14 Reasons Your Hosting Service No Longer Deserves Your Business

Posted by & filed under List Posts.

As an industry, hosting is entering an era of faster expansion. One of the primary areas is cloud hosting. The Internet of Things (IoT), which typically utilizes cloud hosting, is the clearest core reason behind cloud growth forecasts.


It is easy to get frustrated with a hosting service. Businesses have only become increasingly dependent on the reliability and support of their online presence, and of the systems that back their internal and external functions. The hosting industry is a highly competitive market. In this climate, you have the right to excellent customer service – with fast action to solve your problems. In other words, your support should be conducted very quickly, without having to wait around for answers.


Regardless of consolidation that is happening within the hosting industry, there is still a wide variety of hosting services from which to choose. When your host is not impressive in its support or otherwise, it is time to switch to one that treats you with respect.


That said, no one wants to get hasty and make a mistake in what is certainly a complicated and important decision. After all, you will need this organization to have a strong service level agreement (SLA) and to deliver on it – and for its support staff to be highly available and highly competent.


This two-part series covers the following topics:


  • 14 ways bad hosting hurts your business
  • Cloud & IoT will cause web hosting to soar
  • How to recognize a great hosting company


14 ways bad hosting hurts your business


Here are a few ways that web hosting can be negative for your organization, as summarized by WPBeginner and entrepreneurship writer Debra Carpenter:


#1 – They hurt your visibility. A poor web host will hurt your search ranking. How? Well, page speed is a ranking factor. In other words, your search rankings will be impacted by the performance of your server; if a web host does not deliver a high level of service (basically keep the system up and running strong), that effectively works against the search engine optimization (SEO) that is so critical to your exposure.


#2 – You could suffer downtime. If you have a poor hosting company, you could experience a great amount of downtime. Your site could experience substantial latency (the gap between the request for a data transfer and the time that it is sent). If your host is either slow (i.e. you, and your customers, experience high latency) or has that high downtime (i.e., has poor uptime), it is time to switch to a different company.


#3 – You lose traffic. The average amount of time a person would wait for a page to load before abandoning it was 6-10 seconds, according to research from behavioral analytics firm Kissmetrics. In other words, your potential customers do not typically have very much patience. You must get them what they need quickly.


#4 – Customers become unsure about buying. If your infrastructure is not serving your site well (as would be the case with poor hosting, since you are basically using their physical data center equipment as your infrastructure), many customers will be driven away. A consumer will become uncomfortable with your site if it is unresponsive, especially if they are not too familiar with your brand.


#5 – Spikes in traffic are wasted. You might have a huge surge in traffic at a certain point, such as when you are offering a promotion, are running a series of ads, or have just posted a blog article that is getting attention. While that scenario sounds great, it can be frustrating if your hosting company is not able to maintain high performance. If the spike in traffic results in longer load times or crashes the site, you will not be able to turn that greater traffic volume into revenue.


#6 – It hurts your brand trust. Customers expect to be able to use your site and its tools. If anything is not functioning properly, they will often then pass judgment on the quality of your products or services. They may also think that your message, expressed through your content, is no longer credible.


#7 – You get bad customer service. Web hosting companies will always have some people who don’t like them, noted WPBeginner, adding that “only the [angriest] users leave web hosting reviews.” That is true to a point. Even if there are a few upset customers, you should still see great support and service described repeatedly as you look through individual customer perspectives.


#8 – Your company is unable to grow as fast. Failing at reliability or availability, resulting in corruption or slow load times, is a common experience for people who are with poor web hosts. When your site is unavailable or very slow, or when your systems cannot produce reliable responses, you will lose sales and newer customers who assume that the poor performance is typical for you.


#9 – You can end up with poor data security. Attackers could start pummeling or surgically invading your site at any point. However, a strong host will be able to stop many of them, as well as identify and mitigate them if they do enter your system. Check the security policies of the company and the extent to which the safety of your data seems to be prioritized. To know you can respond and adapt quickly, again, be certain that support is available and has a high degree of expertise. You also want to know that they back up your information sufficiently. You should feel comfortable with the SLA and its terms, as well as any other policies, if your data is ever breached.


#10 – Your site gets suspended. A hosting provider will generally shut down sites that breach their policies, which include the right to shut down accounts doing anything illegal. Some hosting services, though, may suspend you for actions you did not take or that you believe are legal and do not actually violate the agreement. If that is the case, you should certainly speak with another hosting provider.


#11 – Your site stops working as a sales tool. Your site is effectively a salesperson. Since that is the case, you want it to look right and to perform predictably. Basically, your site demonstrates the entire dynamic – not just the language but the appearance and consistency with which you approach the customer. Regardless of the design of your site and its data assets, it ultimately has to run well. If your site is, in a way, your top salesperson, then bad hosting can make your salesperson poor – not responding quickly enough to allow the customer to feel respected.


#12 – You keep getting “Error Establishing Database Connections” in WordPress. You may have a plugin that is not working properly, or your account has become too busy for a plan with a set limit of resources. Whatever the situation, your hosting provider’s ability and willingness to help you solve this problem should be a gauge. If they cannot or will not help you solve this issue, you need to go elsewhere.


Part 2 of this two-part series will be linked here when it posts on Tuesday, February 27.


Taking action


Is your hosting service not living up to your expectations? In such a competitive market, you deserve a relationship that is founded on trust, respect, and follow-through. At Total Server Solutions, when you become our customer, you can trust that all our decisions are driven by our relentless desire to help you succeed. See our mission and philosophy.

image of data center diversity and isolation for security

Posted by & filed under List Posts.

The nonprofit Identity Theft Resource Center keeps an ongoing record of incidents involving data compromise. The information is gathered from government agency releases and articles in the press. This effort started on January 1, 2005. Between that point and February 7, 2018, the organization has logged more than 8600 breaches, with a staggering 1.07 billion records exposed. Clearly, securing a data center is a top priority.


Elements of a secure data center


Core elements that you need for data center security are:


Uninterruptible power supplies (UPS) – Backup generators and UPS systems allow you to keep your infrastructure up and running when you have a power outage – important (for one thing) so that you maintain the uptime listed in your service level agreement (SLA) with customers.


Environmental controls – Cooling is essential to data centers: if you have too much heat, your hardware will be more likely to become defective and will need to be replaced more frequently. Servers create an enormous amount of heat, so they are essentially a threat to themselves. Environmental controls keep them cool and safe. Fire suppression is another control that is needed.


Security systems – You want to have a wide range of security technologies and protocols. In terms of basic access controls, you want protections such as the somewhat awkwardly named mantraps (small rooms to isolate individuals at entry), multi-factor ID authentication, surveillance platforms, cage locks, and biometric systems. Here are four core aspects to include:


  • Surveillance: Internally, metal detectors let you know if any equipment is leaving without authorization. Externally, cameras allow you to look for unusual activity. Overall, you have a video record if there is a breach.


