CAP enhances Software as a Service – VIP Whitelist

This white paper is one of a series, outlining how CAP is being used to enhance a Software as a Service application.

Keywords:

Cloud, SaaS, User, Experience, CDN

The context:

A large retailer is outsourcing their e-commerce application to a third-party provider. This relationship has existed for a long time, however the retailer grew increasingly frustrated with the cost and time involved in enacting any changes to the user experience and the lack of certain features. Adding to the sense of frustration was the fact that any requests were completely at the mercy of the third party provider.

The solution:

CAP was installed in the Amazon cloud between the end users and the third-party provider to help overcome some of these problems. By taking advantage of the CAP Agent’s built-in adaptive static content caching and ability to act inline in real time with minimum performance impact, the retailer resumed control of their brand and reputation.

Deployment diagram:

Why CAP:

No other product on the market offers a CDN-like capability that also involves enhancing and enriching content on the fly on a massive scale as well as addressing urgent security shortcomings. The retailer needs this capability to have some measure of control over third party software they are otherwise unable to change.

The story:

Whilst combating increasing losses due to fraud, the retailer implemented rules which included blocking access to the website based on geo location i.e. only allowing users with IP addresses from allowed countries to see and use the website. As a result some allowed users, whilst travelling overseas, were unable to use the site. The retailer realized that this was resulting in lost sales and wanted to find a way to allow these users access, whilst keeping the geo location restrictions in place.

Using CAP, a plan was quickly hatched to resolve the issue:

The resolution was to implement VIP whitelisting. Whilst travelling overseas the user was presented with a country block page. This page incorporated an input field where existing users who wished to use the site whilst overseas could give their email address and ask to be whitelisted. If an existing user with a billing address within the allowed territories, their email address was added to the whitelist and allowed access to the site.

Example VIP maintenance function:

The limitations:

There is a risk that the whitelist could become unmanageable, or fraudsters could engineer VIP access. However this is mitigated with regular checks, process improvements, and database maintenance.

Business benefits:

The retailer experienced increased sales by allowing access to a previously blocked set of users i.e. frequent travellers, whilst also enhancing their reputation with the same group.

Rules blocks used:

Http Request Tracker (get user agent information)

Unique Lookup (database lookup)

Http Session Writer (stores allow decision for the session)