3 essentials for optimising and securing websites in 2019 | Sandfield

Posted by Jeremy Wiersma - 09 September 2019

In August 1991 the world's first website went ‘live’.

Created by Tim Berners-Lee of the European Organization for Nuclear Research (CERN). It contained just text and ‘hyperlinks’ to other pages. You can still visit the first-ever website today.

A lot has changed since then.

A modern website is rich in imagery, colour, functionality, and video. Websites must run well - and be seen well - on devices as diverse as phones, watches, and even fridges! And we use web-based services for pretty much everything which can attract its fair share of attention from those looking to exploit those services for monetary or political gain - or worse - to cause harm in its various forms.

As a website owner in 2019, you need to ensure your website is being optimised to provide a great user experience while at the same time being protected from those who might choose to take advantage of it.

Ask your team or vendor how they have addressed the following three components of today's websites.

Optimising for Speed

Optimisation is the process of improvement, a constant in the life of every website. Searching for the term “Web Optimisation” returns results covering terms like SEO, traffic conversion, organic search, etc. These are all relevant to your website and should be key parts of your digital strategy. On the technical side, serving your website to users in a way which makes it fast, responsive, and efficient is equally as important - if not more so.

Extrapolating from the 2016 article The Need For Mobile Speed;

"The average time it takes to fully load a landing page on a mobile device is 22 seconds, yet 53% of visits are abandoned if a mobile site takes longer than three seconds to load. That’s a big problem.” - Google

There are many aspects to optimising a website, and without a solid technical foundation, your overall optimisation strategy can be compromised. At the most basic level, ensure that your team/vendor has implemented these two essential methods below to optimise page load speed:

  • Minimise footprint: To ensure your website is performant, the script file and stylesheet assets should be combined into fewer, larger files. This is called ‘bundling’. These files are then ‘minified’ (unnecessary spaces and formatting are removed) reducing the size of the files web browsers need to download. This also reduces the number of requests the website’s server needs to handle. Figure 1 shows the file size improvement between unbundled and bundled files.

 An example of bundling a set of script files (many that have already been minified) and the additional savings made by further combining and minifying these into a single file.
Fig. 1: An example of bundling a set of script files (many that have already been minified) and the additional savings made by further combining and minifying these into a single file.

 

  • Optimise media: Images and video define today’s online experience, which is accessed via a myriad of devices from desktop computers and laptops to tablets and mobile phones. These devices possess differing levels of processing power, screen resolution, and memory. Ensure that your images and videos are optimised so they will be downloaded at a size appropriate to the user's device. If an image is being displayed as a thumbnail there is no need to use an image that is 10x or larger in file size. Figure 2 shows how this simple optimisation can make a huge difference in the volume of data a user’s device needs to download.

An example of image optimisation where the original image is dynamically scaled-down in dimension and file size to suit where the image is being used on the website
Fig. 2: An example of image optimisation where the original image is dynamically scaled-down in dimension and file size to suit where the image is being used on the website - Source: Mainfreight.com

 

Content Delivery Networks (CDN)

At Sandfield we consider the CDN component to be a vital part of a website’s hosting solution. Their breadth of services can be vast, covering a myriad of performance, reliability, and security considerations that are simply too important to ignore.

Here’s why your team/vendor should seriously consider a CDN for your website:

  • Distributed Delivery: A CDN’s primary function is to store your website's assets around the world and serve those assets to users from points closest to their location. CDNs regularly check your website for updated files, making them available at all times - even when your website is offline in some cases. Rather than a user in New York requesting an image from your website’s server in Auckland, New Zealand (see Fig. 3: Content requests without a CDN) the image will be retrieved from a node (or server) sitting in Dallas (see Figure 4: Content requests with a CDN). This reduces the time it takes for the image to be displayed on the user's device which results in a faster, more responsive user experience.

Website hosted in one location with users requesting content from around the world
Figure 3: Website hosted in one location with users requesting content from around the world.

 

Website assets hosted in multiple locations around the world, making it faster for nearby users to retrieve website content
Fig. 4: Website assets hosted in multiple locations around the world, making it faster for nearby users to retrieve website content.

 

  • Reduced Cost: When you host a website on your own hardware (referred to as ‘on-premise’) each request for content a user makes, costs you data traffic in and out, energy consumed in CPU processing - and overtime - increased maintenance. Leveraging a CDN to serve your website's content reduces the cost of hosting, especially for large websites with many pages or a large number of images and video.

  • Control Time: Website content is made up of several types. Some are dynamic, changing constantly, and other content is considered static and changes little. With a CDN you can easily specify how long different types of content are cached before a fresh copy of the asset is retrieved from your on-premise server. You may have logos and photos which won’t change for months or longer, and you’ll have stylesheets and script files which change every few weeks. By controlling the age at which your assets are cached you can further optimise the overall cost of hosting.