  • Security guards: Often organizations will employ full-time security guards to protect their data centers. These individuals can secure both the inside and outside of the building. An organization could allow these professionals to carry firearms (as some companies do) or not.


  • Single-purpose facility: A critical feature of a secure data center is that it is single-purpose rather than multipurpose. Multipurpose means that there are personnel at the facility, typically in connected offices, that are not involved in running the data center. When a data center is truly secure, it will be built in a location and designed in a manner that reflects that purpose. A purpose-built data center will be set off from roadways (in part a cushion for visibility) and have crash-proof barriers installed.


  • Access controls: You should have numerous access controls in place. Control mechanisms and protocols may include electronic access cards and biometric systems. Mantraps are typically part of the layout to stop tailgating (an unauthorized person getting into the building by trailing directly behind an authorized person). Scales are used to measure people and determine if their weight has changed since entry (in which case they might be attempting to steal hardware).


Steps to improve the security of a data center


Beyond implementation of the above elements, here are a few rather straightforward steps you can take to improve protection within any data center:


Step 1 – Phase out legacy equipment.


Both your security stance and your ability to deliver services efficiently will be negatively affected by the use of legacy hardware. Aging servers and networking components must be maintained for protection (through updates/patches) but often are not. While an older machine may seem worthwhile to keep because it is functional, it actually is a threat to the business because it is an exploitable attack vector – so while the system may function in isolation, it could lead to dysfunction for the entire business. As an indication of that vulnerability, Bill Kleyman noted for data center cooling firm Upsite, “I’ve seen both security incidents as well as data center failures happen because of older gear.”


Since aging equipment is such a major issue for the health of your infrastructure, be vigilant about understanding what hardware is currently within your data center. Check any remote facilities where you house hardware. Check for technological artifacts in your closets. Any legacy components that you do own should be fully updated; if you realize the hardware is past its prime, it should be sold, recycled, or discarded. Efficiency will be upgraded alongside your security when you take this step.


Step 2 – Consider best-in-class monitoring solutions an investment.


You will be able to integrate two key concerns, data center facility management and information technology (IT) management, with a data center infrastructure management (DCIM) system. In other words, it is critical to go beyond the computers to encompass the entire built environment – monitoring secure locations and the locks on cages and doors, for instance. This approach is very important not just for the nefarious purposes of doing damage to the system or injecting it with malware, but also to avoid theft of servers.


While DCIM will give you a great sense of ongoing performance (and any threats to reliability and availability), you will also be able to see if a cage was not secured after use, along with the person who entered the area most recently. Environmental monitoring (such as checking the temperature) is also essential to the health of the equipment. A DCIM solution will allow you to check all these elements. Similarly to legacy removal, you will better secure yourself while experiencing efficiency and sustainability gains.


Step 3 – Create your data center using your workloads as a basis.


You may think of a data center as a single set of resources – but it is actually helpful to think of it as a facility within which you can create smaller ecosystems for a diverse array of use cases. Isolation is key to security, and demarcating workloads from one another also allows you to treat each of them separately rather than with a single, one-size-fits-all approach.


For instance, you may use modular containment and other techniques to set off a system that delivers high-performance computing (HPC). You may want certain areas of the data center to be set up to handle and store critical information. Your power management may differ from one workload to another (think efficiency optimization), as may your environmental efforts. You want the equipment and monitoring to match the applicable system.


Step 4 – Embrace the value of auditing, testing, and reporting.


Testing to improve your efficiency and security can both be extraordinarily helpful and should be performed at routine intervals. Performing these tests helps ensure that you are adapting appropriately to your organization’s development – since strong data centers are continually modified to meet the needs of a growing business.


Thinking from the perspective of efficiency, you will be able to make tweaks as you rigorously study the data center’s performance. In the same way, and arguably more importantly, you want to be certain that data is kept safe through security monitoring. Through data center management tools, you can boost your efficiency levels over time by analyzing CFD (computational fluid dynamics), power consumption, and environmental aspects. From a security standpoint, you can test and audit, using tools under a wide umbrella including user privileges, system locations, and physical access.


A secure data center for your assets


Because securing data is so sophisticated and challenging on-premises, many organizations choose to host some or all their systems through an external provider. It is critical to be certain that these outside parties care about your data as much as you do. At Total Server Solutions, our system is audited using the highest standard in data security, SSAE 16 Type II. See our security commitment.

How to Secure Your Cloud Server

Posted by & filed under List Posts.

A few years ago, security was listed as one of the biggest reasons people might not want to entrust their data to the cloud. For good reason, companies have been careful and systematic in figuring out what information systems to use; security challenges on the Internet are by no means a new thing. Even back in June 2011, 9 in 10 US firms said that they had suffered at least one data breach within the previous year. That’s right: 90% of companies (out of 583 companies polled) said they had been successfully compromised by an outside party within the past twelve months. Almost 60% said that their firm had experienced at least two attacks within those same twelve months.


A wise and important focus on security was omnipresent in early discussions of cloud computing, and it continued to be a top concern in the years ahead. A survey conducted by IDG and published in August 2013, “Cloud Computing: Key Trends and Future Effects Report,” revealed that the top challenge for an effective cloud plan was security – at 66%, much higher than stability, reliability, and integration at 47%, and concerns over whether the service would deliver on organizational and compliance standards. (The poll gathered responses from 1358 people, all of them in decision-making positions and most with managerial roles within IT.)


Again, this concern has continued through the years. In November 2016, another IDG report came out, the 2016 IDG Cloud Computing Survey, showing that many companies still had similar concerns with cloud. That poll found that firms were moving huge swaths of their environments to the cloud, with 60% in some cloud configuration (public, private, or hybrid). (These figures were based on the responses of approximately 1000 informational technology executives.) Even though cloud was widely deployed, security was still the top concern for 41% of those polled.


The concern with security has resulted in somewhat of a backlash, though, from those who are now convinced that the security of cloud is preferable to what is available in traditional data centers. For instance, David Linthicum reported in 2014 that cloud was more secure than a typical business’s traditional data center. Similarly, deputy technology editor Quentin Hardy noted in the New York Times that most major data breaches in recent years have been from attacks on traditional systems. Data may effectively be safer in the cloud because there are more security precautions in place –since security is a fundamental, core concern of any company that is serious about hosting cloud servers.


7 steps to secure a cloud server


Here is a list of seven ways to secure your cloud server, standard best practices indicated recently by Simility CEO Rahul Pangam:


Step 1: Implement end-to-end encryption for in-transit data.


You want to make sure that any time you are interacting with your cloud server, you do so through secure sockets layer (SSL) protocol (TLS 1.2) so that your message is effectively locked. The termination point of the SSL certificate should be the cloud provider.


Step 2: Implement encryption for at-rest data.


Everyone thinks immediately about data that is in motion. However, data that is in one place must be protected as well. As Pangam puts it, encryption of at-rest data is “the only way you can confidently comply with privacy policies, regulatory requirements and contractual obligations for handling sensitive data.” It is certainly a best practice in an increasingly complex threat landscape.


