HIPAA risk analysis - steps to achieve - doctor on laptop

Posted by & filed under List Posts.

As you consider your risk analysis and efforts to keep it HIPAA-compliant, it is helpful to understand that the notion of risk is inherently context-based. Whenever you think about risk, initial questions to ask yourself are:

  • What asset am I attempting to protect?
  • What are potential threats?
  • What must be defended?
  • How substantial is the risk?

To look at the notion of context and how importance it is to risk, Sarah Morris of KirkpatrickPrice suggested the analogy of a tire that has significant wear-and-tear. When you think of it in terms of driving, its condition is awful, and it represents great risk. If you took the tire off your car and instead used it as a tire swing, you would remove the friction of the roads and no longer have the risk. With that in mind, Morris recommends not jumping to conclusions when it comes to determining your amount of risk – since you need to completely understand the context. Once you are complete with the analysis, you will be able to gauge your risk using that specific information.

Moving forward with your risk analysis

To understand your context so that you have a sense of your risk, you must conduct a risk analysis. The steps for performing a HIPAA-compliant risk analysis are as follows: 

Step 1.) Know key terms.

Major terms that are important to understanding HIPAA law are:

  • covered entity – Under HIPAA, a covered entity is a healthcare provider, plan, or data clearinghouse.
  • business associate – When covered entities use third parties to handle their protected health information (PHI), that organization is called a business associate.
  • business associate agreement – This term refers to a contract signed between a covered entity and any third party handling its PHI, stipulating responsibilities related to its protection.
  • electronic protected health information (ePHI) – When medical information is digitized into electronic health records (EHR), the data contained within IT environments is called ePHI (although PHI can be used as a catchall).
  • protected health information (PHI) – Typically shortened to its acronym, this term refers to sensitive personally identifiable health data that is safeguarded by HIPAA law.
  • Security Rule – A key stipulation of HIPAA’s Title II, the Administrative Simplification Provisions, this rule provides guidelines for the protection of electronic health records.

Step 2.) Know basic requirements of HIPAA law.

Within the Security Rule is the Security Management Process standard, which states that HIPAA compliance requires procedures and policies that avoid, identify, limit, and remediate any security issues that violate healthcare law.

The part of HIPAA that discusses the need for risk analysis is 45 C.F.R. § 164.308(a)(1)(ii)(A). To summarize that section:

In order for any organization to achieve HIPAA compliance, it is necessary to extensively review any possible risks to the ePHI that might expose it, corrupt it, or make it unavailable.

A description of strong risk analysis questions is contained in NIST Special Publication (SP) 800-66. Here are the questions (which are not mandatory or all-inclusive but suggest possible directions that may apply to your situation):

  • Do you know where the electronic protected health information is within your system (accounting for all data you generate, store, send, or receive)?
  • How is your ePHI handled externally, as when service providers produce, store, send, or receive healthcare data?
  • What poses a risk to the ePHI within your data environment, including all environmental, natural, and human threats?

While a risk analysis has direct benefits in terms of understanding your risk, you will experience indirect benefits as well in guiding you toward better compliance with other standards of the law. For instance, while the Security Rule has certain guidelines for deployment that are labeled as “required,” others are labeled “addressable.” The HHS clarified that it is not your choice whether to comply with addressable items. Instead, the entity should look at the parameter in terms of how appropriate and reasonable they are, given the context.

Step 3.) Assess the scope of your analysis.

Examine all of the equipment and digital environments within your organization that generate, send, store, or receive ePHI with respect to the physical, administrative, and technical safeguards described within the law. Servers and computers are a clear place to start, but think broadly as you consider your technology, as noted by the American Medical Association (AMA). For instance, photocopiers will typically have hard drives within them that store images of everything that you scan. All mobile technology that handles ePHI should be included within your scope as well. Also at this point, create an asset list and write down a diagram or outline of the ePHI workflow.

Step 4.) Determine possible weaknesses and threats. 

When you look at the ways in which you might be vulnerable, you can benefit from the work you did in determining your scope so that you know the locations to look for weaknesses and threats. It is important to ask the same questions about your environment repeatedly so that you are considering all the potential problems that may arise in various segments of your system that handle sensitive health data. 

What you want to achieve at this point is a full picture of everything that might put your firm at risk. It is also when you can create an inventory of all the security methods that are currently implemented. Typically you will need to talk within your organization – with the office manager, for instance – as well as having discussions with knowledgeable outside parties related to the ePHI threat landscape and standard protections. 

Step 5.) Evaluate your risk. 

As stated above, risk is all about context. The nature of the systems you are protecting will lead to a reasonable understanding of how likely data breaches are to occur – and how devastating the outcomes would be.

An example negative situation that is a common HIPAA violation is the loss of an unencrypted laptop. Risk is different for different organizations related to laptop loss, though. For instance, a practice that visits patients in their homes could consider loss of laptops a high risk since it would be very possible to occur and because they might contain ePHI related to patient visits. By implementing laptop encryption, the risk is mitigated.

Also rank your risks during this process. You can determine your overall level of risk at this point as well.

Step 6.) Finalize your documentation.

Create a document that outlines the findings of your risk analysis (some of which is already composed). Make sure that this writeup includes the list of all your assets, weaknesses, threats, likelihood of occurrence, impact, controls that are now implemented, ranking of your controls, any residual risk you might have, and any advice that you have in terms of new controls to deploy.

Step 7.) Review and update your risk analysis process moving forward.

Risk analysis should be an ongoing project, of course. It should occur once a year, according to the AMA. Deciding how often to perform these assessments is context-based as well, though. As noted in Healthcare Informatics, “Some covered entities may perform these processes annually or as needed (e.g., bi-annual or every three years) depending on circumstances of their environment.”

HIPAA-compliant hosting for your patient data

HIPAA is flexible and allows you to assess your security stance based on the context. To better understand your context, you perform a risk analysis. The above steps will help you in conducting your risk analysis. Probably you will find ways in which your systems could be improved, as with expertly engineered HIPAA-compliant hosting. At Total Server Solutions, our service is what sets us apart, and it’s our people that make our service great. See our approach.

data eminating outward from the individual, the key concern of the General Data Protection Regulation from the European Union

Posted by & filed under List Posts.

Bolstered consumer consent. The “right to be forgotten.” 72-hour breach reporting. Hefty fine schedules. These aspects of the General Data Protection Regulation from the European Union are now in effect, as of May 25, 2018. As the most significant change to data security law in Europe in two decades, this new set of rules is getting a huge amount of attention in security and compliance circles.

Companies that are based in the EU must abide by the law, as must multinational firms that do business in EU nations. US-based businesses that do not have any operations in the EU may think that they are not impacted by the GDPR, but that is actually not the case – as is true for any companies from other non-EU countries. No matter where you are on the planet, you have to be concerned with the issue of GDPR compliance if you have a website and collect user information, since you could at times be handling the data of EU citizens.

Do you really have to follow this EU law?

