conversion. The user is checking out your product on their phone before they open their laptop or go to their desktop and buy. In other words, mobile users are buyers and should not be undervalued.

 

Trend #4 – The encroaching singularity

You may know of best-selling author Ray Kurzweil, whose concept of the singularity suggests that artificial intelligence will suddenly generate rampant and rapid-fire growth in technology, bringing about systemic social alterations.

Well, artificial intelligence is indeed growing. Kit Smith of social media monitoring firm Brandwatch noted that AI digital-assistant tools such as Google’s Assistant, Microsoft’s Cortana, Apple’s Siri, and Amazon’s Alexa are changing the playing field for online sales. “This will impact E-commerce as the beginning stage of the research process may be increasingly conducted by chatting to a personal assistant,” he said. “Ecommerce brands will need to keep an eye on how these developments change the buyer journey and adapt.”

 

Trend #5 – Subscription fever

The rise of cloud-based SaaS programs has popularized and proven the subscription model for all e-commerce parties. It means consumers aren’t required to commit as many funds upfront and that companies are able to keep bringing in revenue over time.

No one said that subscriptions had to only be for technology, though. Some e-commerce companies have been popping up that embrace subscription purchasing of physical products, explained Allen. “Founded just five years ago in 2011, the dollar shave club, a prime example of a subscription-based eCommerce site, is now worth an incredible $615 Million dollars!” he said. “From nothing to $615 million dollars in five years. Just selling razors.”

 

Trend #6 – Chatbot mania

Get ready everyone: the Internet is getting ready to enter an era of chatbot mania. Because the chatbot is not just any bot. To be serious, this marketing sidekick is a critical one that could be described as introductory in 2016 and emergent in 2017.

Chatbots are not a completely new idea, but they became a trend because of their rising adoption – making them deserve attention from marketing influencers and executives.

Julia Carrie Wong wrote a great article for The Guardian on chatbots in April 2016. It talks about how these new non-human AI virtual assistants emulate sales and service interactions.

The sort of case study Wong uses to express the increased focus on chatbots is the Kik Bot Shop – a spinoff of the messaging app Kik.

The service, presented in Fortune as a sort of app store for bots, started in April with 16 bots from brands such as Funny or Die, Vine, the Weather Channel, and H&M. The platform was open, so anyone could develop one for it (assuming they follow Kik’s ban on “adult” content).

“Without a chat bot, a user might direct his browser to weather.com, then type in their zip code to get the forecast,” explained Wong. “With the Kik’s Weather Channel bot, a user can send a chat asking for ‘Current Conditions’ or a ‘3-Day Forecast’ and the bot will reply with your answer.”

How big are bots? There were more than 20,000 bots on Kik by August 3, just four months after the platform’s creation.

*****

Hopefully the above trends give you a better idea of how e-commerce is growing and changing. As you consider the ways the field is changing, remember that web hosting is a fundamental tool that can deliver the high-performance customer experience to propel your growth.

At Total Server Solutions, we support all of the top shopping cart applications, and we also offer merchant accounts so you can sell and accept payments quickly and easily. Get started now.

Posted by & filed under List Posts.

Do you want to be trendy with your content management system (CMS)? Well, you might not. But you certainly want to know how the playing field is changing. Here are the top emerging WordPress trends for 2017, in terms of strategies you can take with your own installation of the CMS.

 

A new year is important on a business level. Holiday bonuses mark the end of a successful, profitable year, for instance. More similarly to personal resolutions, though, are the many trends list that are released for virtually every segment of the economy. Essentially, looking over these trends, businesses can consider how their market is changing and think, “What are our resolutions this year?”

 

 

#1. Customize thy design.

Everyone wants to use a set of standardized, trusted tools – but, at the same time, stand out and express their own unique vision.

With that in mind, consider the impressive data from W3Techs Web Technology Surveys: “WordPress is used by 58.5% of all the websites whose content management system we know,” reported the service in December 2016. “This is 27.2% of all websites.”

In other words, WordPress is incredibly popular. Nonetheless, competitive advantage in business is fundamentally about differentiation. As more and more people move to WordPress, because of its popularity, people on WordPress will want to modify their sites. JavaScript, HTML5, and other markup/coding languages will be used for customization.

 

#2. Scroll to the future.