You want to use the AES-256 standard whenever you store disks within the cloud. Your encryption keys actually also need to be encrypted themselves. There should, furthermore, be a system in place to rotate the master key set at routine intervals.


Your cloud provider will also hopefully allow field-level encryption, so that you can encrypt SSN, credit card number, CPF, and other highly sensitive fields.


Step 3: Conduct thorough and regular vulnerability assessments.


Any company that you entrust to provide you with a cloud service should have strong and carefully strategized incident-response and vulnerability practices and systems in place. One feature that you want in terms of incident response is the ability to completely automate the risk scans that look for any vulnerabilities; you are able to perform critical security audits daily, weekly, or monthly, rather than quarterly or yearly.


You can make a security case for vulnerability testing daily. However, within your own ecosystem, you can decide what frequency makes sense for a particular network and/or device. This testing can be set up ahead of time or run at will.


Step 4: Set up and follow a data deletion policy.


You should have your system configured to automatically delete all customer data for any customers that are beyond the retention window that is listed within their user agreement.


Step 5: Focus on user-level security for better protection.


You want layers of security, and one way to create layers is with the user. A customer should be able to change the editing and access privileges for their information at the level of each user, and it is easy to provide this capability with role-based access control (RBAC). RBAC permits you to create delineation between tasks that is both highly granular and uses access controls as its foundation. The care that you put into setting up your RBAC system will make it easier for you to meet internal data security standards, along with compliance to any external standards such as PCI, HIPAA, or the GDPR.


Step 6: Get a virtual private network and cloud.


In traditional hosting environments, there is a dedicated server, an individual physical machine used by a single organization. A dedicated machine can be divided into either multi-tenant or virtual private servers. In the context of cloud, you want your provider to give you a cloud instance that is yours and yours alone – and to which you would have the sole right to access and control of the data. Customers connect to your datacenter. The traffic that goes back and forth to their virtual private cloud goes to their data center via an Internet Protocol security (IPsec) virtual private network (VPN), a standardized means to send encrypted data.


Step 7: Look for strong compliance audits and certifications.


The two critical third-party certifications that you want to see in your cloud provider are Payment Card Industry Data Security Standard (PCI DSS) and SSAE 16 / SSAE 18 / SOC 1 / SOC 2:


  • PCI: PCI DSS compliance, critical to e-commerce solutions, requires a comprehensive audit that is focused on data safeguards during transmission, processing, and storage of data. Note that PCI DSS does have a rather granular focus on payment data, specifically cardholder data, because these standards are designed and promoted by the major credit card brands – Discover, MasterCard, Visa, American Express, and JCB – through the PCI Security Standards Council. Nonetheless, the standard does have strong guidelines and thorough guidelines for highly important security techniques including application development; network design; policies and procedures; and vulnerability management.
  • AICPA: SSAE 16, SSAE 18, SOC 1, SOC 2 are related compliance standards as a name change is taking place at the American Institute of Certified Public Accountants (AICPA), which develops all of these standards. These standard are focused on the controls in place at service providers; the audits are intended to help companies find and fix any flaws in their vendor management environments, compliance management systems, and risk assessment programs. These standards demonstrate through third-party auditing that a cloud provider has an infrastructure and set of policies in place that meet strong stipulations, as established by an accounting professional organization.


Launching your cloud server


Do you need a cloud server that you are confident will be fully protected by your infrastructure provider? At Total Server Solutions, our SSAE 16 Type 2 Audit is your assurance that we follow the best practices to keep our data center up and running strong. See our security commitment.

How to Secure E-Commerce

Posted by & filed under List Posts.

Digital attacks are, of course, of many different approaches and scopes; and the value of data that is stolen also is across a broad spectrum. While that case-by-case diversity exists, there is a commonality of being at risk across all businesses. Incredibly, a report last year revealed that half of small businesses in the United States – 14 million of them –  had been hacked in the previous 12 months. Large enterprises are not off the hook either, though. Figures from the Identity Theft Resource Center (ITRC), highlighted by Internet law firm Revision Legal, reveal that 780 data breaches of large organizations occurred in 2015, with a total of 177.9 million records of individuals compromised.


This trend has continued through 2017 and into 2018. Recent high-profile hacks demonstrate that security should still be a top priority for organizations that are transferring, processing, or storing key information. Here are just a few of the compromises of large entities and mass hacking events of 2017:


  • The Big Asian Leak
  • DC Police Department
  • FunPlus
  • Hitachi Payment Services
  • Dun & Bradstreet
  • R2Games
  • WannaCry Ransomware
  • 8Track
  • Reliance Jio
  • HBO
  • Misconfigured Spambot
  • Equifax


Given the general threat to your data posed by all this cybercriminal activity, it is necessary to be proactive in setting up e-commerce defenses. Here are a few simple steps you can take to improve your security.


Choose secure hosting.


In the top slot for WPblog related to security is a matter close to our own heart: the choice of a strong hosting partner. You want a server with great security protections, as well as a regular backup process so that you can easily recover from disasters such as hacks. You want both incredibly high uptime and support that is accessible 24/7.


WPblog suggests a managed cloud platform; the people who are managing the platform will be able to handle many aspects of security. Another key element is to select a host that has had its infrastructure audited to verify its compliance with the service-control standards from the American Institute of Certified Public Accountants (AICPA): Statement on Standards for Attestation Engagements No. 16 / 18 (SSAE 16 / 18).


Automate your OS updates.


Cybercriminals exploit mistakes that are made by many people; one of the biggest ones made by SMBs is to fail to update operating systems. For example, ransomware called WannaCry spread rampantly in May 2017 by invading sites that had not yet updated to a new release of Windows.


The solution to this issue is very simple: automatically update your OS on each device and use a high-quality hosting service that will never miss something as essential as operating system patching. As Fit Small Business points out, “Even the best antivirus and firewall protection can’t protect an outdated operating system.”


Pick a secure e-commerce platform.


Your e-commerce platform should be highly secure as well. Security is a huge point of focus for serious e-commerce software companies such as Magento. Again, a key issue is whether or not your system is updated to the latest version; in that sense, one of the key benefits of using a strong managed e-commerce hosting plan is that everything is updated on your behalf and monitored around-the-clock.


Use HTTPS protocol.


It may sound basic, but you must use secure sockets layer (SSL) certificates on your site. These certificates are pieces of software that produce the Hypertext Transfer Protocol Secure (HTTPS) protocol; you can get them directly from vendors or from hosting companies. Once you purchase and install a certificate, simply change your settings so that the https and lock symbol populate within browsers.


This protocol creates a secure connection so that no one can steal information while it is in transit from the customer to you or vice versa. There is an additional benefit of SSL certificates beyond data protection; they also will give you a better ranking within the search engines.