Some businesses may think that a regulation written across the ocean is insufficient for them to change the way they do business, instead taking their chances that they will not get a fine. However, companies that take this approach should be aware of the size of fines for noncompliance. While fines are in two tiers, both tiers involve substantial penalties: the most severe ones are at the higher amount of 20 million Euros (approximately 23.60 million US dollars) or 4% of yearly worldwide revenue, and the lower ones are at half of that, the higher amount of 10 million Euros (11.80 million USD) or 2% of annual global revenue. Breaches due to violations that the EU lawmakers determined were the most critical ones related to personal data security can get the maximum, higher-tier fine. The important provisions on data security as it relates to these two two tiers of fines are in Articles 5 and 32, as discussed in greater detail by international business law firm Pinsent Masons.

Beyond the fines, there are also numerous other costs associated with being fined – such as the impact of bad publicity and lawsuits. For businesses to be prudent and to ensure their ongoing stability, GDPR compliance is essential.

Organizations that are not within the European Union can look to the GDPR itself to verify their need for compliance. Within the regulation’s Article 3, it states that you have to meet the GDPR when your organization gathers behavioral or personal data from a citizen of a European Union nation. Article 3 stipulates that data subjects (protected individuals) must be in the EU when that data is gathered. Also, to be clear, no financial transaction must take place in order for protections to be needed. Collection of personally identifiable information (PII), which the GDPR calls personal data, necessitates protecting it per the regulation’s guidelines.

While it is clear that non-EU companies must follow the GDPR, the core point that currently remains unanswered is whether a similar data protection law might be passed in the United States. Despite the costs and frustrations that arise from a new form of compliance, some business leaders see the law as a sign of progress. FollowAnalytics CEO Samir Addamine called passage of the GDPR the “rare time that the EU is… in advance of the rest of the world.”

Basics of the GDPR

It is now necessary for organizations to get consent from EU citizens in order to gather their data. When getting the consent of these users, it is necessary for the contract to be straightforward and easy to access; also, the reason the data processing is taking place should be given within the consent terms. The way that the terms are written should be highly readable, and anyone who signs an agreement should be able to cancel it just as simply as they initiate it. It is also necessary to notify your EU users in a maximum of 72 hours if a data breach occurs that may have impacted their records.

Additionally, the GDPR gives every citizen of the EU the right to be forgotten – the right to ask that their information be cleared out of a business’s systems if the purpose for which it was gathered is no longer relevant or if the individual wants to take back their consent.

The broad applications of the GDPR are evident through a simple example from Jeremy Goldman of creative consultancy the Firebrand Group: if you closed a social media account, the company would have to remove all your data. There are exceptions to this rule: it is not your right to have the data removed if its preservation is for the public good, as when the nature of the data is somehow newsworthy. Another restriction to this aspect of the regulation is that you cannot get records removed when their removal threatens freedom of expression (the broader category that includes freedom of speech).

Where should I focus first?

When it comes to taking on new standards and implementing the parameters of new forms of compliance, it helps to have an initial point of focus. Otherwise the complexity of legislation can feel overwhelming and deter forward motion toward GDPR compliance by international companies (and again, that means all countries with websites that might collect the personal data of EU citizens).

Perhaps the best place to start is with the need (mentioned above) to get a clear, simply stated, and straightforward agreement from users in order to collect their information. Companies may wonder specifically what it means for consent to be clear or easily readable, since it is difficult to get completely away from legal terminology and concepts. Consent must “involve a conscious and informed act by the individual,” noted Compliancejunction. It is no longer acceptable in these situations to have a prechecked checkbox, for instance. The terms must note the data controller (the organization that will be responsible for the records) as well as any outside firms that will be handling the information. While consent has not required as much intentional transparency in the past, as of May 25, the obtaining of consent has to be achieved through an unambiguous action that is distinct from signing the general user agreement.

Within the General Data Protection Regulation, citizens of the European Union nations are also granted the right to get a writeup covering all the data the firm has collected from them for free. They can also get, at no cost, the locations in which the data is being stored or processed, along with the reason that it is being handled.

GDPR compliance for your business

If you fell behind on GDPR compliance, analysts suggest many firms are in that position. A Gartner study forecast that more than half of companies regulated by the GDPR will not have reached complete compliance even by the end of 2018. Since the notion of territorial scope (i.e., impact beyond the confines of the EU) is so critical to the GDPR and the way it updates European data law, businesses in nations outside the European Union should “not be surprised to find that they are a particular target of data regulators,” noted the Workplace Privacy, Data Management & Security Report.

Are you concerned about the impact of the Global Data Protection Regulation on your business? At Total Server Solutions, through our singular mission of providing you with the finest hosted services and the most robust infrastructure available anywhere, we can help you build a system that meets your needs while also achieving and maintaining compliance with the GDPR. See our customer testimonials.

Juggling security to protect sensitive customer data - GDPR compliance steps - General Data Protection Regulation

Posted by & filed under List Posts.

While there are borders between nations, the world is integrally connected. That is perhaps nowhere more evident than in the marketplace of the Internet. The interconnection that the Web allows also means that security is a huge priority, since no one wants anyone who is unauthorized accessing their confidential data. Sometimes legislation will be passed that impacts the way sensitive information is treated. If the body making these decisions is large enough, the simple passing of a new set of rules can have a seismic influence on global business and the ways that information systems are defended.

A good example of this kind of law passed in the United States is the Health Insurance Portability and Accountability Act (HIPAA) of 1996. While HIPAA compliance is technically limited to protecting the health records of US citizens, it has a broader effect because companies headquartered elsewhere must have their systems adequately secured to meet the needs of any US patient data. Similarly, GDPR compliance is necessary for all global companies related to the data of European customers.

If the General Data Protection Regulation sounds new, it was actually passed on April 27, 2016 – so there were 25 months given to organizations to prepare for the May 25, 2018 effective date. It is reasonable that many companies have not understood that they could have to meet the needs of a law passed by a foreign entity.

What is the GDPR?

The General Data Protection Regulation is a wide-ranging new law that mandates reasonable protection of data of citizens within European Union countries that is handled by any businesses, no matter where (i.e., Europe or otherwise) the information is gathered, processed, or stored. Both organizations that have business established in European Nation member states and digital entities (apps and websites) that interact with the sensitive information of European citizens must be GDPR-compliant, as indicated by Leslie K. Lambert.

If you want a little bedtime reading, the GDPR can be read in all its glory in the Official Journal of the European Union – see Regulation (EU) 2016/679 of the European Parliament and of the Council.

7 steps to GDPR compliance

If you have not had a chance to evaluate your systems and update them to reflect the new needs of the GDPR, here are simple steps you can take to achieve compliance:

#1.) Establish a GDPR team and data protection officer.

GDPR compliance should be an organization-wide concern. Align a group of people from various departments and roles (including IT, risk, finance, and marketing) who will each serve different functions in the adoption of these new parameters. The GDPR mandates the assignment of a data protection officer at firms or agencies that perform high-volume handling of confidential personal details or criminal backgrounds, or that conduct high-volume routine and frequent tracking of the people to whom the data applies – called data subjects.

