Holiday traffic surges often lead retail websites to slow down, and sometimes crash, on peak days such as Black Friday and Cyber Monday. Here is a step-by-step guide to creating a disaster recovery so retailers can be prepared in the event their websites go down.

Viktoriya Reyzelman, strategic engagement manager, Akamai Technologies

Research from Internet Retailer found that shoppers spent $122.00 billion online during the 2018 holiday season with ecommerce sales representing 16.9% of total retail sales, up 15.2% from the previous year. Many predict these numbers will soar even higher this year, which presents a massive sales opportunity for retailers large and small.

Due to the large volume of traffic, most ecommerce brands have experienced website slowdowns and offline events during Black Friday and Cyber Monday resulting in lost sales dollars. In a world where website reliability directly impacts profit, retailers simply cannot afford to leave their website performance to chance during the holiday season. This includes not only designing an infrastructure that can scale to meet demand, but also having a solid performance recovery plan when slowdowns or disasters do occur.

Run load tests across all internal and external systems at 150% of peak traffic load.

Read on for a step-by-step website performance recovery plan to help retailers prepare for the surge, maintain performance and capitalize on the influx of website visitors this holiday shopping season.

Step 1: Establish disaster recovery operating procedures and a communication plan.

Retailers should establish a baseline for the operating plan during the peak holiday season by running load tests across all internal and external systems at 150% of peak traffic load. Based on these test results, they should then outline Disaster Recovery (DR) steps, establish realistic recovery point objectives (RPO) and recovery time objectives (RTO).


Recovery Time Objective (RTO) refers to the acceptable time any of the retailer’s data and production systems can be unavailable. Most ecommerce customers will have a very low RTO (such as just a few minutes), which means that they are required to use host-based replication with continuous data protection features.

The acceptable amount of data an organization can afford to lose is its Recovery Point Objective (RPO). If a retailer can’t afford to lose any data, or very little, its RPO will be seconds. The key here is to not forget the internal systems that the retailer’s point of sale (POS) connects to (e.g., state tax systems)—not just their external-facing web properties.

Next, retailers should review their ecommerce sites’ performance using real user monitoring tools. They should focus their performance improvements on pages that are critical to their customers’ workflow. For example, most customers use search to find the item they are looking for. This means when a user types keywords into a search box, redirect to a predefined cached result, ensuring that they are caching as much as possible with a content delivery network (CDN).

Retailers should also prepare all customer messaging and maintenance pages ahead of time. If there are any outages, customers will give the retailers another chance if they understand what happened and they have clear expectations on when they can expect the site to come back with full functionality.

Having clearly outlined communication plan and operating procedures will make all the difference when disaster strikes.


Step 2: Implement a global traffic balancing system to ensure traffic load is balanced.

Retailers should automate the process for balancing traffic across data centers based on the load test results they did during the previous step. Best practices include prioritizing customers that are making a purchase versus the ones just browsing the website and preventing abandoned shopping carts by setting up session stickiness mechanisms so the customer can continue their transaction when disaster occurs.

The retailer’s loyal shoppers should be permitted to complete their purchases while those browsing can be provided with a waiting room experience (i.e. an engaging game, coupon or quiz promotion.) The goal is to always allow the customer to complete their transaction with the least amount of disruption.

Step 3:  Ensure that you are protecting your core infrastructure from cyber attacks.

It is critical that retailers also take steps to protect core infrastructure from cyber attacks that flood bandwidth, such as distributed denial of service (also known as DDoS) attacks. A forward defense that can stop and scrub DDoS traffic at the edge before it reaches their applications and data centers—and therefore impacts the shopper experience—is best practice.

Fraud attacks will also rise during the holiday period and increase pressure on the retailers’ origin.  Block bot traffic and allow customers priority to the site during this time.  To prepare for all potential threats, retailers should run mock fire drills with their security and disaster recovery (DR) teams.

Developing a holistic DR plan that ensures performance and reliability, gathers insights into potential security threats to protect your business, and includes open communication with customers  is  critical for success this holiday season. The plans created must be communicated and stored where it can be accessed during a disaster. Ideally, it should be printed and posted in multiple locations.


When over $122 billion of revenue is at stake, retailers literally can’t afford not to have a plan in place.

Akamai Technologies provides content delivery network services to 345 of the 1,000 leading online retailers in North America as ranked In the Internet Retailer 2019 Top 1000.