Finally, you may want to consider an extended validation (EV) version of an SSL certificate, which will require a longer process to attain but colors your address bar green. (See PayPal for an example of EV; an explanation for why it is important from the Certificate Authority / Browser Forum, or CA/B Forum, the nonprofit association of leading industry authorities that determines the parameters for these technologies; and (for your site) the GeoTrust SSL True BusinessID with EV SSL certificate here.


Avoid storage of sensitive information.


Do not let personally identifiable information (PII) or other key data stay within your infrastructure or that of your hosting service (via your server).


This lesson, reinforced by the Equifax breach, is pivotal for defending against cybercrime because the best target for a hacker – their path of least resistance to a treasure trove of valuable data – is a firm that has sensitive information and then does not properly update all its systems (thus providing a security loophole through which the hacker can potentially view and/or steal said data).


Think, after all, about how Equifax looked to those interested in getting their hands on consumers’ most important contact information and other details. It would be naïve to think that cybercriminals have not tried to intrude onto the credit bureau’s online turf in the past, notes Brand Builders, joking (but surely not overestimating) that it was “[p]robably not the 100th time” that Equifax had been targeted.


The only pieces of data that are usually important and responsible for a company to have on hand are verification and contact details: username, password, full name, phone number, email address, and mailing address. For storage of that type of information, encryption and other security measures should be introduced. It is also key to general security that your users know their passwords should be unique; otherwise, the hacker has the potential to get into the account with you once they are able to get into the service that shares the same password.


Prioritize risk assessment.


By analyzing the various risks to your organization and performing vulnerability scans at regular intervals, you can be better prepared for a full range of strategies and angles that might be utilized to compromise your site. Your site should be addressed, as should your network.


Pay attention to PCI.


The Payment Card Industry Security Standards Council develops the PCI Data Security Standard (PCI DSS) and related standards. It is a body whose sole purpose is to safeguard cardholder data; the members of the PCI Council are representatives of the major credit card brands (Visa, MasterCard, Discover, JCB, and American Express). The Council is a nonprofit organization; the shared concern of credit card companies in not having cardholder data stolen or for money to flow to hackers rather than merchants gives their standards and perspective a credibility that few sources have.


While PCI DSS (often shortened informally to just PCI) is an annoyance for companies that do not want to be guided by external rules, it should be a central standard. It places stronger controls on systems, via processes and technologies, to better ward off any possible cybercriminal attempts to access the data. Your chance of experiencing an account data compromise (ADC) will be significantly reduced when you are able to meet all the specifications of the PCI Council.


Applying the above steps


No one wants to experience a data breach. Unfortunately, many organizations do. As is evident above, when you look for a web hosting service, it is key to be certain that security is prioritized.


At Total Server Solutions, we operate servers in a fully SSAE-16 and PCI-DSS compliant data center. See our e-commerce plans.

Posted by & filed under List Posts.










Total Server Solutions Fuels Growth With Investment Capital And The Acquisition Of Managed Service Provider Zerolag Communications

 Combination enhances services offerings to customers while providing growth opportunities in multiple markets

 Atlanta, GA – January 23, 2018 – Total Server Solutions, an industry leader in Managed IaaS announced that it has raised $23MM in equity and debt from Layer 7 Capital and J.P. Morgan Chase for acquisition finance and growth capital within the business. The target company in the transaction being ZeroLag Communications, a provider of optimized managed hosting solutions has now joined the Total Server Solutions family.

For over 17 years, ZeroLag has provided customers with superior hosting services featuring a unique combination of technical expertise and highly scalable solutions. ZeroLag has designed reference architectures for all the stacks Total Server Solutions supports ensuring the best possible performance, security, and scalability for Total Server Solutions customer’s environments. The acquisition of ZeroLag not only adds a wide variety of new products and services to Total Server Solutions core infrastructure, but also allows Total Server Solutions to leverage coveted partnerships in emerging markets such as Dell, NTT, Veeam, Vmware, and Magento amongst several others. With the acquisition, Total Server Solutions gains a third Los Angeles, CA data center footprint, a backup facility in Austin, TX, and a DR site in Charlotte, NC. They also have now more than doubled their headcount in tech, sales, and development staff across the country.

“Our acquisition of ZeroLag expands our product suite, talent pool and provides a tremendous path forward to leverage both existing Total Server Solutions & ZeroLag customer bases,” said Gary Simat, CEO of Total Server Solutions. “Furthermore, alongside the company’s new financial partners comes increased scale, which enables TSS take on much larger, and more complex projects. This is only one of many large announcements that will be seen from TSS this year. We are coming.”

“ZeroLag has been an innovator in the proactive managed services space for 17 years and through organic growth became a well-known player in the industry,” said Greg Strelzoff, founder and CEO of ZeroLag. “Total Server Solutions fills in critical gaps to the ZeroLag solution space, such as having compute facilities globally. There are incredible synergies between the two companies and together the two groups will have significant accretive forces on each other.”

Steve Lee of Layer 7 Capital, formerly of The Bank Street Group, served as financial advisor to Total Server Solutions. DLA Piper, a leading global law firm spanning more than 40 countries, was counsel to Total Server Solutions in connection with the transaction. DH Capital served as sell side advisor to ZeroLag Communications.

About Total Server Solutions
Founded in 2005, Total Server Solutions provides managed services, high performance infrastructure, and custom solutions to individuals and businesses in a wide array of industries. Our customers range from financial institutions, to advertising platform operators, hosting providers, and telecom companies. We’re also trusted by educational institutions and government agencies in keeping their data on-line and available. Total Server Solutions has the singular mission of providing its’ customers with the finest hosted services and the most robust infrastructure available anywhere across the globe. Our dedicated team of technical experts are always working to find the best, most effective ways to serve you and provide solutions to help you to meet whatever your challenges may be.

About ZeroLag Communications
ZeroLag Communications offers custom-engineered & optimized hosting environments. They deliver superior performance, reliability, and security, ensuring the best possible user experience for their online customers priding themselves in understanding your business challenges and providing simply the best solutions and support in the hosting industry.


Contact Information:

Gary Simat

Total Server Solutions

+1(855)227-1939 Ext:237




Tucker Kroll

Total Server Solutions





How to Secure WordPress

Posted by & filed under List Posts.

In February 2017, security researchers confirmed that as many as 20 hackers were injecting code into WordPress sites that had not yet updated to the newly released version of the platform, 4.7.2. The flaw within the REST API, fixed by the January 26 update, was making it possible for unauthorized users to change content of any page or post. A week following the update, WordPress released details of the vulnerability; that delay allowed the majority of sites to upgrade, prior to cybercriminals having information about this point of entry within the code.


Following the announcement of the weakness by WordPress, and in turn by various news reports, a large number of website owners still did not implement the patch and were invaded. One analysis found that 67,000 pages published through the platform had been modified by attackers already by February 6.


This story is important because it lets us know it is necessary to quickly deploy any new updates, within the first week after their release; after that point, we are fending off the attempted intrusions that are certain to follow release of any specifics on the flaw. The report also is a general reminder that security is a key issue on WordPress since a wide number of users means a wide number of opportunities for hackers with a single exploit.