Assuming you do not meet those stipulations and are not required to have a DPO, you may still want to assign a DPO or GDPR compliance officer so that your efforts are more straightforward, as indicated by UK attorney Rachael King.

#2.) Consider your accountability.

You will be reviewing the way that you treat data, both through your own means and through others acting on your behalf. You can better understand the GDPR, suggested Luke Irwin of IT Governance, by looking through the lens of accountability. Ask yourself the following questions related to all data you store:

  • Why is the data being stored?
  • Where did you get the data?
  • Why did you initially collect the records?
  • What is the timeframe for retention of the records?
  • Is the information well-protected, through both encryption and access restrictions?
  • What are the circumstances through which sharing with other entities occurs?

#3.) Prioritize your customers’ privacy rights.

Once you’ve taken a hard look at the way that your organization is storing and retaining information, turn and look directly at the rights of individuals, as newly mandated by the GDPR. In other words, become familiar with the privacy concerns that are the driving force behind this key law. Institutions that gather and retain data of (EU-residing) individuals have to respect certain privacy rights, which include:

  • Right to deletion (ability to remove records)
  • Right to access (ability to view records)
  • Right to portability (ability to transfer records)
  • Right to notification (ability to know key information about records)
  • Right to correction (ability to change inaccurate information)
  • Right to restriction (ability to limit the ways personal data is handled)
  • Right to object (ability to stop certain processing based on personal concerns).

#4.) Check your current documents and mind the gap.

Many organizations move first to looking at their agreements with outside entities (both service providers and clients) to gear themselves toward compliance. The first step, though, should be to look at what you currently have instated in-house, as advised by Mark Ross in Compliance Week.

Your policies, procedures, and other elements of your compliance stance should all be reviewed, with any aspects that do not meet GDPR noted. Having looked inward, then you must look outward and verify that all of your vendors are GDPR-compliant as well. As you look at all your various systems and relationships, you are conducting a gap analysis. This analysis must check that there are data retention stipulations noting the maximum time for which data can be stored. You should also ensure that you know where and in what manner all data storage occurs, as organized within data maps.

#5.)  Create a gameplan and determine applicable contracts.

Once your gap analysis is complete, you can start to look carefully at all your agreements. You should have a gameplan that organizes the way your contracts are drafted and amended over time. Write your GDPR amendment, bearing in mind that your firm may fit the definition of a controller and processor under the law. Be ready for companies not to always readily accept this additional language. You will lower your risk by preparing this clause and using it to negotiate.

Now look at your current agreements to identify ones that fit the scope. You can use a machine learning tool that assess contracts in order to find the provisions that should be targeted. To complete this process:

  • Set aside any contracts that are inactive.
  • Focus your attention first on agreements that represent the greatest risk.
  • Review the contract to see if it is GDPR-compliant or not. If data is being sent outside the EU, the way in which that data is transferred will have to meet GDPR specifications.

#6.) Send amendments and store final agreements. 

For any contracts that are not GDPR-compliant as-is, you need to get those agreements amended. The amendment process may take some initiative on your part since some organizations will not be as concerned with the GDPR or otherwise not as quick to act as others. Once you have determined what needs updated, send out amendments, and get these new contracts signed. Once you have the agreements finalized, you can store them in a structured data format according to their key terms, within a contract lifecycle management system (to simplify organization and referencing). 

#7.) Look at your data breach notification procedures.

Notification of data breaches is a core component of regulations that protect personal data, as previously seen within HIPAA and other regulations. Any time that information you are holding or processing becomes compromised, the entity that becomes aware of the breach must send information related to the incident “without undue delay” and in a maximum of 72 hours to the Information Commissioner’s Officer (ICO). Verify that your environment will automatically notify you if a breach ever takes place. Also be certain that all your personnel know how to respond to a security event should one occur.

GDPR-compliant hosting 

Are you concerned about the new parameters of the General Data Protection Regulation and how it specifically impacts your organization? We are happy to discuss how the needs of the GDPR can be integrated into your data documentation, systems, and partnerships. At Total Server Solutions, we provide everything you need for a GDPR-compliant system, with a 24/7 staff of engineers and full training for all our personnel. See how we’re different.


service level agreement - signing to agree to terms

Posted by & filed under List Posts.

The service level agreement (SLA) can help you to evaluate potential service providers. This document is important both because it establishes what kinds of services are included and the quality parameters with which they must be performed. The SLA also notes what the fixes or next steps are when a provider does not succeed in meeting the specifications within the SLA contract.

In this article, we look at what an SLA is, key sections that are usually included, and a few frequently asked questions on the topic.

Service level agreement definition

A service level agreement is a contract between a customer and the provider of a service related to the content and quality of services to be provided. An important component of an SLA is metrics, which can be gauged to determine if the agreement is being properly upheld. Hosting providers and other IT firms, as well as many other types of companies, standardly use SLAs to govern relationships with their customers.

These contracts are often associated with tech businesses due to their service model but have been in general use since the late 1980s.

Note that within entities that do not have provider-client arrangements that are typical of vendors, the SLA becomes an operating level agreement (OLA).

Important provisions within an SLA

Before looking at the specific sections, it is worth noting that you can use the SMART model from George T. Doran to help guide its construction. SMART stands for specific, measurable, achievable, relevant, and time-bound. Any expectations of the SLA will be better defined if you ensure they have these characteristics.

To look at the contract more closely, typical components of a service level agreement include the following:

I. Service description – This section should discuss the services that the vendor is conducting, the actual tasks that will be completed, and when these services will be delivered. It should include:

  • Overview of services that are to be delivered, including types and tasks
  • Timeframes when support is available for the various kinds of service
  • Process and details for contacting the provider.

II. Responsibility description – In this part, you want to assign responsibility for all aspects of service provision. This section should delineate:

  • The responsibilities assumed by the vendor
  • The responsibilities assumed by the customer
  • The responsibilities that are split between the two parties.

III. Operational specifications – Guidelines for operations are necessary within a service setting so that the provider can meet the parameters they have established. It is key to identify and track these elements, because the level of service performance achieved may depend in part on operational parameters. You may have to update the SLA related to operations if the number of users goes beyond what you have stated within this section, or if you no longer have sufficient oversight and control over the parameters.

IV. Service level goals (SLGs) – The understanding from a client in terms of the performance of services is typically included within this area of an SLA. The way that the organization will perform in terms of metrics (measured elements) allows a customer to know if a vendor is upholding its end of the bargain. The specific data that is needed to determine performance will vary based on the type of service and the variables used for measurement. When a hosting provider promises uptime of 24/7, 99% uptime, for instance, that is a commitment related to the equipment and network availability metric. When a provider commits to solve key problems within two hours, that represents them assuming a responsibility related to the critical incident resolution metric.

