Cybersecurity Sessions #1: Protecting customer experience for Black Friday

With Black Friday looming, customer experience should be one of the things keeping eCommerce managers up at night but how do performance and security overlap in ensuring retail sites are safeguarded?
Alex McConnell Cybersecurity Content Specialist

In this podcast, Andy Still and Deri Jones will discuss the importance of customer experience to eCommerce, and how both web performance and cybersecurity play a role in this. With Black Friday approaching, they will consider where these overlap in sometimes unexpected ways, and how typical security concerns like bots can also impact performance.

Deri JonesDeri Jones, CEO, ThinkTribe

A serial tech entrepreneur, Deri started with a degree in Electronics from Cambridge University, led the marketing at the Fibre Optics networking pioneer, and played a key role in the UK’s first internet provider. He is now CEO at ThinkTribe, helping 50 blue-chips with the increasing challenge to ensure their users’ CX is a fast and error-free experience whilst the digital technology becomes more complex.

 

Key points

  • The rise of Black Friday as a peak trading phenomenon online
  • How the wide range of marketing add-ons affects website performance and security
  • The challenge of testing websites when so much is constantly changing
  • How threats like scraper bots can damage web performance and customer experience at peak times

 

Andy Still  00:06

Hello, welcome. Welcome one and all to the Cybersecurity Sessions. This is the first episode of this new podcast. We're starting today, where we'll be talking about some of the challenges and innovative solutions being developed within the cybersecurity industry. I'm your host for this podcast, Andy Still. I'm the CTO and one of the founders of Netacea, the leading and only fully agentless bot management solution. Thank you for coming along and joining us today for what we hope will be a monthly podcast. Every month we'll have a new and exciting guest. Joining me for this first episode is Deri Jones. Deri is the CEO of ThinkTribe. Deri is here to talk about some of the challenges of maintaining customer experience over Black Friday, and general over peak periods, particularly around how cybersecurity and performance challenges whether the environments whether the competitors. My background is in web performance. So, this is a subject that is very close to my heart as well. Thank you, Deri, for joining us today. It's great. Pleasure to have you here today. Before we dive into the details, do you want to quickly introduce yourself to the listeners?

 

Deri Jones  01:17

Yeah, sure. Thanks for introducing me as a new and exciting guest. That's the first time now? Possibly not the first time but yeah, thanks for that. Yeah, so yeah, customer experience is key for me. I'm Chief Executive of ThinkTribe. My history goes back a long way the internet. Not a lot of people know this. But the internet in the UK, did not start in London. Interestingly enough, it started in Canterbury, which is where I now live. It was a bunch of techies at the University of Kent, Unix gurus. And there's a whole lot of people from around the UK dialing into Canterbury, with good old-fashioned modems, all those lovely noises, to pick up that email and then use groups. This is even before Tim Berners-Lee created the web protocols. There wasn't even a World Wide Web. There were only email news groups, and some other primitive ways of navigating information. So, I came down here to Canterbury there's three techies in the lab built a company, I became the first marketing Chief Executive Director. And the rest is history. I remember. Yeah, the rest is history. I've been down in Canterbury ever since. Since then, I've also worked in the security space like, you guys, and more recently with ThinkTribe, where we work with 50 of the biggest UK retailers and beyond. And it's all about the battle of customer experience these days. Yeah.

 

Andy Still  02:42

Brilliant, I think it's interesting to see how the world has changed since you were involved with very interesting to think of the Internet before the World Wide Web that is a whole different, a whole different world, the world of news groups and things like that. And I guess over the years, you've seen a lot of changes, but particularly, I'm thinking around the peak period, and how that as how that has changed dramatically over the last 20 years, but particularly 10 years, I think is or this is obviously a different story in the US. But in the UK, I think Black Friday wasn't really a thing. As recently as 10 years ago, what would you say the impact of Black Friday and general peak period is on your retail customers and the challenges they face?