Scrolling became more predominant in 2016 because of increased mobile use. Scrolling is more necessary on smartphone screens that have less space to display information. Incredibly, it seems that from getting used to scrolling on smartphones, people became more likely to scroll on their desktops.

“The return of the scroll as an accepted user pattern provides more flexibility in the design and gives you more chances to interact with each visitor,” noted Carrie Cousins of design tutorial publication Design Bombs. “Think of all the opportunities to play games, include scrolling features (parallax!) and develop other creative ways to tell your story.”

Cousins added to deeply ponder UX when you are thinking about putting together a long-scroll WordPress page. Make sure that you prefer scrolling to clicking as the way to access content.

 

#3. Abide by SSL Everywhere.

Google wants SSL across the Internet. Although SSL certificates are far from perfect, Google seems them as (of course) a major improvement over an unencrypted site.

Roshan Perera of theme site Theme Junkie noted that the search giant now views sites lacking HTTPS protocol (generated automatically by SSL) as unsafe: “Starting 2017, HTTPS will be mandatory for all websites, including WordPress powered websites,” he said. “If you’re building a new WordPress site in 2017, you better Implement HTTPS for your WordPress site from the very beginning.”

 

#4. Leave behind desktop-first design.

It’s become increasingly clear over the last few years how important it is to cater to mobile users through strategies such as mobile ads and responsive design (the latter of which alters the way the site populates to harmonize with the user’s device). In fact, there are now more smartphones and tablets accessing the Web than desktop computers: StatCounter’s analysis for October 2016 found that mobile devices represent 51.26% of access, while desktop represents 48.74% — the first time desktop has ever been outdone.

Google is actually now prioritizing any sites, WordPress and otherwise, that take a mobile-first approach. The extent to which the data the search engine uses to rank your site will rely on mobile is a bit shocking. “Although our search index will continue to be a single index of websites and apps,” Google announced in November 2016, “our algorithms will eventually primarily use the mobile version of a site’s content to rank pages from that site, to understand structured data, and to show snippets from those pages in our results.”

 

#5. Ride the wave of parallax.

There’s a design technique called parallax (noted by Cousins in tip #2 above, and used by astronomers) that means you are essentially implementing various backgrounds, moving at different speeds, in order to create the illusion of 3D.

Say what? Here are more than two dozen examples of parallax in action, as featured by Awwwards.

 

#6. Get in on the typographic revolution.

Similar to the general trend toward customization mentioned above (tip #1), owners and managers of WordPress sites want text that stands out and captivates prospects. Developers can get creative with fonts using Google or Adobe’s font-creation apps, advised Review Squirrel, after which the finished products can be imported into WordPress.

 

#7. Embrace UI elements in a container format

Cards and other standard container elements are well-suited to mobile-friendly responsive design. Cards are great for intelligently storing data, with a single element in each container. Every box is a CTA, in a sense, asking that the site viewer put in their email, click a video, or purchase something.

Note: Cards can be modified for better compatibility with whatever design you want.

 

#8. Show, don’t tell.

Video has become less optional and more fundamental, with 2016 potentially serving as a tipping point. Yes, perhaps viewers have become hungrier for motion pictures of whatever sort over time, but the ramp-up in video is more about more efficient server technology, HD screens, and faster high-speed Internet.

Be careful with your video creation, noted Cousins. “Users demand high-quality action that tells a story,” she said. “From short snippets to more cinematographic-scale production, users will only pause to watch a video that’s good.”

Specific formats you could try, based on their effectiveness for other companies, are a short loop highlighting an item you’re selling or a more highly produced infotainment piece. Pro tip: Be sure to incorporate closed captioning.

 

#9. Review and adopt SaaS WordPress plugins.

The Internet has a fever, and the only prescription is more cloud computing! Now, keep in mind, storing your site on a cloud server for affordable high performance – IaaS (infrastructure as a service) – is just one way this virtualized model is being used for WordPress, with plugins aggressively switching to the SaaS (software as a service) model.

Perera commented that some in the open source crowd don’t like this SaaS plugin trend; however, it does create a market for strong WP tools such as OptinMonster and SumoMe.

 

#10. Set up your WordPress lemonade stand.

Review Squirrel noted that trusted ecommerce platforms are being integrated into WordPress sites as a standard expectation.