  • Resiliency: Load Balancing is a technique of leveraging more than one server to host your website where the amount of work being demanded is shared between all of the servers equally. If one server fails due to overloading or worse, the second or third server can take over without the user even knowing. Now unlike their on-premise cousin, CDNs can provide the same functionality on a global scale. Geo-Redundancy balances the load of your website across servers in multiple locations while mitigating the effects of over-demand, error, or large scale events, keeping your website running 24/7.

Internet Security and DDoS Mitigation

We’ve all read the headlines, “Tech Giant A is brought to its knees” or “Tech Giant B suffers huge data breach”.

These DDoS (or Distributed Denial of Service) attacks commonly involve directing requests from thousands of computers at a target website. During an attack, the website becomes largely unusable until eventually the website is completely overwhelmed and becomes unreachable.

At Sandfield, we ensure that all our websites implement appropriate security measures backed by a CDN provider appropriate for our clients' needs. Ask your team/vendor about what tools they’ve employed to protect your website and prevent these types of events occurring. Most commonly such protection is provided by companies specialising in internet security and DDoS mitigation.

These services commonly offer:

  • Active Monitoring: Protects a site by monitoring its traffic in real-time for the telltale signs of attacks such as DNS Flooding, UDP Amplification, or HTTP Flooding. When an attack is detected, processes are activated which begin mitigating the incoming bad requests, while keeping the website online for legitimate users;

 

“In February 2018, GitHub - a popular online code management service used by millions of developers suffered an attack where, at its peak, saw incoming traffic at a rate of 1.3 terabytes per second.

The attackers leveraged the amplification effect of a popular database caching system known as memcached. By flooding memcached servers with spoofed requests, the attackers were able to amplify their attack by a magnitude of ~50,000.

Fortunately, GitHub was using a DDoS protection service which automatically alerted Github within 10 minutes of the attack starting. This alert triggered the process of mitigation and GitHub was able to stop the attack quickly.

The world’s largest DDoS attack ended up lasting about 20 minutes thanks to such measures.” - Cloudflare: Famous DDoS Attacks

 

  • Self Mitigation: Sometimes an attack may be observed by its owners before an automated process kicks in. Such an attack may be smaller at first as the protagonist pokes around learning as much as they can about a website ahead of the main event. This behaviour could be seen via customer support requests, or a slow down in performance, or website analytics provided by services such as Google Analytics. If a team member observes such activity the same mitigation processes can be manually activated, immediately protecting the website before the attack escalates as illustrated in Figure 5: DDoS Mitigation.

How an Internet Security Service handles the traffic coming through to a website
Fig. 5: How an Internet Security Service handles the traffic coming through to a website.

 

  • Advanced Protection: Similar to anti-virus services, internet security services typically employ the same techniques to mitigate against additional threats such as malware, bot networks, and unscrupulous search engines. Using large reputation databases the service can recognise patterns of incoming requests and match it to a known threat. Special algorithms are also at work analysing incoming traffic which often recognises new or familiar patterns which allow them to identify and block new and evolving threats before they even reach a website.

Conclusion

As technology continues to evolve, the way in which users access websites will transform with it.

We’ve established that the importance of optimising your website is vital, ensuring your customers can access your products and services as quickly and efficiently as possible. As new types of devices hit the market your website will be ready to adapt, keeping their owners satisfied and continuing to do business with you.

Similarly, our reliance on web-based tools and services will continue to grow while increasingly sophisticated attacks utilising advances in hardware, phishing, and AI will be ever-present. Now is the time to review the level of risk these attacks pose for your website and make the changes needed to ensure you and your customers’ data is secure.

Today it is quite possible for even the smallest business to access customers from around the world - it is a ‘global economy’ after all. To truly leverage their website’s potential, businesses must ensure that it responds as fast as possible for all users no matter where they live. CDNs are the ideal solution to this need.

In summary, ask your team or vendor the following three questions:

  • Have they optimised page load times by minimising their footprint and optimising images?

  • Have they considered a CDN for their website?

  • Have they employed internet security tools to protect your website and prevent DDoS attacks?

By doing so, you’ll be one step closer to delivering an efficient, secure and responsive user experience.

 

Jeremy Wiersma has over 20 years' experience working in the IT industry from desktop support through to application design and development. He is passionate about how technology can be applied to optimise business processes that benefit both the user and business owner equally, while making sure it still looks great too.

When not working, he enjoys spending time with family, gaming to the wee hours, enjoying sci-fi series and movies, and sneaking in a round of golf whenever possible.

Related Articles

Case Study

Lassoo: the ‘In-trip’ booking platform that’s changing the travel...

Tour operators such as car and campervan rental agencies and tour bus/rail operators spend a great deal of time organising ad hoc itineraries and booking activities on behalf of their...

Read more 

Opinion

5G demystified and why it’s nothing to get excited about (yet)

The hype around 5G has been hard to miss and recently reached fever pitch at the Snapdragon Tech Summit in early December. This was the first time that mainstream phone makers announced...

Read more 

Opinion

Redefining innovation: Four ways to create a workplace that promotes...

Most people think “innovative” means introducing something that is new, exciting and a departure from accepted norms. But innovation seldom comes from inventing something...

Read more