 

Deri Jones  03:31

Well, it's obviously been enormous as you say it came in sneaked in from across the Atlantic, in those first few years took a lot of retailers by surprise, in a sentence because the internet was going through this transformation wasn't it from for a lot of big retailers, it was only a certain percentage of their annual sales. It wasn't, wasn't that big. And then suddenly, there came a point where boards of directors were realizing hey, this, this internet thing is bigger than our London store turnover. Our flagship store on Oxford Street does less than that. Ah, ok. And so, people started to take digital seriously that was that was 5, 10 years ago. And, you know, now boards are taking obviously digital and of course COVID has accelerated even more. It's all there is released, it's digital, and the stores supporting it and working together with it.

 

Andy Still  04:27

Did you find your customers peak last year was significantly bigger? Because, you know, everyone was buying everything online.

 

Deri Jones  04:39

It was bigger for a lot of our clients. I mean, for some of our clients it was double what they've done the previous online - particularly for the smaller the smaller retailers who were just exciting up from the bottom, but yeah, everybody did a lot more than our biggest clients like, you know, the billion-dollar, billion-pound turnover Dixon carries you substantially up on the previous year. And some people sail through it, some people, it was their first real experience of an unexpectedly high level, and they struggled a bit. I think the one takeaway that we saw most commonly was the days of people's website literally falling over dead as a dodo. Not so much. But what we saw a lot of clients struggling with was in certain functionality, really struggling certain subsets of their product set, what my guts call the sort of the unbuyable product nightmare, where you can find certain things and then you can't actually buy them, something goes wrong in the middle. And that, that can be a range of things from the overload itself, it can be the marketing guys changing with our A/B testing, you know, changing some A/B testing that morning that week, and the site is no longer what it was a week ago. And I think overall, what's changed in the last 20 years online, 30 years is websites used to be really nice and simple. HTML, a few images, few links, drop down one file, HTML, you can have a webpage with just one HTML file, you could do it in Notepad, yourself. Now you've got teams of multiple teams. And of course, JavaScript means that your webpage depends on so much functionality in so much code. And it's, your team are changing. Your outsourced team are changing it. Your A/B supplies guys, they're changing the JavaScript. So, there's so many moving parts. And it's just so common that something somewhere rubs up the wrong way. And yeah, customer experience suffers.

 

Andy Still  06:43

Yeah, I thought it was one of the biggest challenges. When I was in the performance space, was the way that control was moving out of the hands of the development team who built the website, and into the hands of various groups across the business. So, you've mentioned already tools such as marketing tools, A/B tools, SEO tools, and how easy it was to for the marketing team to suddenly drop another JavaScript tag in there and another, another, and you ended up with, you know, 20, 30 pieces of third-party JavaScript being absorbed into the website affecting performance in a untestable way. Is that one a challenge that you see, particularly in the sites that you manage?

 

Deri Jones  07:34

Yeah, it's interesting, that untestable way, interesting, it is testable, but it's extremely hard. The challenge, I guess you guys kind of drop solutions into the space as well. People do more and more testing, shift, left testing or so on, during the dry run the code while it's still on the inside and still clean. But of course, it's only when it goes into production, is your code having to find its way with all the other layers on top? A/B testing, people doing machine learning AI plugins for better search, and so on and so on. So, somebody told me there are 4000 marketing technology suppliers trying to sell you bolt ons to your codebase. So, it's only in your production. And of course, it's then changing every day. So, it's no good testing yesterday because it's different today. I guess you have a similar thing in terms of bots, traffic, and so on, you're trying to protect clients against that changes every day, isn't it? You can’t know what the bot traffic will be this morning, just because you looked at it yesterday. So, from our perspective, it's the old truth about, you know, test your website, do what the customers do, which is our kind of mantra, if the only testing is to be the customer do the customer thing online. Just what our technology does. But of course, you've really got to do that 24/7, as well as the big tests before Black Friday. And that's, that's just hard work when there were so many teams involved. We even saw, I don't know, take more than I have shared the talking. But we've had interesting discussions at a conference last week about Google called Vitals, which is a good Google initiative, in theory to make our web pages more humanly effective, faster and experience better. But again, it's very difficult to measure that and it changes all the time. And in there, companies are motivated to get it right because Google will use Core Web Vitals for your SEO rating. Left a lot of people scratching their heads. You know how we're going to manage this on ongoing basis when there are so many players. So, yeah, but I think it's customer experience is not going to go away. It's the last big battleground online. Nobody's really got anything unique to sell online. average got products like mine. Nobody's got services like mine, this competition, no matter who you are, but if your customer experience is fiction, you're losing, you're losing sales.