In this way, WP is increasingly becoming an environment through which people can more quickly and effectively make cash for their businesses.

 

#11. Tiny is huge.

Shift your business to the cutting edge of Web appearance with miniature logos and micro-designs that take a cue from watch design.

This trend is a step in the reverse direction from previous efforts to optimize for mobile by increasing scale of visuals on the site, Cousins advised. “The best part of this concept is that every design element must be created with intent and purpose,” she said. “There’s no place for elements that don’t help the user reach a goal.”

*****

Do you want to keep up with the changing WordPress landscape? As indicated above (tip #9), the first step is to supercharge your WordPress power with a high-performance, painstakingly maintained IaaS infrastructure. At Total Server Solutions, we believe that a cloud based solution should be scalable, reliable, fast, and easy to use. Get started.

 

Posted by & filed under List Posts.

Total Server Solutions is a class-leading provider of high performance infrastructure and enterprise solutions. We are currently seeking outstanding candidates to work as part of our Atlanta based development team. We have an opening for a Cloud Operations Developer to work with a team to rapidly develop and deploy microservice applications. The ideal candidate should have experience with configuration management, an understanding of current coding architecture, and be able to translate high-level requirements into a working product. Total Server Solutions places a high value on candidates who possess initiative, work well within a team environment, and handle pressure with grace. Importantly, candidates need to demonstrate an ability to ship code rapidly, meet deadlines, and manage time effectively.

Responsibilities
The successful candidate will be responsible for working as part of our development team to help build PAAS products, as well as working to enhance the fitness of our internal systems and APIs. Your primary role would be a full stack developer. However, we are interested in someone who doesn’t mind wearing a DevOps hat when necessary to bring together internal components for Continuous Integration / development pipeline maintenance, or for configuration management purposes both internally, and for customer-facing services.

  • Collaborate with a project manager and other developers to define and implement solutions for applications.
  • Present and defend solutions and milestones to peers.
  • Act as “go to” with firm knowledge of best practices and industry standards.
  • Initiate, suggest, and take charge of major sections of new and existing projects.
  • Conduct research and evaluate user feedback.
  • Maintain deployed applications and perform periodic code audits.
  • Work to improve performance and security of any internally developed systems.
  • Work with staff and customers to better understand how our applications can be improved.

Requirements

  • Experience working on an agile / RAD team.
  • Experience with popular design patterns specifically MVC.
  • Business-driven project mentality to meet deadlines and produce code.
  • Experience with configuration management.
  • Experience working in a linux environment.

Software / Programming Languages
Programming Languages

  • Python
  • PHP 7
  • Software
  • GIT

Additional Experience (not required, but a huge plus)

  • Computer Science degree
  • Programming Languages
  • Golang
  • Software Packages
  • Docker
  • Mesos / Kubernetes / Terraform / etc.
  • Saltstack / Ansible / Puppet / Chef / etc.
  • Jenkins
  • Confluence / JIRA
  • Amazon Web Services

*This position is available within Atlanta only. Telecommuting is NOT possible with this position and relocation assistance is not available.

If you have what it takes, please send a resume to careers@totalserversolutions.com with the subject set to “Cloud Operations Developer.”

 

If you have what it takes, please send your resume & cover letter to careers@totalserversolutions.com with the subject heading of “Cloud Operations Developer.”  That is the ONLY way we will see your resume with regards to this career post.

Posted by & filed under List Posts.

What are the top trends for cloud in 2017? Let’s look at the most critical ideas from thought-leaders in IT research and journalism.

 

At the turn of the year, people commonly have a tendency to take stock of the situation. Personally, people write New Year’s resolutions on losing weight, quitting smoking, and other aspects of self-improvement. In business, we think about how our industry and the markets that support it might be changing.

 

In that spirit, let’s look at cloud computing trends – in brief and more exhaustively.

 

 

Short-list of 2017 cloud trends

 

Containers, lift-and-shift, and SaaS specialization are trends that Forrester considers key to the field for 2017. But the big news is increasing adoption among the largest firms. “The No. 1 trend is here come the enterprises,” explained Forrester’s lead author, Dave Bartoletti. “Enterprises with big budgets, data centers and complex applications are now looking at cloud as a viable place to run core business applications.”