What can you do to protect your site? This article reviews general security controls advised by WordPress and provides specific steps suggested by leading third parties.


Security controls recommended by WordPress itself


Here are 6 basic ways to defend your site against attacks on the content management system (CMS), according to the official WordPress Codex:


Make it difficult to access. You do not want to have many users with administrative privileges. You also do not want hackers to have many possible ways to enter your site. One simple step is to limit how many web applications are active; clear out any themes and plugins that are not being used.


Separate everything. Beyond considering access, isolation of systems should also be a key point of focus. Consider multiple hosting accounts. Placing applications within different accounts (even if with the same provider) that have separate credentials will reduce your risk through infrastructural diversification. Shared hosting accounts should also be avoided.


Conduct regular backups. You want to back up the site often, and you also want to be sure that the backup process is working so that you can used one as needed to restore the site. You should have a disaster recovery plan that covers breaches as well as other major catastrophic events.


Keep updated. As is made clear by the attack described above, it is fundamental to deploy any new versions of the software immediately – along with any updates released for plugins and themes. As a way to check that these updates are made consistently, you can use an administrative control to simply verify them at preestablished intervals.


Be careful that all your developers are legitimate. The WordPress plugin and theme directories contains only work from trusted publishers. It is a particularly bad idea to try to locate a free version of a plugin or theme that costs money. Plugins may be “nulled” by nefarious individuals or groups, notes WordPress. These nulled varieties may come at no charge but “contain malicious code that will extend the premium plugin, but bundle it with malware that will allow them to hack your site.”


Stay current on WP security. You want to keep your core and add-ons updated, as noted above. You also want to generally stay informed of emerging security issues. That matters since WordPress, like other software, can always have flaws. Two ways to keep yourself abreast are with the WordPress Security tag and through the WPVulnDB database.


Step-to-step WP security improvement


Those controls are helpful but a bit broad. Here are specific additional steps you can take to defend yourself against compromise:


Change the admin username – When you install, you have the option to change the administrative username from “admin” to anything you want. Most WordPress hacking efforts are efforts directed at wp-admin or wp-login that apply brute force (see next step) using admin as username and a rapidfire barrage of guessed passwords.  All you have to do to stop this style of compromise is to simply modify the administrative username –so that the hacker is effectively trying to access the account of a user that the system recognizes as no longer existing. Cybercriminals could potentially overcome this hurdle by implementing brute force in both the username and password fields, or they might be able to access the updated username. When addressing security, it helps to remember that you cannot remove all security weaknesses from your website but are simply minimizing them as much as you can.


Activate lockdown & block IPs – When someone uses an incorrect login repeatedly, they could be attempting a brute force attack. When login credentials are incorrect numerous times in a row, you could have your site become temporarily locked off from access; and have a notification sent your way. You can use a plugin to achieve that end. CodeinWP recommends iThemes Security after long-term use of it. The plugin allows you to block Internet Protocol (IP) addresses after a user has entered wrong information a specific number of times. Formerly called Better WP Security, this plugin has many fans; with a 4.7 out of 5 rating based on over 3000 user scores, it is free and updated regularly.


Use complex passwords – Passwords should be defined by the acronym CLU (complex, long, and unique). These attributes are built into the algorithms of password generators such as LastPass and 1Password, as indicated by the WP SEO firm Yoast. When you give a number of characters to one of these tools, it will automatically come up with a password that is both complex and original. Yoast suggests a length of 20 characters and trying to adjust for inclusion of less-often-used symbols such as the pound-sign (#) or asterisk (*).


Implement two-factor authentication – Use of two-factor authentication (2FA) will bolster security for any platform. You would have to enter the password and an additional piece of data; that second piece of information could be a numeric code generated by a phone app, the answer to a secret question, or some other factor.


Be conscientious about your choice of hosting service – Less than 1 in 12 WordPress sites is compromised based on a weak username or password, according to one analysis highlighted in Torque Magazine. A large chunk, 22 to 29%, are exploits of flaws in themes or plugins. Finally, a massive number, 41% (the source of the greatest number of successful attacks) are breaches of server-side defenses. Given that very compelling data, Torque suggests that “the first order of keeping WordPress safe is to use a reliable hosting provider that regularly updates their infrastructure and keeps security up to date.”


Moving forward


Security is complex, and you will need to take some steps on your own – going beyond what is suggested above through additional online advice articles (some of the best of which are linked within this article). Your partnerships are critical too, though: with 2 in 5 successful WordPress attacks resulting from poor server security, it is critical to prioritize your host.


At Total Server Solutions, our protective stance is underscored by our SSAE 16 Type II audit, showing that we meet the strict service-control standards developed by the American Institute of CPAs. See our security commitment.

What is GDPR Compliance

Posted by & filed under List Posts.

Is your organization ready for the May 25, 2018, effective date of the General Data Protection Regulation (GDPR)? This short guide gives you a sense of what guidelines it contains, along with whose data it safeguards and who will have to follow the rules.


Understanding the GDPR


5, 4, 3, 2, 1… Second by second, the European Union is counting down the amount of time left until the enforcement of the General Data Protection Regulation begins. The GDPR is a set of stipulations developed by the European Union for the safeguarding of data. It was enacted because European nations were still working with 1995 legislation (Directive 95/46/EC).


The official GDPR site notes that the law is intended to create greater common ground between the different information privacy laws that are currently in force in different countries on the continent. It is also meant to give better privacy rights to citizens. Contained in this regulation are some significant shifts for individuals as well as for organizations that manage or in any way interact with sensitive personal data.


The GDPR is big news in part because it is a long time coming – the result of over four years of negotiating and fine-tuning. The European Commission started outlining its proposed strategies for reforming the treatment of data privacy in January 2012. The idea of this effort was to make sure that the European nations were in good position for the digital era. Although there were other reforms laid out at the time as well, the GDPR was central.


The European Parliament and European Council both passed this new framework in April 2016 – at which point the directive and regulation were made public. Then in May 2016, the EU Official Journal published the GDPR. The GDPR is on everyone’s minds lately in the security and IT fields because we are ramping up to the date when it becomes effective: May 25, 2018. The idea for that two-year stretch prior to the law going into force was that it would give both individuals and businesses ample time to get ready for compliance.


When the law was passed, Digital Single Market VP Andrus Ansip noted that the treatment of the confidential information of the European people had to be based on an educated knowledge that data was being protected against unauthorized access. “With solid common standards for data protection,” he said, “people can be sure they are in control of their personal information.”


What businesses must be GDPR compliant?


All members of the EU have to comply with the General Data Protection Regulation, and it impacts nations outside Europe as well.


In the United Kingdom, many people are confused about this legislation because it was negotiated prior to Brexit. It is essentially being put into effect in the UK via a Data Protection Bill that mandates many (though not all) of the same standards and protocols.