 

Andy Still  10:06

Yeah. And I think when you start talking about peak, I think you alluded to it earlier on. Things that would be small problems escalate dramatically when you've got increased amount of traffic. So, bottlenecks become exponentially harder. Anything. I mean, one of the one of the challenges we see a lot is scraper activity. So, sites can handle a reasonable amount of scraper activity most of the time, but when you get into peak, that suddenly become can be the thing that takes your site down, particularly, if you're selling products like PlayStations, or the other, the biggest thing at the moment, everyone is being scraped for availability for Playstations. And is that, is that a problem that you see, again, with, with the customers that you're seeing?

 

Deri Jones  10:54

Yeah, absolutely. It all adds to the fog of war, doesn't it? Really what's, you know, what is happening on my site right now? And why? What's going to happen on it tomorrow morning? Right? Can we make it good? So, the way we say it in a number of really concrete ways, when we're, when we're planning, peak testing, whether it's Black Friday, or for clients, like Thornton's, it's Valentine's Day preparation or what have you. Then our key thing for the load testing, the capacity testing is to make it realistic. So, we'll say okay, let's have a look at your, let's look at your web traffic for your last week. You know, what was the busiest two-hour period last year, and so on. And then sometimes we have to mash out of that, hey, there's a whole bunch of bot traffic. And that's, it looks like, so we're not going to reproduce the bot traffic, we want to make sure that there are realistic combination journeys, looking, searching, adding a basket, taking it, you know, doing really complicated multi step things as, well, customers do. We're always trying to say to a client "You remember your last peak where you're now 30%?" Data. Yes, that's what people want to know, is it bigger? How much bigger? So yeah, it can be a real pain for them to take out a whole bunch of bot traffic from their last peak.

 

Andy Still  12:12

I think that a lot of this is about from a from a customer point of view, it's about knowing and understanding, when it's your website, no, know how it works, know where your bottlenecks are. And then you can, you can take this next step, which is starting to control what you can control. And I think, particularly, I think with companies buying into helping flatten your own peak, so you're in control of your own marketing activity. Don't take your own site down, you know. And I think, over the years, as Black Friday has become more established in the UK, I think we've seen websites start to be more intelligent around that and make it Black Friday Week, not have these kinds of flash sales with limited availability products on them and things like that, just to try and stagger the amount of traffic that's going on. And then that obviously improves customer experience as well, that you want is a good performance website for your customers.

 

Deri Jones  13:14

It's a big part of what we do. One of my clients describe what we do is we unite the tribes within their organization. And that's exactly what you're talking about there. You know, the marketing guys said "Oh, we didn't realize if we sent those emails off, it would cause a peak". Well, you know, so it is hard for organizations, like I say, on modern websites, there are so many teams involved. It's not just keeping your internal team in the picture, your external systems integrator, your external ERP or warehousing, supply, your external SEO, your paperclip agencies, your A/B testers, you've probably got more and more you've got a third-party data science team who are trying to plug all your different data sources together in a better way. So, it's quite hard to coordinate it across all those. I mean, sometimes with clients we're seeing on projects Slack channels in the week after Christmas with 10 or 20 organizations on the line in that precious seven days.

 

Andy Still  14:17

It's nice to hear of the teams working together though in that situation where we worked with clients in the past where it was almost like they were battling with each other. And it was a point of, it seems to be a point of pride with some of the teams that IT should just work, the platform should be able to handle whatever we throw at it and if it doesn't that's your fault. No, it's a failure. Whereas like you say, if they can all work together and understand what you can and can't handle. Then I think that that obviously works well.

 

Deri Jones  14:53

And IT should just work. It's difficult at one level. You know, one other week we worked with some partners who are in the kind of change management space people, management people change process chain. And it is tricky, because if you're in the inside of an organization, you do see that email on a Thursday night that says, oh, yeah, we had a problem on the website Tuesday night. We've had to refund 50 clients. Yeah, it's sorted. Now. It's not sorted. There's a meeting tomorrow. So, it is easy for business and marketing people to think you know, why? Why is our website so flaky, when actually everybody's websites are flaky in the corners? At the moment? You know, a couple of years ago, the myth was, I think we'll be in the cloud, so it'll be infinite, and we'll never have a slow page again. And of course, that's...