 

Here are 10 additional trends that the research group announced as the most important for the New Year:

2.  There will be increasingly diverse options beyond the megaclouds.

3.  Cloud service providers (CSPs) will start to include higher security for a more turnkey product.

4.  Buyers will lower their costs with cloud more extensively than through pay-per-use.

5.  Lift-and-shift functionality will become more sophisticated, streamlining cloud migration.

6.  Networking will continue to be the most vulnerable piece of hybrid cloud.

7.  Companies will become less interested in expensive and complicated private cloud platforms.

8.  SaaS will become further specialized to better fit different sectors and geographical locations.

9.  Chinese companies will emerge as major players in worldwide cloud development.

10.  Hyper-convergence will improve the viability of private clouds.

11.  The proliferation of container storage will cause disruption in cloud management.

 

Expansion of short-list + 4 bonus cloud trends

For a better understanding of how the cloud computing industry is getting ready to change in the New Year, let’s take a deep-dive into a few Forrester trends (parallel to the items bolded in the list above). Then we’ll expand those ideas with a few additional projections from Information Age.

 

Small rises with megacloud (#2 above)

In an effort to save time and money, IT heads who previously elected to create a private cloud will find themselves warming to public environments.

 

Capital One is one of the big-name players to early-adopt public cloud. “We recognized that we were spending a lot of time, energy, effort and management bandwidth to create infrastructure that already exists out there in a much better state and is evolving at a furious pace,” said Rob Alexander, the bank’s CIO.

 

The statistics are with Alexander. Anyone familiar with IT growth projections can tell you that public cloud is skyrocketing. An $87 billion market in 2015, it is expected to exceed $146 billion in the New Year. Currently, Forrester clocks the cloud, as an expanding economy, at 22 percent CAGR.

 

Beyond comparison of cost and focus on support, this speed is simply too rapid to allow the megacloud providers to meet every business’s needs. Smaller and regional IaaS providers will become bigger business in 2017, said Bartoletti – who recommends being open-minded and embracing the implementation of multi-cloud.

 

Better control of cloud expenses (#4 above)

Cloud can be a more affordable choice, but there are unforeseen expenses. Specifically, management can be tricky with a complex multi-cloud. Also, many companies keep public cloud running on Saturdays and Sundays, when they aren’t being used.

 

During the New Year, CIOs will improve in their ability to keep cloud costs down. Bartoletti noted, “There’s no reason in 2017 for your cloud costs to grow out of control.” He gave the example of a software firm that cut its cloud cost by 12% (reduced from $2.5M to $2.2M) simply through monitoring use.

 

Lift-and-shift cloudification (#5 above)

 

Companies will find value with lift-and-shift tools, using them to prepare apps for migration – rather than placing legacy apps in the cloud or manually rewriting the code.

 

You put your code in there (#11 above)

 Containers allow you to manage code, especially in the case of cloud apps. Linux containers are becoming more commonplace. Containers require a thorough review and reshaping of security, networking, storage, and monitoring. Bartoletti said businesses will look at positives and negatives of setting up their own private PaaS in contrast to using a managed public cloud platform.

 

Enterprises embrace cloud (#1 above)

IT decision-makers are increasingly opting to host key apps in public cloud. “Enterprises are turning great ideas into software and insights faster,” said Bartoletti, “and the cloud is the best place to get quick insights out of enterprise data.”

 

Trend #12 – Building the cloud

Designing cloud architecture and aligning yourself with best practices for cloud migration both require a new skill-set beyond the ability to design primary on-premises infrastructure.

 

In a public cloud setting, companies aren’t able to adjust configurations to meet the specifications of their service or app. Rather, they are given a standardized toolset that requires integration, noted Information Age editorial director Ben Rossi.

 

“It’s the difference between cooking for yourself from raw ingredients,” he said, “and ordering in a restaurant where the chef has set the menu and you choose the meal, associated ambience and service quality to suit your budget.”

 

Businesses will refine their grasp of cloud architecture so that migrations are easy, seamless, and problem-free.

 

Trend #13 – The dynamic multi-cloud

The world of cloud is not just about combining different services but using them dynamically. Currently, most workloads are put in place with a single provider. In 2017, dynamically shifting from one CSP to another will more frequently become a way firms assess various options.

 

With that in mind, Rossi noted that wise companies will be building cloud services so that they are easily customizable to various platforms and infrastructures – facilitating easier moves between providers without disrupting your services.