Any companies that are not within the EU but that provide services or goods to European people and/or organizations have to comply with the law. The GDPR is of great interest to all global enterprises, as well as small businesses that are doing business on the continent. Because that’s the case, this issue is high-priority across just about every industry.


How the GDPR changes things


Businesses get hacked and otherwise experience data breaches all the time. Data may be stolen by cybercriminals or otherwise become accessible to unauthorized parties that are not supposed to be able to view it. Assuming that these parties are malicious, the situation can quickly turn into a nightmare.


To guard again these scenarios, the GDPR gives rights to citizens to be able to look at the information that is held by different organizations.


Businesses and agencies need to give people access to their data while meeting certain information management requirements. They can only collect and use data as described within the legislation. Furthermore, firms that manage information have to secure it so that it is not used for nefarious purposes. They must respect the rights of the owners of data as detailed within the law. Otherwise, they can get fined according to the new table released in the law.


Beyond the above parameters, the other aspect that is new is the expanded liability of organizations that handle data on the behalf of others – called data processors under the law (see below).


Data controllers & data processors


The law places the businesses that must meet compliance in two categories: data controllers and data processors. The GDPR’s Article 4 describes these two types of organizations:


  • Data controller: A data controller is an individual, public agency, or another organization (i.e., any company) that, either by itself or in collaboration with outside entities, decides why and how digital information is processed, stored, or otherwise handled.
  • Data processor: A data processor is an individual, public agency, or another organization (again, could be any business) that manages data for a controller. Note that if you are in the UK and the Data Protection Act applies to your organization, the GDPR will probably be applicable as well (since its essence is being implemented).


“You will have significantly more legal liability if you are responsible for a breach,” notes the UK’s Information Commissioner’s Office. Specifically, processors are now liable.


The General Data Protection Regulation makes it necessary for processors to keep records related to information and its management. In this manner, it becomes a much more significant legal concern to follow industry best practices, avoid corporate negligence (failure to use accepted standards for data protection), and make sure that information is actually secure.


Furthermore, GDPR compliance will now apply to all legal agreements between processors and controllers.


Close parallels between HIPAA & the GDPR


From a compliance perspective, these designations are interesting because they are so similar to the law that has developed in the United States related to the protected health information (PHI) that is the subject of HIPAA compliance – i.e., abiding by the Health Insurance Portability and Accountability Act of 1996. HIPAA has always applied to both covered entities (roughly equivalent to the controllers) and business associates (roughly equivalent to the processors). Also, US law requires that a contract called a business associate agreement (BAA) must be signed between every covered entity and business associate, just as agreements must be signed into effect between controllers and processors.


What are the penalties for noncompliance?


There are incredibly strong fines for failure to comply with the GDPR, with violations leading to fines as high as the greater of 4% of annual turnover (total sales) or 20 million Euros (roughly 24.4 million USD).


Incredibly, a recent survey found that 52% of organizations think that they will get GDPR fines, while another report predicted that the new law would result in $6 billion of fines from the European Union in its first year alone.


Your GDPR-compliant hosting plan


Is your organization in need of GDPR compliance? You do if you in any way come into contact with data of European citizens or businesses, whether you are classified as a controller or processor.


At Total Server Solutions, we offer GDPR-compliant hosting. In fact, we previously established our data protection through an audit to meet the service control standards devised by the American Institute of Certified Public Accountants’ Statement on Standards for Attestation Engagements 16 / 18 (SSAE 16 / 18). See our beliefs.

How the IT Threat Landscape Will Change in 2018 – Part 2 of 2

Posted by & filed under List Posts.

<<< Go to Part 1


#6 – Competition with government for identity verification


One thing that should be learned from the compromise of Equifax, according to the Forrester report, is that individual organizations should not be put in the position of providing reliable verifications of identities and protecting the information of consumers – particularly when people are using digital environments for more of their day-to-day needs.


Big banks will get into the identity verification market in 2018, suggests Forrester. Users will also start having the option to use login details from financial institutions to access government systems. Utilizing integrated data from online payments, blockchain will become more prominent as a technology that can aid with verification.


The researchers suggest that reviewing possible services you could use for identity verification is urgent in 2018. The key characteristics that you want in the institution you choose are credibility; data protection protocols and compliance; coverage; and support.


#7 – Victimization of POS systems by ransomware


End-to-end encryption has been more broadly deployed within transaction platforms; thus, point of sale (POS) systems are not as reliable a source to target for credit card information. With that option blocked, attackers are switching to ransomware so that they get money through extortion rather than selling the data. Someone who gets targeted with ransomware might pay the ransom simply because they cannot get into their system.


Forrester urges businesses not to pay any ransom to cybercriminals if you find yourself in this situation. To protect yourself, prioritize your disaster recovery plans. Daily backup should be one key element of your preparation.


#8 – Discrepancy between board understanding & actual situation


The board of the company may not completely have a sense of the technologies that are needed, even if its members acknowledge that digital security is one of the highest priorities.


Durbin notes that a board often feels the CISO is managing everything appropriately. Board members often are not able to communicate exactly what they want because of lack of familiarity with the approaches and options. From the other side, the CISO may not be able to convey exactly what they want or need to the board.


Company boards often think that the information security team and CISO have been able to make strides after confirming boosts to security budgets in recent years. However, it needs to be understood that a 100% rock-solid security approach is impossible. Beyond being clear on the idea that a defensive stance will always have weak points that could be improved, there is also a tendency to set unreasonable timeframes (regardless what the knowledge level that you currently have in-house).

According to Durbin, when the board does not have a good handle on security in these ways, a breach that occurs could have negative impact on the business – but also on the members of the board.


Since the threat landscape is becoming increasingly complex, an information security chief needs to go beyond maintaining a firewall to predicting and being prepared. Data security leaders should be aware of the influence of internal and external issues on the organization and be able to communicate the situation to the board. In that sense, the ISF sees it as critical that the CISO be both a salesperson and a consultant, able to give solid information and to be convincing; just don’t hard-sell so much that you become Alex Baldwin in Glengarry Glen Ross.


#9 – Transition of focus & venture capital from AI to blockchain


Transactional integrity, policy tamper detection, and guarantees of distributed integrity are avenues in which dedicated architectures and cloud technology are being leveraged to better encrypt and secure data using blockchain.


There will be various ways that blockchain is a valuable method for business, per Forrester. Four of the key ones that will be top use cases during 2018 are integrity and authenticity verification for documents; binary reputation checks to defend against ransomware and malware; identity verification (IDV); and certificate provision/authentication.


Back in 2016, security providers all were concerned that there offerings fully incorporated artificial intelligence (AI). In 2018, blockchain will be a similar technology, says Forrester. This year, many tech startups will offer blockchain security. These new organizations will challenge established organizations to adapt and implement blockchain so that the new wave does not have a competitive advantage.


Forrester advises talking with your security providers about their implementation of blockchain.