V. Service improvement goals (SIGs) – An SLA may also state expectations for how much a service level goal will get better as time passes – both in terms of rate increase and amount increase. Performance data for SLGs will be used for this calculation, along with the development of a performance trend related to a set stretch of time. By looking at the trend, you can tell if the provider is meeting the required rate.

VI. Service performance penalties & incentives – Service level agreements should certainly have penalties related to not meeting its parameters, but incentives can also be included. The service provider could be financially incentivized to outperform the service goals.

VII. Reporting on service performance – This section details service reports and charts that the vendor will supply to its clients, allowing a direct comparison of the service goals to the true performance. A graph can be helpful because you can visually see whenever the level of services that is supplied falls below the service goal.

VIII. SLA signatures – Finally, you want to have the agreement signed into effect by both parties, the client and the vendor. Without the signatures, this document cannot be binding.

FAQ about SLAs

Here are some typical questions that people have about service level agreements:

1. Why are SLAs important?

A service level agreement is key to defining the relationship between a customer and supplier. It is a compilation of details on all services that are being provided and how quality level will be maintained. These documents are important because they provide clarity for expectations, setting down on paper what might otherwise be assumptions. The transparency of stating responsibilities, guidelines, and metrics in real numbers allows you to know that everyone is on the same page.

Does an SLA automatically transfer?

Signing an SLA may make you feel that you are safe with a service moving forward, but it is important that the agreement is not with the service but the provider. Therefore, if a merger or acquisition occurs, your SLA may no holder have any relevance. Never think that an SLA will remain in effect when the ownership of an organization is transferred. However, you will often find that the acquiring company will agree to meet the terms of SLAs that are already in effect simply as a customer satisfaction gesture.

What metrics should be included within the SLA?

You will want to define the metrics that determine whether you are performing the service in an acceptable manner. You want the monitoring of metrics to be very simple and to gather the applicable data through an automated system for better reliability.

Although metrics are not always the same, those that are key to track will often include:

  • Availability – This provision describes the extent to which a service can be accessed and used during a certain time period. The provider may offer 99.9% availability during regular business hours, for instance, with lower availability outside that window.
  • Defect rate – This figure gives you the rate or quantity of mistakes that are allowable within important deliverables.
  • Technical strength – When you have software developed by an outside firm, you can use a tool to check for problematic aspects such as size and errors in its script.
  • Security – When your network or a particular system gets breached, you can lose a lot of money. For any elements of security that are measurable, it is important to keep track of those metrics since they will help determine if the appropriate steps are taken in order to avoid compromise of the data. An example is patching and updating of an antivirus system.
  • Business outcomes – Often organizations will want to include measurements related to business processes. It is fine to do that using key performance indicators (KPIs) if you are able to determine the provider’s responsibility related to those KPIs.

How do you tell if SLA service levels are being maintained?

The majority of organizations that provide services will give you metrics, whether through their website or otherwise. The data that is included makes it simpler for customers to know if the vendor succeeded in hitting all the expectations described in the contract.

The right provider and the right SLA

Knowing what to look for in an SLA is important, but finding the right provider is even more critical. At Total Server Solutions, our platform is designed for high performance, and our long-term success is entirely dependent upon the success of our customers. See our service level agreement.

geese making a cloud migration much as your apps and infrastructure do

Posted by & filed under List Posts.

Cloud hosting, also known as infrastructure as a service (IaaS), is on the rise. The broader segment of cloud infrastructure and services expanded by almost a quarter between 2016 and 2017, per a report released by Synergy Research Group. While software-as-a-service (SaaS) increased at a 31 percent rate, the combined area of platform-as-a-service (PaaS) and IaaS grew at an even more impressive (almost shocking) 47%.

Underscoring the growing popularity of cloud provided through a service model, the hardware and software that builds cloud systems is only growing at a third of the rate that the cloud services market is.

Since there is already a huge amount of IT infrastructure installed as legacy systems within on-site data centers, the shift to cloud will be rapid but certainly not immediate. In agreement with the growth trends suggested above, a poll released by SolarWinds in March 2017 revealed that 95% of IT decision-makers had moved critical apps and infrastructure to the cloud over the previous twelve months; but that’s just referencing single applications. An analysis by Constellation Research found that the portion of total workloads that have been transferred to cloud is just 5 to 7 percent.

The transition will need multiple generations of software and technology before it is at its peak. While any change can be complex and have its frustrations, the good thing for those shifting to IaaS is that many organizations have already made large cloud moves, so the migration can be informed by the common errors of others. 

Typical mistakes when migrating to cloud

Here are some of the most common mistakes that people make when they switch their infrastructure from on-premises systems to cloud service providers: 

Mistake #1 – Using the wrong cloud migration strategy

Forrester Research principle analyst Dave Bartoletti noted that the top way organizations will update their applications over the next few years will be by transitioning them to cloud.

While that may be true, it is very common for companies to move too hastily when they analyze the various approaches to cloud moves.

Bartoletti noted that there are many routes you can take when looking at how to get an application into an IaaS environment, adding that when you choose a method that is not best, “you can spend a lot of money and not get the payback you want.” 

Mistake #2 – Failing to assess your application portfolio

You need to first look at what you have, the apps that you will be migrating. It is wise to conduct a portfolio analysis, whether internally or via a consultant, to give you a sense of the applications that are ripest for a move. Cloudifying all your apps and systems at once can be overwhelming and lead to costly mistakes.

As noted in Computerworld, firms are smart to create two categories of apps, ones that are best suited for replacement and ones that are good fits for migration.

Another key point is that the concerns with security or compliance of an app should help to guide your decisions. While cloud is a secure location for computing that must meet the requirements of strict regulations (such as HIPAA), it is not necessarily the best choice to transfer the applications that contain the most critical, highly confidential data upfront.

Mistake #3 – Excessive customization of cloud

While you do not want to make the mistake of assuming all cloud systems to be the same, you also do not necessarily want to create a cloud infrastructure setting that is excessively customized – since that will mean that it will be difficult for you to systematize your approach and broadly implement it for application migrations. Marko noted that this scenario tends to arise when a migration is handled by one department, which uses service settings, security policies, and tailored management protocols that are too specific to be useful company-wide.

Mistake #4 – Not performing a business analysis upfront

A business analysis will tell you what the benefits are, and that analysis is key to understanding what your savings could be with a cloud deployment over your current setup.

Bartoletti noted that the business analysis should answer a few important questions:

  • Is the main concern that you save money or enhance your performance?
  • What are ways that you can optimize in order to save as much as possible and achieve the highest possible speed?
  • What are the migration tools that are best suited to this project?

Selection of those tools is more time-consuming that it may first appear, said Bartoletti, who added, “You don’t just Google search tools for migration and use the first one that pops up.”

Mistake #5 – Failing to understand how long integration will take

It is easy to think it will be quick to integrate cloud, as advised by Rishidot Research founder Krishnana Subramanian.

