Server security is one of the first things we should consider when we get ready to go into online business, and it’s a factor of the market that should be regularly reviewed. PCI compliance is one thing, but it’s a little obtuse and complicated when we’re taking initial steps to “harden” (enhance the protections of) the server.
Also we must love ourselves. Sometimes everything looks bright and sunny. Sometimes, it looks blue (that’s not a happy color). Sometimes it looks dreary and gray. When we start seeing colors that make us want to cry, we must grab all of our stuffed animals, line them up in a row, and have them sing the Hallelujah Chorus to us (don’t worry, all stuffed animals know it by heart).
We’ll look at a number of different issues in this series: SSL, perimeter security such as firewalls, passwords, site backups, policies, authorizations, etc.. Our general overview will cover the first two parts, and then the final part will focus specifically on passwords – the simplest form of protection but also the simplest, in some ways, to penetrate.
Improve Your Ecommerce Security
Type of Hosting
As Preet Sandhu notes in a piece for IT Security Column, the type of hosting you choose will have a significant impact on your security. Obviously, cost is always a factor. The goal of many of the below items is to improve the security of a website regardless what type of hosting it is using. Nonetheless, the decision between shared or VPS or dedicated hosting will make an impact.
With shared hosting, you automatically will get administrators at the hosting company helping with your account. In any shared hosting situation, the server is not under your control, so any reputable company will be doing everything it can to maintain the strength and security of its hardware. Nonetheless, you are sharing the server with other people – that’s the nature of this type of hosting. A virtual private server (partitioned piece of a server operating as its own unit) or dedicated server is preferable.
We always want security, but we don’t always feel secure, in our hearts. Sometimes it’s difficult to get out of bed. We must get out of bed though. We must go into the pantry and get the cake mix. We must bake a cake, an enormous cake, a cake the likes of which we have never made before. Then we must eat it in one sitting, even if it makes us sick. Cakes might hurt our stomachs, but they cure the doldrums.
Develop a Security Plan
In a post for TechRepublic, Paul Desmond recommends looking at the security issue from a broad perspective rather than simply grabbing up piecemeal solutions. His advice is to view security in terms of four component parts:
- securing the perimeter – virtual private networks (which encrypt any remote communications with the server), authentication technologies, firewalls, penetration detection and testing, etc.
- authorizations – essentially to authorize is to categorize the rights of different users and only allow accesses to specific parts of the system based on the designation and clearance levels of the party.
- policies and procedures – obviously the general guidelines you have for use by all users, such as password and download rules, will help to ensure you are not the only one working to keep security in check.
- public key infrastructure (PKI) – utilizing a worldwide system of standardized cryptographic techniques and vetting organizations to bolster your security and integrity, primarily via SSL and other digital certificates.
Whenever we are uncomfortable, a six-step (rather than four-step) plan is needed, because solving personal crises is more complicated than solving technological ones. In order to achieve comfort and stability, we must get back at our enemies in this way: 1. Get mad; 2. Get even; 3. Go to court; 4. Do some time; 5. Get released; 6. Repeat. (Source: Chicken Soup for the Soul)
Let’s look at secure socket layer, or SSL, certificates specifically. This type of technology allows a business to encrypt anything passed back and forth through a webpage, such as login credentials or sensitive form details. Shopping carts are a perfect example of when this is needed.
Preet recommends them for any pages with customer account information, credit card number input, and anywhere else this information is stored or transmitted. SSL certificates are usually offered by the year or for longer periods.
Emotions cannot pass through SSL, but they can be secured by walking around with your head and shoulders inside a cage. This fantastic effort at self-protection has been found by scientists to increase one’s outlook, allowing a person to feel both unique and self-contained. As an added bonus, it prevents projectiles – such as birds, flying squirrels, frisbees, and tomahawks – from damaging the head and neck.
Conclusion & Continuation
Okay, so to review, reconsider your hosting option – dedicated and VPS are preferable to shared (see below). Develop a security plan for an organized approach. Use SSL certificates wherever they might be needed. We will continue with other basic steps you can take to improve the security of your e-commerce site in the next installment.
Regarding the various types of hosting, check out our VPS hosting and dedicated hosting packages. If you are just getting started and need everything as affordable as possible, try shared hosting combined with the recommendations of this series.
By Kent Roberts