SHOPLINE

SHOPLINE maintains merchant website security and ensures site performance for global merchants with Cloudflare

Founded in 2013, SHOPLINE is one of Asia’s largest and fastest growing commerce Software-as-a-service and solution providers. The SHOPLINE platform offers a rich ecosystem of technologies, resources and partners that empowers merchants to succeed. Merchants leverage SHOPLINE’s omnichannel solutions for e-commerce, social commerce and point-of-sales to sell their products and services around the world. SHOPLINE is headquartered in Singapore with about 2000 employees operating globally.

Challenge: Bolstering intentional network performance and security while managing client SSL certificates at scale

As an international ecommerce platform operating under a software-as-a-service (SaaS) business model, providing a top-notch user experience for its merchants at both the business (B2B) and merchant (B2C) levels is crucial to SHOPLINE’s success.

For its merchants, this means guaranteeing secure, fast-performing services across nearly unlimited custom domains. As SHOPLINE grew, the logistics of administering and maintaining a rapidly growing number of white-label private websites — each requiring its own security certificate — became a logistical challenge.

“As we took on more merchant clients, we exposed the shortcomings of our original technical DNS and SSL management implementation,” says George Wu, SHOPLINE’s Operations Manager. “The cost and sheer effort involved in maintaining tens of thousands of SSL certificates for our business’ domains skyrocketed, making it difficult to focus on product growth.”

On the merchant side, performance was at the top of SHOPLINE’s list of concerns. With merchant users distributed globally, the merchant sites SHOPLINE hosted frequently experienced location-based performance issues.

“To provide our international merchants with a stable user experience and a frictionless onboarding process, we needed an access layer network with the widest possible coverage area,” explains Wu. “In the early stages of our growth, creating a reliable performance solution on our own was an unrealistic technical and financial challenge.” The sheer scope of SHOPLINE’s international operations is at the heart of the platform’s other core challenge — securing merchants, merchants, and its data centers against online threats like DDoS attacks, SQL injections, credential stuffing, and inventory hoarding bots. Stopping these threats was critical to avoiding data leaks and service disruptions while maintaining merchant trust.

“Cyber security has been a constant battle between attackers and our safety teams,” says Wu. “To maintain an effective security barrier against sophisticated threats on the public Internet, we needed to dedicate significant time and keep costly resources on alert against unexpected attacks.”

Frictionless merchant onboarding and SSL certificate maintenance with Cloudflare SSL for SaaS

Evaluating the alternatives, only Cloudflare offered the balance of efficacy and affordability SHOPLINE was looking for. SHOPLINE turned to the Cloudflare connectivity cloud, a single-vendor solution that offered performance and security while simplifying SSL management issues.

“Cloudflare and its security teams have proven their expertise time and time again, most recently by thwarting HTTP/2 Rapid Reset, the world’s largest global cybersecurity attack to date,” says Wu. “Because Cloudflare only charges us for our traffic and we don't need to invest in additional hardware or personnel, it is our ideal security partner.”

With customizable domain configurations, rapid global SSL deployments, and SSL lifecycle management features, Cloudflare SSL for SaaS was practically tailor-made for SHOPLINE’s needs. SSL for SaaS simplified SHOPLINE’s merchant onboarding and enhanced the platform’s ability to provide the branded visitor experiences its merchants demanded.

“Cloudflare removed the friction from our merchant intake process,” says Wu. “Our in-house solution took a vendor at least seven steps to link and provision a store. Integrating SSL for SaaS reduced that to three.”

Besides streamlining its merchant-facing onboarding process, SSL for SaaS' automated SSL lifecycle management reduces SHOPLINE’s administrative workloads, minimizes operational costs, and ensures expired security certificates do not catch the company by surprise. The company also uses SSL for SaaS to guarantee its own domains — like shopline.com, myshopline.com, oneship.io and regional variants like shopline.hk, and shopline.my, — are always secure and up to date.

Raising the bar on public Internet threat management with the Cloudflare WAF

Using Cloudflare application services, specifically threat intelligence provided by the easy-to-deploy Cloudflare Web Application Firewall (WAF), SHOPLINE secures its visitors, merchants, websites, APIs, and data centers against automated threats on the public Internet. Blocking nearly 80 million monthly threats across SHOPLINE’s corporate and merchant-branded sites, Cloudflare gives the platform the performance and resiliency to withstand sophisticated and brute-force bot attacks.

“Cloudflare has raised the bar on how much malicious traffic our sites can withstand,” says Wu. “No matter how severe the attack is, Cloudflare identifies the source and automatically implements measures to protect our back-end services — after that it is business as usual, we don’t need to do anything.”

Previously, the company had a paid emergency team on standby. Using Cloudflare, SHOPLINE has re-assigned those resources to feature creation and business development roles.

“Cloudflare saves us time and money, and we are more protected against unexpected incidents than ever before,” says Wu.

Improving the end-user experience in the connectivity cloud

Because online merchants are becoming increasingly intolerant of performance delays and poor page load times, SHOPLINE needed a network infrastructure and content delivery partner that could offer a consistent user experience to all website visitors, anywhere in the world.

The Cloudflare global network — offering 310 points of presence across 120 countries and connections to 13,000 major service and cloud providers worldwide — was the solution the company needed. Using the Cloudflare connectivity cloud to cache static content and circumvent congestion by avoiding network hops and optimizing traffic paths, SHOPLINE has drastically reduced latency and improved its application performance and end-user experience.

“With the Cloudflare global network’s edge nodes in every country and territory our vendors do business, the unparalleled level of coverage guarantees that our merchants in every corner of the globe receive ‘last mile’ quality site performance,” says Wu.

Accelerated page load and rendering times with the Cloudflare developer platform

Workers, Workers KV, and the Cloudflare Developer Platform are the last pieces of the performance improvement puzzle for SHOPLINE, its merchants, and the merchants who shop using its sites. By allowing SHOPLINE to deploy serverless applications that run on the point of presence nearest the merchant, Workers and Workers KV are invaluable for speeding up the delivery of dynamic and regional-specific content, and improving page load and rendering times.

“Workers enhance the browsing, shopping, and checkout experience by accelerating how we present content and perform on-page calculations like shopping cart totals, local taxes, and currency conversions,” says Wu. “The time savings and performance improvements we see using Cloudflare help to keep merchants engaged and reduce instances of page and cart abandonment.”

Summarizing SHOPLINE’s three-year engagement with Cloudflare, Wu concludes:

“Since day one, we have received so much assistance and support from Cloudflare. It is a partnership that provides better, safer, and more simplified service for every SHOPLINE user.”

SHOPLINE
Related Products
    Key Results
    • 80 million Internet-borne threats blocked per month.
    • Improved merchant shopping experience for all global users with “last mile” content delivery and application performance enhancements.
    • Cut site provisioning and connection requirements from seven steps to three, minimizing client onboarding friction.
    • Reduced administrative maintenance overheads with SSL for SaaS automated SSL lifecycle management.

    Cloudflare has raised the bar on how much malicious traffic our sites can withstand. No matter how severe the attack is, Cloudflare identifies the source and automatically implements measures to protect our services — after that it's business as usual, we don’t need to do anything.

    George Wu
    Operations Manager, SHOPLINE

    Because Cloudflare only charges us for our traffic and we don't need to invest in additional hardware or personnel, it is our ideal security partner.

    George Wu
    Operations Manager, SHOPLINE