 

Trend #14 – Transparent source

Open source is becoming the standard in cloud. You get access to a toolset that allows you to host and manage cloud via a disparate but helpful support network. The OS basis means you are able to get a relatively full-featured cloud system for free – paying primarily for the resources.

 

Trend #15 – Security and auditing safeguards

Shifting your systems to the cloud can feel like an effort to push security best-practices responsibility to another party. It is true that stronger CSP security oversight will be typical (#3 above).

 

However, it’s still critically important to verify that the CSP has a commitment to data security. Furthermore, it’s wise to audit the firm so you know that guaranteed precautions are active.

 

Companies will become better able to determine which suppliers they want to use, and they will look for ways to verify their infrastructure. Firms will also be more careful in reviewing policies for data security and governance.

 

“This will become ever more important in the light of the forthcoming GDPR regulations,” said Rossi, “and a written definition of all the data security policies and procedures will be required by the regulator when they conduct an audit.”

 

*****

As you can see, public cloud is growing and evolving rapidly. In this expanding field, you want a provider that deserves your business and can fuel your growth.

 

At Total Server Solutions, we are SSAE-16 Type II audited, and SSD lets us provide you with the guaranteed levels of performance that you demand. Order your cloud.

Posted by & filed under List Posts.

*** Breaking SSL Security News ***

Yes, major hacks of huge enterprises are disconcerting and deserve attention. But what’s perhaps even more distressing is an Internet-wide trend of security best-practices neglect. Consider this: an eye-popping 35% of websites are using an SSL certificate with the outdated, proven-unsafe Secure Hashing Algorithm 1 (SHA-1) algorithm. That’s a total of 61 million websites.

 

  • More than 1/3 of websites use a bad cert
  • Should you be very afraid of SHA-1?
  • Must-know info on the various SHA types
  • Why are we hitting the SHA-2 migration PANIC-BUTTON?

 

TSS

 

It’s easy for people to point fingers when it comes to Internet security. After all, like a FAIL video, it provides a sort of dark entertainment to look at the very public embarrassments of large enterprises and others that have been hacked. From Sony to Target, from Home Depot to the US State Department to worldwide financial institutions, breaches in security have become so commonplace that people often forget their incredible cost, in terms of loss of business (think Sony being thrown almost completely off the Internet) and loss of reputation (think Anthem, which states on its homepage, “Anthem is a trusted health insurance plan provider” – well, maybe).

 

The focus on these huge companies makes us forget the extent to which all companies are at risk, including simple blogs, startups, and other SMBs. Let’s look at a specific way that websites are making their users’ data vulnerable, making it clear how critical SSL upgrading today really is.

 

More than 1/3 of websites use a bad cert

Amazingly, a study by cryptographic key protection firm Venafi reveals that 35 percent of sites globally continue to use a no-longer-secure Secure Hashing Algorithm 1 (SHA-1) SSL certificate. That’s true even though major browser companies – including Apple, Google, Mozilla, and Microsoft – stated that they would not support these certs starting in February 2017.

 

What exactly does that mean? Well, first, it should be understood that February 2017 is not a deadline to change these certificates. The deadline is today – SHA-1 is no longer secure.

 

However, just for further motivation, these are the typical messages and signs a user will see (with variations dependent on browser) when SHA-1 is officially no longer supported – as indicated by Help Net Security on November 21, 2016:

 

  • Crossed out lock icon and https (in address bar);
  • “Privacy error”;
  • “Your connection is not private”;
  • “Attackers might be trying to steal your information from Your Site in Bold (for example, passwords, messages, or credit cards).”

 

All of these warnings are traffic disruptions, which translates into a threat to your profits. When users see warnings like these, they will go to a competitor. They won’t see the comforting and recognizable padlock. In fact, the site could even become inaccessible.

 

Should you be very afraid of SHA-1?

Now, really, if you do think you might still have an SHA-1 SSL cert in place, it should motivate you that your site is currently not considered secure and that changing the cert to an affordable, easy-to-install SHA-2 cert is urgent and follows best-practices. However, it should further motivate you that you’ll be advertised by your users’ own software (the browser) that your site is no longer secure.

