As an increasing amount of purchasing activity moves onto the internet, consumers’ expectations of speed and privacy are becoming more stringent. To talk about the technical aspects of creating an exceptional user experience as well as recent privacy and security risks in ecommerce, we interviewed Charles Serian, CTO of Smart Living Company.
What would you say is the current state of e-commerce technology? What’s happening, what’s new, what’s different?
E-commerce as a technology is mainstream and as such, technologists spend most of their time refining things that we’ve been doing for well over a decade. The one thing I would say is new and exciting (though it’s not new globally) is mobile and tablet, specifically responsive design. Trying to make sites look great and behave well on a tablet is really the big thing this year.
The reason I say it’s not really new is because I can remember writing WAP (Wireless Application Protocol) interfaces for e-commerce sites over a decade ago. So it’s like the market has finally caught up with technology and the end user has caught up with what technologists always thought was going to be cool. I think that’s the hot thing for 2014 — trying to get a really great experience for the user on the web, on the phone, and on the tablet.
Obviously, with frontend development, there’s a lot to do with product design and how it’s coded. However, when it comes to backend technologies, what are the difficulties you’re seeing with server-side or infrastructure development?
I see that more on the frontend as well because in a traditional SOA (Service-Oriented Architecture) implementation, your approaches to service development are not device specific. As such, the approaches remain relatively the same as they’ve been for years — services move data and provide functionality. The challenges I see in services and infrastructure are around uptime, security and scalability.
What changes have you seen on the data/server side?
Over the years, ecommerce has gone from something that people thought would be very cool and might catch on to something that has really become commonplace and has been for a while. When I think about what’s changed on the backend and the middle layer, I think a lot about scale and speed.
With the changes that Google made to their algorithm, they’re judging on speed at this point. Of course they’re evaluating pages for their content and coding to show best-in-breed technology but speed has become a very important factor in how well you rank on the search engine results pages. You have to evaluate everything that you do, from the front-end of an application down to the database tables, with speed in mind.
I think a fine example is searching on Amazon.com, you’ll get your first results page back. When you click on the next page it loads almost instantaneously. That’s to gather the data, send the data, and render the data. In my mind, they’ve set the gold standard.
What are some things you’re doing on the security side to mitigate risk at Smart Living Company?
Security is incredibly important to us. Of course, we follow all of the best practices of PCI (Payment Card Industry). We’re always on the lookout for new exploits that could potentially impact us. We require complex passwords from our members — in some ways, to protect them from themselves. We make sure our network is locked down tight. We host in a secure environment. Even I can’t just walk into the server room. We ensure that the sensitive data we send over the wire is encrypted. But all of that is just part of the bigger security picture.
The other part of security is the human factor, which is part of the PCI requirements and equally important. I think a lot of people focus on firewalls, passwords and encryption they’re using, but they don’t really indoctrinate their team on how to keep their systems secure. That’s a great vector for attack — to compromise a machine inside of a company and then use that to piggyback into a more sensitive asset.
What has had the most significance security-wise in the past year?
The security breaches we’ve seen recently at large companies. When you see large companies get compromised, it serves as a reminder that dealing with security issues are an ever changing and daily issue. Another significant exploit was CryptoLocker – a virus that, if you installed it on your computer inadvertently, would encrypt your data and hold your machine hostage. That was a threat we jumped on the second we heard about it. When you get a zero-day event, you have to deal with it immediately — everything else stops.