#10 – Increasing sophistication of security within business


One way that companies are changing to better protect users is that passwords are no longer seen as the ideal way to authenticate access, notes Wayne Rash in his 2018 trends piece for PC Magazine. Use of biometrics will become more common for authentication in business settings. Iris recognition and facial recognition can be used in isolation or as components of multi-factor authentication (MFA).


MFA is a standard approach that is only becoming more widely adopted. In 2017, the basic way MFA took place was with codes transmitted to people’s phones; in 2018, biometrics will become core to these processes. Software that steals user login info will be less effective at organizations that use codes transmitted to phones, smart cards, or biometrics as a means of multi-factor authentication.


Rash points to what he sees as another, somewhat controversial way that security is improving: the declining value and popularity of cryptocurrency such as Bitcoin. Some of the blockchain formulas currently used in cryptocurrency have weaknesses, and law enforcement is finding methods that allow them to monitor the finances as they pass from account to account. In late 2017, a story broke about the cryptocurrency Monero: hackers were using tools devised by and leaked from the National Security Agency to make their efforts more efficient and rewarding. After entering and assuming control of Linux and Windows servers, these attackers were using the NSA programs to distribute their currency mining across the target networks.


Criminals require the stability of cryptocurrency in order for it to ultimately serve their purposes, getting the money into their accounts through ransomware and other tactics –so incidents such as that with Monero are effective in reducing the allure of fraud that uses cryptocurrency as a component.


While there are elements of the security landscape that are brighter than they have been, there continue to be a large volume of diverse and increasingly sophisticated threats. The number of hacks that take place in 2018 will be greater than in 2017, forecasts Rash. Criminals will continue to come up with workarounds that get past protections. Security will become more challenging all the time.


Given the rise in security incidents and its paramount role in supporting the safe growth of your business, it is critical to have a clear and consistent path forward.


In that sense, says Rash, it is key in 2018 to “focus your resources on prevention and on supporting the security efforts of [your company’s security chiefs].”


A secure, high-performance infrastructure


Do you want to protect your internal systems and customers from data breaches? It all starts with an infrastructure that is third-party-verified to meet top-tier security standards. At Total Server Solutions, our SSAE 16 Type II audit is your assurance that we follow best practices for keeping your data safe and available. See our SSAE 18 / SSAE 16 security commitment.

How the IT Threat Landscape Will Change in 2018

Posted by & filed under List Posts.

In late 2016, Forrester forecast that automation and security services would be used increasingly to meet a shortage of tech talent, that greater than half a million IoT devices would be hacked, that compromises of healthcare systems would become as extensive and prevalent as previous ones within retail, and that a significant IT security breach in the Trump administration would be revealed within the initial 100 days. All those predictions came true. Similarly, the Internet Security Forum (ISF) was right with many of its 2016 predictions as well. This two-part security mini-guide looks at thoughts from those two organizations on how the threat landscape will evolve in 2018.


#1 – Expansion of crime-as-a-service


Steve Durbin, managing director of the nonprofit Information Security Forum (ISF), forecast in late 2016 that crime-as-a-service (CaaS) would expand massively in the year ahead as crime rings established more intricate structures, associations, and affiliations that reflect the robust and highly controlled mechanisms of enterprises.


Durbin states that his projection did come true, unfortunately, as crime-as-a-service was the central component of generally increased cybercrime activity. ISF again sounds the alarm this year that CaaS will continue to be a huge concern, with crime syndicates now specializing their efforts to suit niche markets and turning their malicious work into a traded international commodity. Organized crime will sometimes be the basis of companies that have other business functions; in other cases, cybercrime units operate as independent businesses.


A main way that CaaS will be evolving in 2018 is that more people Durbin describes as “aspirant cybercriminals” who are not necessarily adept at hacking will increasingly be able to cause greater damage through services and programs that they purchase.


In previous years, ransomware involved shutting down your IT systems and demanding payment, possibly as cryptoware that encrypted and locked you from data. Once payment was made, the intruder would stop their attack. That expectation depends on trust. Because aspirant hackers have started to use ransomware so much, businesses are – wisely – unlikely to trust that their services will be restored if they pay. Even if services are restored, you may have an issue with the perpetrators coming back repeatedly for additional payoffs. Businesses will become more aware of this issue.


CaaS will also be used through social engineering in 2018. Social engineering methods are a point of concern related to staff training since they are directed at single people instead of the organization. Security is so increasingly centered on the individual user that Durbin says lines blur between the individual and the enterprise; he concludes, “The individual is increasingly the enterprise.”


#2 – More frequent IoT assaults with different goals


The Internet of Things (IoT) was thriving in a sense in 2017, but really only in limited industries and contexts. There will be a terrific growth in the number of IoT devices in 2018.


Understanding and managing that data could lead to huge competitive advantages, boosting the demand for big data analysis.


There is a glaring issue with the IoT, though, as indicated by Forrester. The research firm notes that the rise of the IoT will also spur additional IoT hacking efforts that will have a different intent (related to the IoT devices themselves). The standard way cybercrime has utilized the IoT is as a way to form a botnet of slave zombie devices to use in distributed denial of service (DDoS) attacks. In 2018, attackers will start to become more interested in the data within the IoT devices, stealing it or blocking it to extract ransom.


#3 – Supply chain will continue as biggest issue with risk management


The ISF has long been concerned with the challenge posed to security by the supply chain. Large amounts of critical data may be shared with suppliers, in scenarios that necessarily involve giving over aspects of control to them. It is extremely important to know that the supplier is going to properly treat the data so that it is kept private, secure, and available.


Durbin noted that 2017 saw large manufacturing companies unable to maintain full production after losing access to some of their supplies – so this issue is key.


Furthermore, the notion of a supply chain extends far beyond manufacturing. Every organization has suppliers. You want to understand here your data is and how it is being protected (as with datacenters audited to meet the SSAE 18 / SSAE 16 standard), especially if it is being shared or entrusted to a third party.


2018 will be a year in which companies start to scrutinize their supply chains for full-lifecycle data protection. A proactive security stance will be more widely embraced. Durbin advises using services that have appropriate assurance related to the risk, building your fortress of safeguards out of repeatable, scalable processes. It is crucial to integrate supply chain IT risk management in your buying and vendor management policies.


#4 – General Data Protection Regulation prominent in security conversations


The General Data Protection Regulation (GDPR), a set of rules and standards put together through the European Union, will go into effect in May 2018. There are severe fines and sanctions for organizations that violate the laws set forth, which are generally upholding consumer and end-user protections. The fines really are significant, as high as 4% of yearly worldwide net sales (turnover) or 20 million euros, whichever is greater.


The GDPR is in place for everyone who lives in Europe, and it applies to businesses that are within Europe as well as those who do business in its member nations. GDPR is about safeguarding consumer as well as staff information.


A chief concern recently is that companies have been increasingly monitoring their workforce as a way to guard against internal cybercrime, human error, and hackers with stolen login data. That may be well-intentioned; however, it can also be considered an invasion of privacy from the perspective of anyone on staff.


