If you prefer, view this online

UKFast Websight - March 2009

Dear Newsletter Subscriber

Welcome to March's Websight. This month we are putting the focus on security and how it is vital to online businesses to maintain customer confidence. We are also highlighting the launch of our PROprotection service. This is the most comprehensive package of security and monitoring measures which all of our clients can benefit from. More details can be attained through clicking on our PROprotection banner below.

We have our usual round up of UKFast news, including our most popular blogs. We also have all the big March stories from the internet business arena and this month's Expert Opinion comes from our director of Microsoft Relations and is about avoiding disastrous data loss. Meanwhile, our Spotlight this month looks at the online price comparison sites and how they compete with each other.

We hope you enjoy the March issue and that Websight remains a valuable resource for you in 2009.

Best regards,

Communications team

• UKFast News - our news highlights in March
• Industry Overview - the month's major Internet stories
• The Knowledge - custom monitoring with PROprotection
• Expert Opinion - mitigating the effects of disastrous data loss
• Sector Spotlight - price comparison websites

• UKFast news - Shoppers' security fears could be costly for business
- A combination of record cybercrime and the recession is making Internet shoppers even more nervous about spending money online.
• UKFast news - UKFast is best hosting company to work for in Sunday Times list
- Hosting provider UKFast is proud to have gained a place in the Sunday Times' list of the top 100 companies to work.
• UKFast Blog - Brits prepared to be monitored to get personalised browsing
- New research from Brand Republic has found that the British public are prepared to have their browsing monitored.
• UKFast Blog - IIS7.0 - why not?
- With all the hype surrounding Windows Server 2008 it was easy to get dazzled by the bright lights of the big new features like its built in virtualization capabilities.

Back to top

• Facebook criticises monitoring plans
- Facebook has criticised government suggestions that intelligence services should monitor web communications of all UK citizens.
• Google takedowns flawed
- Academics have analysed the requests received by Google for copyrighted material to be removed from the internet and found that almost a third of requests may be unwarranted.
• Call to scrap 'illegal databases'
- One in four government databases is illegal and should be scrapped or redesigned, a report has claimed.
• Browser flaws exposed by hackers
- Researchers concentrated on exposing security flaws of the leading web browsers, after one hacker took just ten second to crack Safari.

Back to top

custom monitoring with PROprotection

As part of the UKFast PROprotection offering, we are able to setup custom monitoring of both services and resources on your solution. This means that the standard format for monitoring if your web service is up and running can now be extended out to offer monitoring of any application gateways that your solution may use and more!

As an example, if your online application utilises a 3rd party SMS gateway which your solution relies on and this fails, you're going to want to know this rather than rely on your customers to tell you that something is down.

With a UKFast PROprotection solution your applications are proactively monitored so that you are alerted quickly you when things go wrong. This means you are empowered to make rapid decisions and we are empowered to implement rapid fixes.

Find out more about system monitoring through PROprotection.

Back to top

This month's expert view is provided by UKFast's director of Microsoft Relations, James Crawshaw.

disaster recovery and business continuity

Here at UKFast we pride ourselves on being able to offer the best solutions in the UK. Something we are being asked about more and more is Disaster Recovery, a subset of Business Continuity. This article will attempt to cover the basics, expand on what can be achieved and where you should look to focus your attention when it comes to Disaster Recovery (DR).

With the increasing prevalence of business critical information technology systems, combined with the transition to a 24x7 economy, the continuity of service and importance of protecting an organization's data and IT infrastructure in the event of a disruptive situation has become an increasingly more visible business priority in recent years.

It is commonplace in the IT sector to find statistics depicting the serious impact of disasters resulting in major data loss to businesses. Most of these suggest that in the region of 40 percent of businesses suffering a disaster never re-open and that a single figure percentage survive in the long term. But what does all this really mean and how does one mitigate against it?

Examples of possible disasters including relative risk of these disasters (1) are shown below. The risk is calculated by likelihood of occurrence and order of magnitude of impact when a disaster strikes.

In order to look at methods for mitigating these risks we can broadly break down these into three areas. At UKFast, by default we attempt to cover many of these measures as shown below.

1. Preventive measures - aimed at preventing an event from occurring.
• RAID, dual PSU, UPS backup, building security systems, generator backup, resilient network connectivity, Antivirus.
2. Detective measures - aimed at detecting or discovering unwanted events.
• Capacity Threshold monitoring, predictive hardware failure alerting, fire suppression systems.
3. Corrective measures - aimed at correcting or restoring the system after disaster or event.
• 24x7 on site staff and support, 1 hour hardware fix/replace.

As seen, possible disasters in the IT environment can appear from a number of different areas. Natural events are the most prevalent and the most likely to cause significant impact. These are therefore the number one category of disaster to mitigate. IT Failures are in second and can be thought of either as software (i.e. code or operating system) or hardware (e.g. hard drives, power supplies or even switches or firewalls) failures.

The very nature of hosting at one of our purpose built datacenters therefore mitigates all but the worst natural disasters, power outages, IT failures etc. But, there are always scenarios where you might want to take that next step further in disaster-proofing.

