It’s September! And for the retail industry, it means the start of the holiday shopping season is right around the corner.

This also means that millions of potential customers will soon be going online to look for the latest and greatest gear at the lowest prices. According to statistics released by the U.S. Commerce Department in February 2016, web sales tallied $441.7 billion in 2015, with some estimates forecasting online sales to grow at an annual rate of more than 9% over the next five years. With almost 40% of the global population possessing Internet access, 2016 is expected to be a banner year for holiday sales.

But sales aren’t the only thing that has increased—so too have the threats. According to our April 2016 research, 82% of global organizations suffered repeated DDoS attacks, with 45% reporting six or more assaults. Of those, more than one third report attack sizes in excess of 5Gbps. And many of the sites hit in those attacks belong to retailers. But even aside from those threats, the risks to website performance remains high from dramatically increased user demands over the holidays. In the context of all this, especially given that ecommerce has become a way of life for both consumers and retailers, what can you do to ensure that your online retail operation functions efficiently and securely through the holiday season?

Related Infographic: Cyber Threats to Online Shopping Cheer

Matching Load to Demand

One of the biggest challenges that online retailers face is determining if their ecommerce infrastructures can support the increased volume of customers during the holiday season. With web sales growth continuing to rise in 2015 and beyond, any downtime or degraded performance of an ecommerce website could cause customers to defect to competitors, resulting in lost revenue.

Load testing measures the effectiveness of an ecommerce website by simulating customer transactions in varying volumes. It’s valuable for when a retailer is uncertain whether their ecommerce website can handle an unusual spike in traffic, as is typically seen during the holiday shopping season. Given that, load testing as a strategy is an essential component to the success of any holiday preparation plan.

The question is, how do you know exactly what you need? The answer begins with knowing that there are several different types of load testing solutions. These are divided essentially between internal, on-premise tools and cloud-based services. While there are important use-cases for internal tools in load testing, cloud-based services are more effective in determining how an ecommerce website will perform under load. There are several reasons for this.

First, cloud-based load testing services will measure a website’s entire infrastructure end-to-end from an external perspective. This will include its Internet connectivity, load balancers, and servers (web, application, and database). If any part of that infrastructure is incapable of handling the load, the results will show it, and the retailer can then make appropriate adjustments before any online customers experience it.

Second, cloud-based services can leverage actual web browsers to execute the load tests. A web browser replicates the user experience and will give more accurate data during the load test. More than just creating traffic volume, real browser testing replicates the dozens of transactions that typically take place between a browser and a website. This provides significantly higher fidelity in the results, informing the best improvements and infrastructure investments.

Load tests are a great option for a retailer who doesn’t know if her ecommerce website can handle any loads that might be generated during the upcoming holiday rush. Load testing is also a great option anytime a retailer is launching a new product. These situations in particular demonstrate why load testing is important to preserve customer experience and reduce revenue risks.

Preparing for Distributed Denial of Service Attacks (DDoS)

Along with load testing, another consideration for holiday preparedness is protection from Distributed Denial of Service (DDoS) attacks. If a company is going to invest time and money into load testing, it makes sense to consider also investing in DDoS protection. Load testing ensures that a large volume of legitimate (customer) traffic does not overwhelm an ecommerce website. DDOS protection takes the same tactic, but focuses instead on illegitimate (malicious) traffic. More precisely, it ensures that a large volume of illegitimate traffic does not incapacitate an ecommerce website while allowing legitimate traffic go through.

DDoS protection comes in different forms. In addition to on-premise hardware solutions and cloud-only solutions, DDoS protection also comes in a hybrid form, which is a mix of both on-premise hardware and cloud solutions. The type of protection that a retailer should select depends on their specific needs and infrastructure. For example, an ecommerce website hosted primarily on a cloud computing service (e.g., Amazon EC2 or Azure) may have to use a cloud-based DDoS solution. If, on the other hand, a retailer is hosting their ecommerce website at a data center with their own racks, it may be best to use either a hardware based solution or hybrid.

It's Never Too Early

When it comes to preparing your ecommerce website for the holiday shopping season, there’s often a lot of work that needs to be done. If a retailer’s goal is to keep their ecommerce website up and running, then load testing and DDOS protection are important things to keep in mind. Equally important is that now is the time to do it. Because the process of researching, choosing, and implementing the right solution often takes weeks or even months, waiting until the season has already started is imprudent. Finally, it’s worth pointing out that load testing and DDoS protection are needed regardless if it’s the holiday season or not, but when it matters most, you need to be protected.