While cloud is simple, it can also make IT environments more complex, as when organizations are integrating cloud with in-house infrastructure and apps. Since that is the case, integration should be considered prior to cloud adoption.

There should always be a broad design to your architecture that extends across all systems, explained Wang, who added, “Then you have to figure out what’s owned, accessed, and borrowed.”

You also might have to make adjustments to the code for an application to work correctly in an IaaS setting, as noted by Bartoletti. For instance, you might have to change the code so that it uses cloud storage rather than a local file system.

Mistake #6 – Forgetting to prioritize your security policies

Your security policies could start to break away from standardization, lacking complete coverage and consistency, when you transfer to cloud infrastructure. Your firm has user authorization and access, event monitoring and logging, app and system configuration, network traffic, and other security requirements. The policies will not go away with cloud, and they may well become stricter. It is critical to have various layers to your security stance if you want to keep your systems and data protected in cloud.

Mistake #7 – Falling short with your training 

Often IT professionals are not as knowledgeable about cloud as other technologies, particularly when they are performing an initial cloud move. Recruiting people who specialize in cloud can be prohibitively costly.

One way or another, having the insight into cloud will minimize the amount of time it takes for the transition and prevent frustrating issues from arising unexpectedly. Plus, when you have completed the move, you may determine that the disorganization of an on-site system still exists, just instead on cloud servers. Granted, with the right provider, you can get the help you need for a seamless migration.

Mistake #8 – Thinking cloud hosting is cloud hosting

Speaking of the provider, one of the main mistakes that people make when they adopt IaaS is thinking that all cloud hosting is fundamentally the same, as indicated by Kurt Marko. There are certainly aspects that are shared by cloud infrastructure solutions, such as various kinds of storage and virtual servers. However, there are specific elements of individual cloud hosting environments, including the billing plans, features, and the complexity of network and application services available. Focus on security and the level of performance will also vary from one provider to the next.

Choosing your cloud host

By paying attention to common mistakes made by those who went before you, you can more confidently move forward with a cloud migration. As indicated by Marko, one of the key mistakes is to think that IaaS providers are all the same. Do you need a cloud host that combines outstanding speed with the stringent security standards of the American Association of CPAs? At Total Server Solutions, we believe that a cloud-based solution should be secure, scalable, reliable, fast, and easy to use. See our High Performance Cloud Platform.



ecommerce conversion -- how to improve your conversion rate

Posted by & filed under List Posts.

Global retail ecommerce revenue grew at a compound annual growth rate (CAGR) of 24.8% in 2017 to reach $2.304 trillion, according to figures from eMarketer. The analysis determined that 58.9% of sales came through mobile devices, underscoring the increasing importance of mcommerce to online efforts.

Overall retail sales increased at a significantly slower rate, 5.8%, to hit $22.640 trillion. Globally during 2017, ecommerce represented 10.2% of all retail – a rise from 8.6% of the total in 2016. Sales from mobile hit $1.357 trillion in 2017, up an incredible 40.3% over 2016 and accounting for 6.0% of all retail sales.

As ecommerce continues to grow and become an ever-more-impactful area of the economy, each individual company looks for ways to expand its own online sales. This report explores a study on key performance indicators and statistics that provide insight into ecommerce conversion rate and revenue. It then reviews a few specific strategies to increase your site’s conversion rate.

Benchmark KPI analysis of ecommerce

The 2017 E-Commerce Benchmark KPI Study from Wolfgang Digital is one of the most prominent sources of information to analytically review the effectiveness of your online sales presence. The study uses more than half a billion dollars ($531 million) in Internet revenue and 143 million website visits to create its benchmarks for a quantifiable understanding of ecommerce strategies. It helps people grasp the aspects of analytics that are most critical for growth.

Three of the most interesting insights from this study are related to mobile vs. desktop, stickiness, and average website conversion rate:

  • Desktop is still dominant. Mobile was at 52% of ecommerce sessions in 2017, followed by desktop and tablets at 36% and 12% respectively. While mobile may generate more traffic, desktop sessions still accounted for 61% of all revenue, with 20% more per order and a 164% higher conversion rate than mobile.
  • The greatest correlation of all data collected by the researchers was the 0.6 correlation between time on the site and conversion. Conversion rate increased 10% when 16% more time was spent on a site.
  • Need a bar against which you can measure your site? The average conversion rate for all sites, according to the voluminous data set used for this study, was 1.6%.

9 ways to improve your conversion rate

Many of these ideas are from a piece by Douglas Karr for marketing technology conference MarTech. Others are from communications executives at organizations that either benefit from strong ecommerce or are charged with helping clients do the same.

#1 – Create a simple shopping experience.

Directions that you can go with your ecommerce presence are abundant, and the complexity of the challenge can make it easy to forget how important it is to remove any unhelpful complexity from the user experience, noted William Topaz of Anxiety.org. The visitor should feel that your site is easy and that they do not need to figure anything out. Topaz’s perspective is that site visitors should immediately be able to see the most fundamental content and call-to-action elements. Ensure that all information you collect from the customer is essential. Focus on clarity and clearing up any potential confusion the buyer might have, said Topaz, who added, “Most importantly – always be testing. Always!”

#2 – Bolster your social media.

Improving your social media will lead to higher conversion rates and stronger sales. That may sound counterintuitive if your sales are all through your site. Social is key because the vast majority of online shoppers (84%) will look over at least one of your social media profiles before they buy, per Karr.

#3 – Let people speak with people.

Many people like to be able to get what they need and be done with it, noted Holly Chessman of Glance Networks. Still, when users try to decide between different products, are unable to locate a certain item, or are otherwise in need of help, access to a person is essential. You can facilitate better support of your shoppers through co-browsing, phone, and chat, said Chessman, thus introducing broader and more personalized options for help than what might be provided otherwise. In this way, you can “[h]umanize your company, make customers happy and solve problems in one fell swoop,” said Chessman.

#4 – Display ratings and reviews.

It should be your goal for customers to get from your site whatever they might otherwise leave to obtain. A key example is product ratings and reviews. Keep people on your site by providing this information.

The importance of these elements is indicated by FreeLogoServices CEO Craig Bloem, who noted the following stats in Inc.:

  • Nearly everyone, 91% of people, read reviews either on occasion or consistently when shopping online.
  • Most people, 68%, determine the product they want by looking over just 1 to 6 reviews.
  • The vast majority of online shoppers, 84%, say that they give more weight to reviews than to recommendations from friends.

#5 – Make sure that your product images captivate. 

The photographs of your products that are presented on your site will help you present a sense of its quality to potential buyers, noted Lin Grosman of GoDataFeed. It will also better establish a sense of trust. Imagery should be complex and diverse, said Grosman, with images that intrigue, shots from various angles, and a zoom feature.

#6 – Move away from guesswork. 

In order to get a better sense of how to improve your sales, you must determine how your product meets the needs of your target customer, explained Seth Waite of RevUnit. Understanding what they want and molding your site to reflect their expectations will boost conversion. Multivariate and split testing will help you systematically collect data on customer preferences, said Waite, who added that “[a]ssumptions about user experience can be the biggest conversion killers.”