 

Andy Still  15:45

Not quite as easy. It's not quite as easy as it sounds a bit. Do you find that, going back to the cybersecurity topic, do you find, Deri, that from a customer experience point of view, you are having to trade off customer experience versus security?

 

Deri Jones  16:09

You try not to, but in life there are often tradeoffs. There's the trade off with putting in a queueing system. Ideally, you never want to force your clients to a queueing system. But if you have such creaking, that's a better trade off than getting slower and slower. So, there are those juggling things. Security, we will be often on projects sitting alongside you guys and others in the planning and the building stages. Because the two things have to go together and things like other security things, things like pen testing, and so on, they always happen near the launch date, rather than well in advance. But such security is, there are just many, many things to get right on a modern site. And it's not just HTML anymore. It's complicated. And there are many teams. So, security is absolutely in there. And as you say, the scrapers and the blocks can have a direct impact on your customer experience. So absolutely, it's got to be covered.

 

Andy Still  17:21

So, before we wind up, I'll give you a chance to - if there was one or two pieces of key advice you were going to give someone preparing for a peak this year, what would they be?

 

Deri Jones  17:34

Preparing for a peak, the checklist? I mean, our guys are flat at the moment in capacity peak testing across our project base. Tips and tricks. One is: tested and tested realistically. You know, it's too easy for business and tech guys to not quite have that conversation about it. What chat in particular, if tech teams are saying we can handle 50,000 concurrent users, because there's a metric on its own. That's, that's 100% useless, because that could be 50,000 people hitting your home page and going away. But it would still be 50,000. If 10,000 of that had put three things in the basket and checked out, it would be the same number. So, it's not a healthy number as to what's really happening on your website. So definitely, definitely do some peak testing and make sure the metrics are realistic. And the other one, I guess is to keep measuring your customer experience and your Google see CWV in the run up to Black Friday and through it and beyond. Because you do want to be penalized in the following weeks, from a bad experience through Black Friday week.

 

Andy Still  18:42

Yes, very good, right. So, I think that knowing what's going on for me is always the key on peak, knowing what's going on and knowing what levers you've got to pull in the event that things start to go wrong. Things like you mentioned them earlier, things like queueing systems, or just things like that as a point of insurance. Knowing the bottlenecks and the ability to turn them off of if things start to go wrong. I think that always comes down in my mind. It's your website, understand it and be in control of what's going on. The worst peak situation is where you know something is going bad. But you haven't got the information at hand to know exactly how bad it is or what the problem is or what to do about it. And the other one I always thought is don't think it will just work. High performance websites take a lot of time and effort to get them right. They're not going to be working - it just turns on and it all just works. And okay, so I think we're running short on time now. So, it's an opportunity to say thank you Deri for joining us today. Thank you for the insight, very interesting views on some of the challenges to what is coming up to your very fun time of the year, I imagine, in the retail optimization space. And so, thank you very much, Deri. Really appreciate your time today. And thank you very much for everyone joining to listen in and hopefully you can join us again soon. Please subscribe, leave reviews, give us any feedback. It'd be very welcome. You can do that via Twitter at @cybersecpod. Or, if you want to, email over to podcast@netacea.com. We look forward to welcoming you all back for next month's episode. So, thank you very much.

 

Deri Jones  20:40

Thank you, Andy. It was a pleasure to chat.

 

Andy Still  20:42

Thank you, Deri. Pleasure to have you.

Overcome advanced threats to your
web applications with Netacea's
Intent Analytics™ engine
Chosen for you

Disruptive Live: An Overview of the Genesis Market

19th Oct 2021 / 15:31 VIEW video

Netacea Quarterly Index: Top 5 Scalper Bot Targets of ...

15th Nov 2021 / 14:10 VIEW guide

Customer Loyalty: How are bots exploiting business logic?

28th Jun 2021 / 16:32 VIEW whitepaper