To fully understand the level to which we should be protecting our IT against disasters, we need to cover a few concepts related to the business processes which rely upon them. These business processes may facilitate many different facets of our businesses. The website which facilitates our organisation's sales or marketing presence, the email system which enables communication between our teams, the SQL server which contains our business intelligence - the list goes on. Each of these different IT systems ties into the business process and hence we can attach a value to each. This value determines the acceptability of loss of the service and from this, it is possible to calculate a cost per unit of time that this service or business process is unavailable.

Equally, value must be used to calculate the amount of acceptable irrecoverable data loss from a system. The difficult thing can be calculating these and it is often the case that these issues are addressed in reverse, companies wanting a Disaster Recovery solution without truly knowing the impact (cost) of the loss of their services/systems/business processes. When this occurs, it is important to bear in mind that whilst the best Disaster Recovery solution will have minimum data loss and also have you back up and running in very little time (if you are offline at all) - the costs associated can be astronomical.

To help us understand this better, two key concepts are introduced which underpin the cost model for Disaster Recovery.

• Recovery Point Objective (RPO)

The amount of data loss, expressed by an amount of time, which is acceptable in the event of a disaster. e.g. An RPO of 5 hours. A backup of data is taken at 1pm and the next is scheduled for 6pm, any disaster occurring and affecting the original data will result in a maximum of 5 hours loss of data up until 5:59pm.

• Recovery Time Objective (RTO)

The amount of time, set as an objective (not a mandate) to which attempts are made to restore service to the business following a disaster. This is defined by the business following detailed analysis of how long it should be capable of surviving without a service/system/business process. E.g. an RTO of 5 hours. A disaster occurs at 10am. Services should be restored by 3pm.

As shown in the above diagram, the RPO and RTO express the amount of time either side of the occurrence of a disaster incident (indicated by the red line) which is deemed acceptable. Indicated by the curve of each line is the increase in cost to shorten the objective - whether it is less acceptable to be without a service for a period of time (RTO) or less acceptable to lose data (RPO) or both.

It is clear to see that to implement a solution which requires low RPO and RTO the costs are high. To give an example of why this is the case, I will refer to the example of the sales website. On the basis that the site is critical to the operation of the business (i.e. taking orders and payments for products to be shipped from a warehouse) then we can assume a low RPO and RTO requirement.

To enable this, we might geographically disperse the IT which is providing the service across two or more datacenters, mitigating failure of one entire datacenter. This is a costly option because it requires twice the amount of investment in the IT hardware and setup costs – of course, it is also a very unlikely occurrence to lose an entire datacenter. This is where it is important to note that IT budgets will be one of the primary influences on the choice of RPO and RTO for any business.

There are many varied methods for implementing Disaster Recovery solutions for your business however large or small. Basics such as dual power supplies or resilient disks in your servers will help you to stem the issues of hardware failure. More advanced solutions will involve multiple-datacenter configurations, virtualisation and clustering to provide better and better RPO/RTO combinations. The key is not to forget about the potential for disaster and the potential effect on your business.

(1) An empirical assessment of IT disaster risk. Authors: William Lewis, Jr, Richard T. Watson, Ann Pickren. http://doi.acm.org/10.1145/903893.903938

Back to top

brand is everything for online comparison sites

This month we are looking at the highly competitive online price comparison website market. The internet has proven to be the perfect medium for such enterprises. Its flexible, interactive nature coupled with its ability to source huge amounts of data has made it ideal for comparing rival products and customers always want the best deal and the easiest way to attain it. So it is not surprising that so many businesses are battling for market share in this sector.

As competition is fierce and customer loyalty is not a significant factor (because all the providers essentially offer the same products and services), brand is vitally important. When a Web user logs on to search for insurance etc. they only need to go to one comparison site. So it is crucial that companies make their site the one site. So brand recollection is the key. Whichever pops into the head of the user first wins.

So which pops into your head right now? Chances are it will be comparethemarket.com. Since the start of the year this company has been running a hugely successful advertising campaign using the spoof site 'comparethemeerkat.com'.

The online customer capture stats for comparethemarket.com since the campaign started are impressive. 68 percent of traffic to the company's website comes from searches on its name, indicating very strong brand awareness. In fact, traffic for comaprethemarket.com has doubled in 2009.

The ratio of paid to unpaid advertising links used to get to the company's website is 59 percent - 41 percent. This is one of the lowest paid percentages in the sector, indicating that comparethemarket.com does not have to rely on paid links as much as most of its rivals.

Even more impressive are the figures for comparethemeerkat.com. Although it is a spoof site it currently ranks a staggering 10th in the most visited sites for the entire insurance sector and 18 percent of meerkat's traffic next visit comparethemarket.com. This represents a very good conversion rate.

Because brand is so important to this sector, the players bid heavily on each others names in Google Adwords. So comparethemarket.com still needs to invest in search ads to prevent rivals from stealing traffic on his name. However, in this market the Holy Grail is to get customers searching specifically on brand names. So, for the time being at least, comparethemarket.com has got its hands on the price.

Back to top

We hope you found this month's edition informative. Websight will return next month with all the major April talking points.

Best wishes,

Communications Team

Back to top