Case Studies

Security for online retail and ecommerce businesses

For a business where all revenue flows through the website, security and availability are the same concern. A misconfiguration does not just create a vulnerability. It can take the store down on the busiest day of the year.

What makes security in ecommerce different

The issues that come up again and again in our work in this sector.

Downtime has an immediate, measurable cost

An online retailer with no physical stores has no fallback. Downtime during a peak trading window costs revenue by the minute. There is no ambiguity about the business impact.

Infrastructure complexity built through years of acquisition

Domain portfolios, multi-brand CDN configurations, and legacy DNS records accumulate. Managing security across that complexity requires someone who understands the full picture.

High-stakes changes with no comfortable maintenance window

Infrastructure changes need to happen regardless of trading patterns. Migrations and platform upgrades cannot always wait for a quiet period. Planning and testing become the entire margin of safety.

WAF configuration as a double-edged risk

A correctly configured WAF is an important control. A misconfigured one causes availability problems. Getting it right requires both security expertise and operational awareness.

The organisations and systems we work with

Types of organisations

UK online retailers

Multi-brand ecommerce groups

Enterprise retail businesses

Pure-play digital retailers

Multi-domain DNS infrastructure

Web Application Firewalls (WAF)

Cloud CDN configurations

Checkout and payment infrastructure

Availability and monitoring tooling

Brand and domain portfolio management systems

From our work in ecommerce

A featured engagement

We have worked with a number of organisations in this sector. This is one engagement we have selected to show how we approach this kind of work.

Moving 279 Domains While the Store Was Open

A UK retailer needed to move 279 domains to a new DNS platform while the store ran 24/7. We planned and ran the migration without touching a peak trading window. No downtime.

Threatplane delivered exactly what we needed when we needed it most. Managing 279 domains with zero revenue impact required incredible expertise and planning.

Chief Technology Officer
Read this case study

279

domains migrated without revenue impact

Zero

downtime across the entire migration

Working in online retail?

We understand what it means to do security work on infrastructure that cannot go down. Most conversations start with a short call.