Will Spectre Patches Slow eCommerce Websites?
This month a group of security research organizations announced two security vulnerabilities in Intel processors – Meltdown and Spectre. These vulnerabilities could allow sophisticated hackers to access information and passwords from other accounts using the same hardware. The implications for any eCommerce organizations using shared cloud infrastructure are significant.
The good news? Patches have already been released by many software providers, and Meltdown should not be a concern once users update their systems.
The bad news? There is no comprehensive patch for Spectre, short of a full hardware replacement when Intel releases new chips later this year. In the meantime, the software patches released are very CPU intensive. In fact, servers could experience between 5 and 30 percent performance slowdowns depending on the chips in use.
What does the Spectre patch mean for eCommerce websites?
eCommerce companies should be watching their CPU usage and talking with their cloud providers about the timing of upgrades. The estimates of 5% to 30% performance degradation are significant, and could have an extreme impact on sales. We’ve seen Amazon and Walmart report that just a 1 second delay in page load time can reduce conversion rates by up to 7%.
In the meantime, browsers are releasing patches, which means you should re-test your applications against the latest versions. Apple recently released a patch to help minimize the risk for Safari users.
What can I do to keep my eCommerce Website fast?
It’s time to ratchet up all Website optimization efforts in order to compensate for this new CPU constraint that you can’t avoid. Yottaa customers (and any eCommerce site) should turn special attention to any CPU intensive features that may impact page load times. Here are several items to look at first.
1. 3rd Party Application Sequencing – If your site uses 3rd party applications to deliver functionality, make sure you are sequencing when they are loaded to minimize blocking of the onload event. Yottaa customers using Application Sequencing will already have this protection from slow page load times in place.
2. Caching – Ensure caching is working optimally so you can reduce the workload on your servers and minimize the performance impact. That means reviewing all your pages – both static and dynamic – and configure them to cache as much content as possible in your CDN. If you are a Yottaa customer and aren’t using it already, now is the time to enable dynamic page caching with InstantOn.
3. Avoid Sending Image Heavy Pages to Mobile Devices – Make sure you are optimizing based on the customer’s specific device type and potential CPU constraints. Ideally, you want to send a more highly optimized version of the site to the visitors most impact by these patches. For example, phones with lower processing power. Yottaa customers taking advantage of the Context Intelligence capability are already able to do this. You may wish to revisit the level of optimizations being applied to the HTML being sent to some devices.
As the villains in James Bond movies have learned, you can’t put these fixes in place and just walk out of the room. Your fix won’t always go according to plan. Monitor your website performance closely in the coming weeks as patches are released, and stay in close contact with your cloud infrastructure partners. You’ll see that the best partners will proactively help you identify creative ways to make your sites faster in light of this new hurdle.