The law, passed by the European Court of Human Rights in September, stated that organizations have to let any personnel know ahead of time if their email accounts in the workplace will be watched. Additionally, any surveillance that does occur cannot do so at the unreasonable expense of the employee’s privacy. The GDPR additionally related to the privacy and data management of workers and can lead to large fines if its stipulations are violated.


The Forrester researchers advise that these laws are geared toward stopping improper handling of customer data. However, the information of employees is personal data, regardless that it is within the company’s system. Forrester expects regulators to start to focus increasingly on employee privacy.


Durbin notes that the GDPR comes up in virtually every conversation he has related to security with anyone in the world.


#5 – Possible malicious impact on United States midterm elections


Forrester states bluntly in its report that the United States has been failing to address systemic flaws in the voting process, in which computer programs are used for voting, as well as counting, verification, and reporting.


The analyst firm notes that the attacker would not even have to access a voting machine itself. They could “use compromised Windows machines to adjust the voting tabulation results in web-accessible software,” states the report; alternatively, they could modify a database or spreadsheet of totals from individual precincts.


The huge swaths of data that were taken in the attacks on numerous state agencies, the Republican National Committee, and Equifax will make it easier for malicious parties to submit fraudulent votes in areas where the vote is close, says Forrester.


Click here to read Part 2


High-security, high-performance infrastructure


Are you concerned about properly safeguarding the data being entrusted to your organization? In 2018 more than ever, you need IT partners that prioritize security.


At Total Server Solutions, our high-performance infrastructure is adherent with the SSAE 18 / SSAE 16 standard from the American Institute of Certified Public Accountants. See our security commitment.

Pivotal Elements for Ecommerce Success in 2018

Posted by & filed under List Posts.

Here are a few key tips for succeeding at e-commerce in 2018, related to technologies, SEO, and other aspects of business:


Friendlier checkout


No one, of course, wants to get stuck in checkout: for the same reason we avoid the long line at the supermarket, we do not want it to take us 10 minutes to enter card information and get through to the confirmation page. Checkout is getting easier to achieve, and much faster, through wallet apps and mobile payments.


Social media


We all understand how pivotal social media can be for the success of a business. In its early years, this platform was considered more of a side-effort to ecommerce meant to increase awareness of the brand and build relationships. Today, it has become fundamental to ecommerce success. Consider that many people are now buying products straight through Instagram.




Search engines place a great deal of emphasis on the originality of content on a site. In other words, the more high-quality, fresh, creative ideas and images that are presented on your site, the more likely people are to find it.


The issue for ecommerce sites is that they will often have many different products and need descriptions for each. Since it is so daunting to come up with your own content related to these products, you may end up simply reposting stock material from the manufacturer. That approach is detrimental because descriptions are a great opportunity to catch the attention of the search spiders by avoiding the sin of duplicate content. The core rule with original content is not to focus it excessively on sales but to provide information as a free, user-friendly resource. The information you share should be useful and help people to compare and contrast different product options.


Similar to using the same language as the manufacturer, you do not want to use databases and templates that are used elsewhere. These elements will also hurt your rankings because Google and Bing know that you are not the first to use them. Change all content so it is your own, thoroughly reframing and rewording the descriptions. Use appropriate keywords while avoiding keyword stuffing.




Typically the first concern people will have when they want content is text and relevant images for their product or service pages, blogs, and social media. However, video is becoming more dominant. One estimate suggests that video will account for 80% of all web traffic by 2020. It is a way to have something similar to a one-on-one presentation to the customer even though you are in different locations.


Figures suggest that video is powerful enough to result in 97% higher purchase intent and 200-300% higher click-through rates.


There are all kinds of tools and platforms for creating strong and unique video for your offerings. With Slidely, you have an environment that is integrated into your social profiles for immediate sharing. You can find out locations of viewers and how long people stay tuned with analytics from Wistia or similar systems.


No approach is right for every video. However, live videos will generally create a greater boost. Compared to pre-recorded video, live video can drive as much as 300% higher engagement.




Content is something to strategize in volume, but it is also something to consider from a more granular perspective if you want it to yield an incredible impact. Today, companies that excel at user experience and relationship are going beyond simply displaying and describing products to developing a compelling brand story. To craft your narrative, work with content professionals to build them; and then integrate them company-wide, throughout social platforms, email newsletters, order confirmations, and packaging.


Augmented reality


Augmented reality (AR) is a developing and sophisticated way to attract the focus of your target. It is fast and gives your audience a sense of immersion within your brand. Some thought-leaders think that AR will become a bigger part of social platforms in 2018 – and that is almost stating the obvious. An AR feature within Snapchat allows users to “project” their image and include Bitmoji. As with the Place app by IKEA, it is also possible for a retailer to project products within the homes of social users.




Ecommerce automation has become a central concern for merchants. Increasingly, the sophistication of your automation mechanisms will determine if you are able to keep up with competitors.


Automation is a broad task since it is a practice that can be applied diversely. One possible element for automation is fraud (in which you can protect yourself in a similar manner to spreading your message with marketing automation). For automated fraud prevention, ecommerce systems will allow you to set rules that allow you to automatically forward any items that have estimated mid-range risk to the finance department immediately. When risk is high, you could have the automated system respond with a cancellation.


From a general perspective, automation frees up time so that you and your staff are not constantly entangled in mundane tasks.




The time that you can save through automation can be redirected to emergent and ongoing big-picture concerns such as personalization. Personalization allows your display of products and content of emails to perfectly suit the particular person and situation.


Visitor review system


People will often abandon ecommerce sites because they do not trust them. A sense of uneasiness may continue with a person into the checkout process if they do not see any information validating a choice that they are ready to make.


With easily available reviews from other customers, the shopper will get a boost of confidence from the buyer’s perspective. The other positive of customer reviews is that they are user-generated and contain original comments that will add to your SEO power just like producing your own blog articles does.




You can let a search spider know that it should only read specific portions of your site via the robots.txt file. By informing the search engines what pages are relevant for public use, you make it easier on them and save your own bandwidth.

One good use of the robots file is to section off parts of your site for exclusion from these scans so that you can work on the SEO within some areas while continuing to submit the stronger portions for search consumption.


Anchor text with keywords


With internal links, you are best served with keywords in the anchor text. That approach allows better description to users prior to clicking. User experience is improved in this manner, and you will get higher click-through rates.


301 redirects


You may have inbound links from other sites that lead to products you have removed (in turn meaning the page is no longer live). You want to get the positive search juice from those links, though; and you do not want people who click them to end up at dead ends. A 301 redirect will forward people who go to out-of-stock items to other pages that are similar to their needs.


High-performance infrastructure


To implement any 2018 ecommerce strategy, it is critical to have strong hardware and support to back you. At Total Server Solutions, we provide high-performance infrastructure and thoughtfully engineered services that are different, innovative, and responsive. See our approach.