Top 6 things your CIO won’t tell you about your website

While at HOSTING we are known for supporting mission-critical applications in the cloud, we still host plenty of actual web sites at our facilities, as well. You may or may not want to know what’s wrong with the underpinnings of your site, but JIC… here’s what your CIO just won’t tell you.



1.  Your website has single points of failure.  Plural.

Once your website goes from development to production, believe it or not, very few organizations think about availability. Application and physical load balancing, database clustering or mirroring, redundancy on the same power circuit, rack, or even top-of-rack network switch are just some of the potential contributing factors towards your single point of failure issue.


2.  You don’t know if you are really compliant.

Regulations abound on the internet today, and they change almost monthly these days. Case in point: HIPAA requirements will change dramatically next week — the final rule. Check it out. Considering your website is likely not your #1 priority as a business, there’s a good chance that you do not have a team focused on staying up to date and making required application changes.  At the end of the day, while your hosting provider can do their part of the compliance pieces (such as data center security and file integrity checking), well over 50% of most compliance standards come down to the application.


3.  You patch the Operating Systems, but not the application.

Your IT team or hosting provider likely patches your operating systems for your website.  Unfortunately, at the end of the day, it’s about the application.

Certainly there are compromises that occur at the operating system level (think terminal services/SSH), but the vast majority of security issues are executed at the web-facing application layer. This means your CIO must be thinking about how to keep his/her team’s ears to the ground, listening to what is happening out there on your platform.  Whether you are running a language that has vulnerability patching from time to time, such as ColdFusion, PHP, or .NET, or you are running a CMS as your website, it simply must be maintained. Many of the popular CMS platforms out there such as Drupal, WordPress, or DotNetNuke are open source or community-driven. It’s incredibly easier to keep up with these platforms if you’ve nailed your SPOF (single point of failure) issue. This would enable you to keep your application up to date through normal Change Management practices.


4.  Your disaster recovery plan has never been executed.

It’s written down on paper.  Oftentimes it’s in a binder.  A select few may have done a tabletop exercise to walk through the process of what they would do if the website had a critical application or infrastructure failure. But very few execute on that plan until it’s too late.  What are the revenue and operating expenditure costs when you have a critical issue and your teams are scrambling to figure out how to restore from backup, how to replace hardware, and — most importantly — how to communicate with your customers during this? There are some great opportunities out there to build redundancy for your application and work with your web host to execute a test disaster scenario to allow everyone to sleep at night.


5.  Your website developer is long gone.

The world of digital design is a wild one. They range from recent Art School graduates with a Mac to DIY platforms from Intuit to large scale digital marketing firms. Unless you have contracted with an established firm on retainer to not only develop, but provide ongoing maintenance, support and upgrades, you are setting yourself up for a very bad day when the time comes for you to make a change — or if the site stops working. Even worse, your web host probably knows nothing about your web site. They know about your infrastructure platform, but if you hired a 3rd party developer to build your web site, odds are they didn’t communicate with one another throughout your project.


6.  Your web site isn’t making you the money you think it is.

If your website makes you money 24×7, and you are not on the front page of Google, then it probably isn’t making you money.

How often do you look past the first page on Google when you are researching a purchase? Yeah, I don’t either. If you are not on the front page, then figure out how to get on the front page organically. While you figure that out, use Ad Words and other ways to be on the front page for your products and services.

What did I miss? I would love to hear your thoughts.


Leave a Reply

Your email address will not be published. Required fields are marked *