 

Regardless of whether you are convinced this SSL switcheroo is necessary, the end result, since not everyone will be informed, is problems. SHA-1-retaining sites will suffer huge hits to user experience (UX) and ballooning of support calls, along with potentially substantial losses in revenue and credibility.

 

Venafi’s cloud services manager Walter Goulet noted that the big, high-traffic sites have left for the security New World of SHA-2, but many sites are still using SHA-1. “According to Netcraft’s September 2016 Web Server Survey, there are over 173 million active websites on the Internet,” he said. “Extrapolating from our results, as many as 61 million websites may still be using SHA-1 certificates.”

 

That’s the exposure, but what’s the specific threat? Hackers can potentially crack Secure Hashing Algorithm 1, rendering it useless – in other words, open access to data. Gordon E. Moore’s theory on the speed of data growth, Moore’s Law, says that overall processing power for computers will double every two years. Electronic Frontier Foundation Board Member Bruce Schneier has framed this issue in terms of dollars on his blog:

  • It takes 2^74 processing cycles to hack the SHA-1 algorithm with the strongest tools available. Those cycles can be converted into time.
  • The approximate cost would be $2.77 million to use public cloud to brute-force-attack SHA-1. That’s not really a lot, depending on the target – and the number is falling fast.
  • The expectation is that it could cost just $43,000 to run a hack of SHA-1 by 2021. Even at that point, to just methodically run through the numbers for a successful hack, it would take 7 years.
  • While seven years may seem like a mini-eternity (well, it’s half a dog’s life), the issue is one of scale. Stronger, better-future-proofed algorithms such as SHA-2, SHA-3, and AES256 can take centuries or millennia to hack. A cackling evildoer might put together a slave botnet of computing power that would help him/her run that algorithm much more quickly, perhaps in less than a month for the right price. “That is precisely what the American NSA, the British GCHQ, and the Chinese military are doing now,” advised PCrisk on November 21, 2016. “Hence there is some risk.”

 

Must-know info on the various SHA types

 

Secure Hashing Algorithm 1 (SHA-1) is an encryption algorithm – in other words, a set of steps a computer takes to scramble and thus conceal information. It encrypts data going in and out of a site that’s enabled for HTTPS protocol by an SSL certificate.

 

So far, so good, right? Well, SHA-1 means well. However, it has known vulnerabilities. SHA-2 and SHA-3 are taking its place. As indicated above, SHA-1 will no longer be accepted by major browsers from February 2017 forward; and it is not currently considered to abide by security best-practices today – accelerating the drive to next-gen SHA-2 SSL certificates.

 

The fact is that this transition away from SHA-1 has been a long time coming but never completely caught on. Part of the difficulty with upgrading was that SHA-1 was the most commonly used hash, until recently lacking support by a vast range of devices and software. In fact, the NSA-devised SHA-1 hash is more than two decades old, first issued as a standard by the federal government in 1995.

 

SHA-2 is not exactly brand-new. It became the hashing standard all the way back in 2002. To understand the improved complexity of SHA-2, it’s actually sometimes considered a family of hashes because of its various bit sizes – especially 224, 256, 384, and 512. So, SHA-2 is not a set number of bits, explained security architect Roger A. Grimes in InfoWorld, but the overwhelming majority of certs in this category have a 256-bit type. “Although SHA-2 is constantly attacked and minor weaknesses are noted, in crypto-speak, it’s considered ‘strong,’” he said. “Without question, it’s way better than SHA-1, which experts believe will be fallible in the near term.”

 

Why are we hitting the SHA-2 migration PANIC-BUTTON?

Grimes was a bellwether for moving to SHA-2 back in January 2015. He said at the time that the challenge of migrating to the new hash would be figuring out which devices and programs work with it. To jumpstart this process, create an inventory of all devices, operating systems, and apps that must support SHA-2. Test that a system does work. Don’t assume that vendor attestations will be accurate.

 

“Upgrading your applications and devices will not be trivial and probably take longer than you think,” said Grimes. “Migrating from SHA-1 to SHA-2 isn’t hard technically, but it’s a massive logistical change with tons of repercussions and requires lots of testing.” Your internal public key infrastructure (PKI) should be updated to support SHA-2 also.

 

***

Are you concerned about the topics discussed in this article? At Total Server Solutions, we offer premium, name brand certificates from market leader Symantec. Upgrade today to SHA-2 SSL.