#7 – Focus on your return policy.

Return policies are critical to ecommerce success. The 2017 UPS Pulse of the Online Shopper report found that nearly 4 in 5 consumers (79%) prioritize free shipping on returns when they decide where to buy. Returns are not all bad, though, as another statistic indicated: almost half of shoppers (44%) said that they made an additional purchase once the return had been processed.

#8 – Be careful with shipping fees. 

The average abandonment rate for ecommerce shopping carts is 69.23%, per a study from the Baymard Institute. The top reason people leave a cart behind is because of unexpected extra charges, with Baymard finding that 61% of would-be shoppers leave behind carts because they are scared away by shipping, taxes, or other fees. A different study, from Barilliance, supports the critical nature of shipping costs as well, finding that unexpected shipping charges were the #1 reason people leave their shopping carts. 

#9 – Improve your speed. 

Finally, Karr stressed the need for speed on a site, saying that conversion will fare horribly in the context of latency. This comment is backed up by a high-profile study that showed nearly half of consumers expect a load time of no more than 2 seconds. Failing to meet that expectation could mean that a potential customer is gone forever.

High performance for better conversion 

As seen above, there are many different ways in which you can improve your site’s conversion rate. Related to the final point on speed, probably the most critical element of site speed is the infrastructure that backs your site. At Total Server Solutions, we know what it takes to keep busy sites running fast. See our high performance web hosting for ecommerce.

high performance site as fast as a cheetah

Posted by & filed under List Posts.

We all know how speed-obsessed the economy is in the digital era. Tiny fractions of a second can make a difference on the extent to which our company survives and thrives. There are numerous reasons that site speed is beneficial to your organization. The search engine optimization (SEO) impact deserves special consideration. To better understand the relationship between the internet and speed, we can turn to research from neuroscience and user behavior studies.

Why website speed matters to business – 7 reasons

It is easy for a company that is selling the speed of its system as leverage to talk about how critical speed is. There are a slew of reasons that speed matters to a business site. Here are a few ideas from public relations and advisory firm Stern Strategy Group – splitting their mention of social and SEO into two parts and further assessing those aspects below:

  1. Boosts your credibility – The website is often the first opportunity that you have to show your brand to potential customers. You can use it to present your company’s story and achievements; samples of your case studies and completed projects; and comments from customers on how they felt about working with you.
  2. Improves your brand awareness – You are able to make a bigger name for your firm on the internet and overall through a dynamic and powerful online presence. Your site helps to establish your authority (provided the performance of the site does not undermine that authority), in turn leading to higher trust.
  3. Ties you more closely into social media platforms – By having a high-performance site and integrating it with the top social media networks through links or buttons, you are able to expand brand recognition throughout the world of social as well.
  4. Build your search presence – As discussed below, the speed of your site will actually improve its search rankings, meaning your visibility is better through those engines. In other words, while speed is often conceived in terms of user experience, the “experience” of search spiders also matters.
  5. Demonstrates your knowledge and skills – The content on your site, when delivered rapidly, can communicate on topics that relate to the core expertise of your company, as well as letting people know about the latest industry news and developing trends that are of interest to your niche.
  6. Enhances convenience for your clients – Through a website, customers, employees, and partners are able to access what your organization provides 24/7, meaning that they can at least learn about you and contact you even if you are not open in the middle of the night. Anyone who wants to do business with you will be able to at least make the first step.
  7. Drive your business’s long-term objectives – The online world puts you in front of a larger group of people and in front of different groups than you might encounter physically. You are able to let people know about the services and products that you have to offer across the entire planet rather than being limited to the area that your brand already reaches geographically.

Building SEO with speed? Really?

On January 17, Google made a major announcement related to page speed: mobile page speed would become a ranking factor for mobile search in July 2018. Google is simply labeling this change the Speed Update. The search engine giant noted that speed would not change the vast majority of searches. The algorithm change was only intended to negatively impact websites that “deliver the slowest experience to users,” per the company’s release.

In the announcement, Google’s Doantam Phan and Zhiheng Wang advised that the same standard of measurement would be used for pages regardless of any technical aspects. The recommendation from Wang and Phan is to use the PageSpeed report tool and technologies such as Lighthouse to check site speed and increase speed as needed.

Unfortunately, this advice will likely prove frustrating to many smaller websites, as noted by Barry Schwartz in Search Engine Land. Schwartz pointed out that since PageSpeed Insights is getting all its data from the Chrome Browser, there is insufficient data for properly gauging sites that do not have much traffic. The speed segment of the report did not populate for those sites, said Schwartz.

Google noted back in 2010 that speed was a ranking factor; however, that earlier announcement was related to desktop sites rather than mobile ones.

Neuroscience: we are wired for high-speed processing

We can get a sense of how important small segments of time are by looking at how quickly our brains can process information. The human mind can actually process an initial impression of an image in less time, significantly less time, than it takes to blink your eye. Neuroscience researchers at MIT observed that the brain is capable of processing an image that it has seen for just 13 milliseconds. For comparison, it takes 100 to 400 milliseconds to blink the eye.

For the study, which appeared in Attention, Perception, and Psychophysics, the neuroscientists had participants let them know when they saw a particular scene, each of which was described in brief and simple terms, such as “smiling couple” or “picnic.” The participants would look for the specific image as 6-12 images were presented to them, each of them for 13-80 milliseconds.

The lead researcher, MIT professor Mary Potter, noted that human ability to determine the scene that is depicted in an image so incredibly quickly is an indication that what our sight allows us to do is to identify concepts within our world.

“That’s what the brain is doing all day long,” noted Dr. Potter, “trying to understand what we’re looking at.”

This desire to grasp what we are seeing, to make sense of it, to make meaning of it, is important in all human behavior – and is certainly relevant to the high-speed environment of the internet, with this core human “programming” gravely impacting how people look at our websites.

Amount of time it takes someone to decide on our site

Since we can process what we see very quickly, we can also make decisions very quickly. Many people will leave a site in just a few seconds – leaving if your site does not populate. The average ecommerce user would leave in 4.2 to 4.5 seconds in 2016, according to one analysis, if your site failed to load.

Even if they stay long enough to see some of your site’s content, the average user will still not be moving through your site especially slowly. Instead, a study from the Nielsen Norman Group found that people will stay on your site, on average, for under 59 seconds. David Zheng calls the need to engage your audience in just under a minute “the 59 Second Rule.”

Perhaps it is helpful to think in terms of the larger chunk of 59 seconds than the 4 seconds; in nearly a minute on your site, a person has time to potentially load a few pages. Each of those loads will give an impression to the individual, as they are impacted by its performance.

