The Impact of Third Party Code Changes on Your Website
April 12, 2018
by Ohad Hagai
As the old saying goes, “The only constant is change.” Heraclitus, the notorious Greek philosopher, might have been on to something back in the day.
Internet technologies have evolved exponentially over the last three decades. The modern website is now a complex cocktail of code, some developed in-house and some provided by third party vendors. However, this rapid anatomy change has introduced a wide range of issues. This article will dive into some key implications of this new reality.
Before we dive into the specifics, it’s important to understand the core of the issue. A typical website today has around 75 services installed on it. This means that a large amount of “external” code is running on your website right now. Do you have proper visibility and mapping of all third party vendors involved? This isn’t always the case and it could have serious implications for your website’s performance and user experience.
Every third party service code is likely to change a few times a month due to upgrades and maintenance. There are probably over 200 code changes on your website that you need to manage every month. Have you ever stopped to think about how these third party code changes are affecting you?
Unfortunately, many companies are not completely on top of things when it comes to third party services on their website. This is where the snowball usually starts rolling.
3 Major Risks of Unmonitored Third Party Code Changes
As mentioned earlier, unmonitored or unmanaged third party code changes can lead to a wide range of issues. The Top 3 most common ones are:
Errors and Operational Failures
Every code change has the potential to cause errors in one or multiple sections of your site. Although you may be implementing many tests before uploading any new service or tool to production, these code changes sometimes fly under the radar and don’t receive proper attention.
In extreme cases, code changes can cause critical errors that can even lead to shut-downs and denial of service. Such down time can damage your business.
Most companies today test the privacy impact of third party services prior to deployment. However, as mentioned above, a code change in even one of these services can cause a chain of disruptions to your entire ecosystem, potentially triggering compliance problems with industry guidelines.
Besides the obvious issues with data leaking and theft, this unmonitored code can damage your brand and even lead to legal action by regulatory bodies. For example, the upcoming General Data Protection Regulation (GDPR) guidelines will take effect on May 25th. All online websites catering to EU readers will be required to adhere to these new privacy guidelines, or face serious legal action.
In today’s ultra competitive environment, time is money. Users today have a lot of platforms to choose from and they tend to stay loyal to ones that provide them with the optimal user experience. Besides having compelling graphics and engaging content, websites can no longer ignore the “need for speed”.
Did You Know?
A one-second delay in page load times can mean 11% lesser page views
and a total of 7% fewer conversions.
Every third party code change has the potential to significantly impact your website’s performance. Even though you may have tested this tool many times in the past, it’s no longer relevant, since key parameters have changed. Keep in mind that a slow website is typically not a busy one.
3 Ways to Mitigate Risks Posed by Third Party Code Changes
If you’re a large player in the market you probably have an SLA with third party vendors that includes a code freeze before key events. For example, eCommerce websites often request code freezes prior to peak times such as Black Friday or Christmas. This is a common, albeit incomplete, way to make sure buyers are getting the optimal user experience.
However, websites need to adopt more comprehensive methodologies to make sure their users and customers are getting the best experience possible.
Learn Your Ecosystem
The true footprint of external code on your site is something that you need to know at all times, especially after code releases. A comprehensive analytical solution has to be in place to ensure you have visibility into your third, fourth and even fifth party services when required.
Once you have complete visibility into your ecosystem and are managing all code changes in real-time, you have the capability to get optimal results.
Make sure the Service-Level Agreement (SLA) or the Terms and Conditions (T&C) you opt into when subscribing to a third party service are covering all privacy protection scenarios relevant to your sector. This holds true for 4th and 5th party services as well, which are often overlooked during the process.
This aspect is very relevant to websites operating out of the European Union (EU), which have to comply with the General Data Protection Regulation (GDPR) guidelines. Organizations not compliant with these user privacy rules post 25th May (2018) may face upto $20 million or 4% of the global turnover in fines.
Real Time Testing
Testing the performance of your third party services is the best methodology you can adopt to keep your website at the forefront. This can be accomplished by implementing a solution that monitors all code changes in real-time and alerts you when amendments are required.
The reality today is that every third party service you deploy comes with a performance cost. Front-end performance metrics such as Page Load Times are often affected negatively due to the way third party solutions work. This has a direct affect on your brand and can be the factor that can “make or break” your business.