China’s Web Outage: A Cautionary Tale for Online Retailers

On Jan. 21, one of the biggest internet outages in history happened in China. As noted on the Compuware APM blog, the internet essentially went completely dark in China for one full business day.

Seeing as this event only impacted internet users in China, some retailers asked, what has this got to do with me? The answer is a lot. For retailers with a significant presence in China, such as Gap and H&M — H&M is growing faster in China than it has in any other market in its 66-year history — the outage meant loss of revenues for an entire business day. Or, consider the health and wellness brand Origins, for whom 55 percent of Chinese sales come from cities where Origins doesn't yet have a retail location. E-commerce is absolutely essential to Origins’ China strategy, and one full day of downtime is a huge loss. The collateral damage of this outage was also substantial, as many global companies took hits to brand image, lost costly advertising investments and experienced supply chain reverberations.

But even for online retailers who don't have a significant China presence, the outage provides a valuable lesson on the dangers of heavy reliance on external third-party services. This article will examine what exactly caused the China outage; why all online retailers need to take notice; and what they can do to minimize their vulnerability to similar web incidents in the future.

What Happened?
At around 3 p.m. local time on Jan. 21, two-thirds of all domain requests in China were routed to a single IP address in Wyoming, which promptly collapsed under load. This was believed to be a domain name system (DNS) attack, the biggest of its type in history. Not all domains were affected; mainly it was those ending in .com and .net, while those ending in .com.cn were partially affected.

Unfortunately, even most of the Chinese websites that weren't directly impacted also ended up going down. Here's why: many of the affected domains were hosts to third-party services relied upon by thousands of Chinese websites. One example is analytics engines. Never mind that the analytics engines weren't working, meaning that companies lost out on a whole day's worth of data that could have been used to increase conversions. That was just the tip of the iceberg.

Like dominoes, these "poisoned" third-party services brought down the websites they were feeding into, even those websites that were otherwise not directly affected by the attack. Another third-party service that went dark was PayPal. This meant that any website integrating PayPal on its back-end couldn't process transactions for a full eight hours, which was a moot point anyway because these websites were likely inaccessible.

Why Do Retailers Need to Care?
In recent years, there's been a dramatic upswing in the number of third-party services used by web properties overall. In fact, Compuware research shows that many organizations only control one-third of the time required to load a web page, as the rest is consumed by third-party services and content that aren't within an organization's direct control. With online retail growth continuing to significantly outpace that of brick-and-mortar, providing a competitive online shopping experience is essential.

As a result, online retailers as an industry are particularly reliant on third-party services, incorporating an extremely wide variety of them into their sites — from analytics to ratings and reviews to product tours to social media plug-ins. The possibilities for forward-thinking online retailers are endless, but there's also a lot to lose, since third-party services can have a dramatic impact on overall site performance — and thus conversions. Furthermore, third-party performance issues can be even more detrimental in the mobile web realm, a key area that online retailers are trying to exploit.

If third-party services can make a mission-critical, revenue-generating website so vulnerable to performance issues, is it worth it to use them? Like it or not, for most online retailers third-party services are a way of life and are here to stay. It's far easier to sign a contract with an advertising firm to help optimize the display of ads on a site than to try and design such a system internally. Areas such as analytics, social media, web fonts, and ratings and reviews are often drawn from services that websites don't directly control, but rely on to work efficiently and reliably at all times.

When these external services have an issue, it's the website owner that takes the hit to revenues and brand reputation, not the third party. After all, most end users don't know (or care) about how web pages are built; they just direct their blame for a bad experience back on the brand.