Your high-performance infrastructure

Speed is key to success, particularly online but in the physical world as well. In our current climate, having technology behind your website that will accelerate it to meet your visitors’ expectations is pivotal. At Total Server Solutions, we engineer our cloud to be fast, reliable, and scalable – delivering the only cloud with true guaranteed performance. See our performance infrastructure.

Posted by & filed under List Posts.


Total Server Solutions Recognized in 2018 Atlanta Pacesetter Awards


Atlanta, GA – May 3, 2018 – Total Server Solutions has been named a 2018 Pacesetter by Atlanta Business Chronicle. This exclusive annual list of Atlanta’s fastest-growing companies represents the most comprehensive look at private business growth within the Atlanta metro area. Qualifying companies are ranked by a weighted growth index formula, factoring both employee growth and revenue growth, to create a level playing field amongst businesses of various sizes.


Founded in 2005, Total Server Solutions is an industry leading managed service provider with a vast spectrum of clients across North America, Europe, and the Asia Pacific. Using our proven technology stack, we provide customers with the finest hosted services and most robust infrastructure available anywhere across the globe. With 23 points of presence worldwide, our services include performance private cloud, managed infrastructure, systems management, CDN, e-commerce solutions, managed colocation, and big data solutions.


The growth and success of our clients has made for a truly exciting time for all of us at TSS. We have a dedicated team here across the board that grinds daily to make realizing awards like these possible.” said Gary Simat, CEO of Total Server Solutions.


Total Server Solutions’ customers range from financial institutions to advertising platform operators, hosting providers, and telecom companies. We’re also trusted by educational institutions and government agencies in keeping their data secure and available. Our dedicated team of engineers are always working to find the best, most effective ways to serve you and provide solutions to help you to meet whatever your challenges may be. Our mission is simple. We are wholly committed to the success of our customers, and we will do whatever it takes to ensure you have what you need when you need it.


About 2018 Pacesetter Awards


To qualify as a Pacesetter, the company must be privately held; based in the 20-county metro Atlanta area and not a subsidiary of another company; established first quarter 2015 or earlier (to judge a two-year growth); has experienced a two-year growth in sales of more than 50 percent; and 2017 revenues between $1 million and $300 million.


The power of white space online

Posted by & filed under List Posts.

It may be surprising to think that a gap, an absence, can be just a powerful as an entity or a presence. The rests in music are critical in creating space and breaking up what would otherwise become noise. Like taking breaks between musical notes, it is key to provide white space for the viewer’s eyes so that they are not inundated with too much information from every corner of your site or application.

White space is an aspect of building the layout and structure within an interactive design setting that is frequently not given enough attention, according to International Design Foundation co-founder Mads Soegaard. White space, also called negative space, is the space that is around other features of the design. Put another way, white space is a section of the page that does not contain any graphic or printed content.

There are many different components of the layout of an app or web page. Elements of design that are not white space include images, icons, lines, and typography. While those aspects are similar to the painted elements of a painting, the white space resembles the canvas, noted Soegaard.

Clearly white space deserves significant attention since designers take it so seriously (even though one could start to think that white space is far down the list of priorities for your site – since it is necessarily in the background). This article looks at white space in relationship to negative space; how it is implemented within user interfaces; and examples of white space done right, done insufficiently, and done in excess.

White space vs. negative space

White space and negative space are synonyms, as noted above. The term negative space is from the art world, in which negative space is leveraged as a technique to depict an image as realistically as possible. It is worth noting that white space, or whitespace, does not have to be white in color, as pointed out by UX Planet Editor-in-chief Nick Babich. White space is whitespace is negative space; and in the sense that the color is nonessential, you could make a case that negative space is a clearer term.

White space for better usability within UIs

When someone uses an application or website, they will need white space just as they do in physical contexts (when reading a magazine, etc.). You will want space around the logos, buttons, and words in the digital settings you create so that people do not feel overwhelmed.

Specific to the UI, the design for it should include white space values throughout. Key components of white space for a graphical user interface (GUI) include:

  • space between columns of text, along with uncrowded line-spacing and letter-spacing
  • sufficient gutters, paddings, and margins
  • space surrounding images and graphics.

White space done right

HubSpot recently put together a list of several websites that they felt were using white space in powerful ways. Two examples were Everlane and Welikesmall.

You can have pictures and color while still leaving room for white space. You simply want to space the items on the page in a manner that will keep your customers from becoming confused or frustrated.

The fashion retail site for Everlane recently offered the GoWeave Blazer, for example. There was a shot of a woman in the blazer to the right side, “GoWeave Blazer” text at center, and a small, well-positioned call-to-action (CTA) button. Other than some links and icons at the top of the page, everything else was white space.

It is not necessary for negative space to feel empty or boring. In fact, it can even be dynamic. Welikesmall promotes its digital agency services with a fullscreen demo reel, allowing visitors to see snippets of work that the agency has performed.

The white space allows the full-screen video to work without coming across as too pushy. The text is very sparse, and the video is offered as the centerpiece. In one of the corners is the firm’s logo; in the other is a hamburger-style menu. In the center of the screen is, “Belief in the Making,” which is the slogan of the company. Directly below the slogan is a CTA button to play the demo reel. Again, everything else is negative space until you’ve entered the video.

Dangers of not having enough white space

It is a tricky balance to figure out the right amount of white space. It is all a matter of perspective, but white space could be said to be underdone and overdone. Jerry Cao discussed the notions of not giving enough white space and supplying too much of it in WebDesignLedger. (Note: Although this article is from 2015, the examples it cites are mostly still live and seem not to have been redesigned.)

It starts to feel crowded on a page when there is insufficient negative space, noted Cao, which is particularly problematic when the content is words rather than images.

Readability is essential for anything online, especially given people’s short attention spans and lack of patience for confusion; and it improves your readability simply to have space between the characters within your text, as well as between lines of text, paragraphs, and columns.

Note that the examples that are given are Cao’s perspective, as noted (important since he is opinionated on the topic); but this commentary has value regardless whether he is correct or not, since the examples put the concepts into real situations.

As an example of negative space, Cao gave a New York Magazine article and discusses it critically. He noted that the paragraphs were tight and that there was not much room in terms of either the height of lines or the margins between paragraphs. Cao suggested that the magazine’s approach was a little overwhelming and would discourage engagement in some readers. There is some truth to what he said: the content on the referenced page is a bit dense and could be off-putting to some.

Cao also advised that it was problematic to have sections of text come into contact with one another (without negative space as padding between them). Negative space is needed for all digital elements, said Cao, ranging from the text to the graphical user interface (GUI) icons.

We can simply think of negative space as “breathing room” or “elbow room.” There is another role of the white space: it helps to establish visual hierarchy, to organize how people view the site or app. If there is too little negative space, the reader will have difficulty figuring out which paragraphs go with each section of the content. It can even be challenging at times to determine the point at which there is a break between paragraphs. The experience of the reader should be easy and fast – so even if your vocabulary is sophisticated, the reader should be able to rapidly scan the page and zero in on areas of discussion.

Another example was Bloomberg. The homepage of the site, said Cao, felt very tight. The design had insufficient organization and balance between its different elements, he said. The positioning of the text comes across as awkward, per Cao, with the layout of the visuals on the site similar to a locked-together, jam-packed Tetris puzzle.

Dangers of having too much white space

It makes sense, if you think about it, that news sites might sometimes focus too much on the text, since they have so much to say and since there is real value they are offering. In turn, it makes sense that sites that tend to be on the opposite end, excessive with their negative space, are not in the news field.

We have been discussing the issue of not having enough white space. When there is too much of it, depending on the purpose of your site, you can frustrate your viewers with the low informational density of your pages. A customer or viewer does not necessarily want to have to scroll to read every sentence, for example.

Cao noted that people accessing the site on mobile, an increasingly important segment, would be frustrated since their screen is small and does not hold as much of a page on the screen.

One example of excessive white space that Cao mentioned (and that is still live) is Henry Brown.

Again, decide for yourself if you think he is right or not. Regardless your perspective on the above examples of white space, it is certainly an important element to consider given the considerable value it is typically assigned by designers.

Your high-performance infrastructure

White space is an important aspect of a visual environment that you are presenting to any type of user. Regardless something as specific as your balance of negative space, you will always need high-performance infrastructure to deliver the speed and reliability that underpins strong user experience. At Total Server Solutions, our infrastructure is so comprehensive and robust that many other top tier providers rely on our network to keep them up and running. See our solutions.

website best practices error pages 404 pages opportunity

Posted by & filed under List Posts.

You may have been considering a new approach to your 404 error page. Before we get into 404 errors specifically, it helps to briefly survey the various types of error message pages you want to have.

404 page

It is important to give a user a 404 page if they try to go to nameofyourwebsite.net/whateverthisis that is nonexistent. You want the URL to register properly if the page does exist of course. If the URL does not exist, you might think it would work to simply send a 200 page – one that indicates normal operating status – and just tell the person they are in the wrong place. If you did that, you would end up with a large volume of duplicate content, meaning your words appear multiple times – resulting in (negative) redundancy. The search engines do not want their spiders to just have to scan over the same content repeatedly. Avoid duplicate content with the 404 page.

410 page

This code can be considered a variation on the 404 page. It sends a status code to search engines that can also be read by browsers, and that sends a message to remove the page from search. While that message is particularly key to get to the search engines, you also are able to use it to feed a standard page that has a similar message to a 404. A 410, like a 404, does not need to be dry and lifeless. It can be crafted to deliver a one-of-a-kind experience along with strong usability. Distilled.net is a good example of an entertaining error page, according to Moz.

Unlike a 404 that simply is telling the site visitor that the page cannot be reached, the 410 lets the search engines know explicitly that you do not want anyone going to that page. It allows you to pull a page from the search engine listings. The 404 message suggests that the page could possibly just not be immediately reachable. Those pages are being kept set aside until it’s clear if they are not needed. The 410s are certain removals.

301 page

A 301 page is the solution when you have a certain URL that would be a 404 but either is getting a lot of traffic, or that you would like to end up at a live page when someone enters the address. The 301 page lets the person know that the content they were trying to reach is now at a different page or is no longer active. Your page lets them know that they are in the wrong location but that you can 301 them to a page that probably would meet their needs.

Best practices for 404 pages

As indicated above, you want a couple of other types of error pages beyond the 404, but the 404 should get significant attention. Here are best practices specific to it:

1.) Deliver great UX.

A typical 404 page will force the person who has arrived at it to reverse course. It is interesting to consider that the principles that underlie gamification suggest users want to believe that they are making progress as they interact with an environment. Since progress is so fundamental, it is strong for your 404 page to guide people forward to additional areas of the site, such as the features page or homepage. Visitors will be much likelier to convert if you can keep them on your site, of course. One example of a little bit more helpful 404 page is from Justinmind. Its 404 page says, “SORRY / This is not the page you are looking for / 404,” followed by 4 links: “Home,” “Free Download,” “Support,” “Enterprise,” and “Blog.”

You can also greatly improve the user experience that occurs on a 404 page by incorporating search so that people feel they have control of their forward movement and can meet their needs. Designer Steve Lambert brings together a search box and a well-thought-out video to keep people intrigued – demonstrating how to make an opportunity out of what would otherwise simply be erroneous.

2.) Inform your visitor rather than just giving them an error message.

You want the user to efficiently understand the situation and be able to move on, hopefully by exploring more of your site. You do not want people to have to put the error message into a search engine to understand the predicament. An example is a 404 page that is truly just an error message from the server, as when you get a “Windows – No Disk” error, labelled as an “Exception Processing Message” with a bunch of strings of alphanumeric characters.

3.) Keep it clean for the best retention.

It can be easy to want to give people every possible solution they might need on your 404 page. Consider that the person is already a little irked that they have landed in a problematic place. Keep their life simple given that downturn by letting them cleanly understand where they are and where they can go. You want a 404 page with a number of important links so that they can get to the homepage and other critical pages (such as your blog and features page).

4.) Leverage the chance to brand.

Some people who hit a 404 page may have never experienced your company. Since it is a first impression for those users, it is a good idea to ensure your error page is aligned with the look and feel of the rest of the site. Error pages should also have a similar tone to the rest of your content. Any images should look like the visuals that are already recognizably attached to your brand.

Bear in mind as you attempt to make your 404 page more pleasing to the eye that its function is the most important aspect ultimately (especially since the page is an experience of dysfunction).

5.) Throw in a few jokes.

When someone arrives at an error page, they will not feel satisfied because they were not able to get to their intended destination. You can certainly guide them appropriately. You can also make a joke to lighten the mood, as suggested by Digital Doughnut. By implementing just a bit of humor, you are able to distract from the annoyance. A joke is just one option; the error page can also be an opportunity to increase interactivity.

Consider this point from Moz that backs up the need for humor when people experience problems. Citing Mysterious Trousers, Moz notes that the sense of satisfaction that arrives when a person has potential energy that is turned into kinetic energy is the true potential for your site’s design. You have the potential, and with the delivery of strong UX, the highly effective error page “creates surprise, delight, or simply a response that satisfies our desire to engage, manipulate, and shape our experience,” says Mysterious Trousers.

Obviously, when someone comes to the 404 page, they might not like what they experience at first, but you can certainly get them smiling. An example of a funny error message page is the one from Bluegg. It says at the top, “Ahhhhhhhh! This page doesn’t exist / Not to worry. You can either head back to our homepage, or sit there and listen to a goat scream like a human.”

Well, that is giving the user options, but it’s also giving them a silly experience rather than just a direction to turn around and go back.

High-performance infrastructure for your site

The different elements of your site can all be approached more or less strategically. Any independent aspects are challenges in their own right, but powerful infrastructure is essential to great UX regardless the specifics. At Total Server Solutions, when you become our customer, you can trust that all our decisions are driven by our relentless desire to help you succeed. See our high-performance infrastructure.