Regular security monitoring
To maintain regular security monitoring in Adobe Commerce Cloud, Adobe recommends a multi-faceted approach involving continuous scanning, logging, and proactive security practices. Here are some core actions to ensure ongoing security:
-
Security scanning: Use Adobe’s Security Scan tool to monitor for known vulnerabilities and malware across your Commerce sites. This tool provides alerts for potential security risks and compliance issues.
-
Regular patch and update maintenance: Apply Adobe’s security patches and updates as they become available. Upgrading to the latest Adobe Commerce version ensures the latest defenses against threats.
-
Audit and log monitoring: Leverage tools like New Relic Logs (available for Pro projects) to centralize and analyze security logs from both staging and production environments, enhancing the visibility of potential security issues and breaches.
-
Account and access management: Regularly audit user and admin accounts to remove any unauthorized or outdated accounts. Strengthen access controls with multi-factor authentication (MFA) for admin users.
-
Web application firewall (WAF): Use the integrated Fastly WAF to detect and mitigate threats from malicious traffic patterns, such as unauthorized data extraction attempts.
-
Custom code and extension security: Secure any custom code or third-party extensions by conducting regular code audits and limiting extensions to those vetted by Adobe.
Error logging and monitoring
To monitor error logging in Adobe Commerce Cloud, Adobe provides several tools and practices for effective troubleshooting and performance management:
-
Log aggregation with New Relic: New Relic collects and centralizes logs from Adobe Commerce applications, including logs related to infrastructure, CDN, and WAF. This setup allows for streamlined error tracking, creating dashboards, and querying logs for deeper insights into application performance and issues. Access to New Relic Logs enables searching and filtering logs by various attributes to diagnose issues quickly.
-
Error log types: Key error logs in Adobe Commerce Cloud include
cloud.log
, which contains deployment feedback, andcloud.error.log
, which logs deployment warnings and errors. Other specific logs for debugging includedebug.log
,system.log
, andexception.log
, with each serving distinct roles in error and event tracking across the Commerce platform. -
Custom logging with Monolog: Adobe Commerce supports custom logging via Monolog, which allows developers to direct log messages to various destinations like files, databases, and even alerts. This flexibility is useful for building advanced logging strategies that cater to different monitoring needs in development and production environments.
-
Exceptions monitoring with site-wide analysis tool: The site-wide analysis tool helps monitor and manage exception logs, identifying recurring issues across deployment and application events. This tool highlights frequent issues, making it easier to prioritize and address critical problems impacting performance.
Security and updates
Security patches and updates
To stay updated and ensure the security of your Adobe Commerce Cloud system, here are some key practices for monitoring security patches and updates:
-
Subscribe to Adobe Commerce security alerts: Stay informed about security vulnerabilities by registering for notifications from Adobe.
-
Check release notes: Regularly review security patch release notes, which are tagged with “-pN” for versions (e.g., 2.3.5-p1), and contain critical fixes and improvements.
-
Apply security patches promptly: Apply security patches as soon as they are available. This includes updating to the latest versions or applying specific patch files.
-
Use cloud patches: For Adobe Commerce Cloud, security patches can be bundled within the Cloud Tools Suite. Be sure to upgrade the suite or the Commerce version to receive these fixes.
-
Automated patch management: Consider using tools like the centralized patcher to manage and apply patches across multiple stores automatically.
PCI compliance
To ensure PCI compliance in Adobe Commerce Cloud, follow these key practices:
-
Protect cardholder data: Do not ever store cardholder data within Adobe Commerce. If storage is required, use encrypted and tokenized methods to safeguard it.
-
Use secure transmission protocols: Always transmit payment data over secure protocols like TLS, with encryption and proper key management.
-
Utilize web application firewall (WAF): The Fastly-powered WAF service helps meet PCI DSS 6.6 requirements and protects against common vulnerabilities by blocking malicious traffic before it reaches your site. See more information here and here.
-
Limit access: Ensure that only authorized personnel have access to sensitive payment data, and apply access control to reduce the risk of exposure.
-
Regular security scanning: Perform regular PCI ASV scans and monitor your environment to address potential vulnerabilities.
User and customer support
Setup
-
Support channels: Implement customer support channels such as:
-
Live chat: Offer live chat support for immediate assistance. Popular solutions include Zendesk, Intercom, and Tidio.
-
Email support: Use a support ticketing system like Freshdesk or Zoho Desk to manage customer inquiries effectively.
-
Phone support: If you have a large customer base, consider offering phone support during business hours.
-
Admin user training
-
Internal training: Train your staff on how to use the Adobe Commerce Admin, process orders, manage products, and handle customer service issues.
-
Documentation: Maintain an internal knowledge base or user manual for frequently asked questions (FAQs), troubleshooting, and common tasks.
Customer experience optimization
-
Surveys and feedback: Use surveys to collect customer feedback and optimize the customer experience. Adobe Commerce supports integrations with tools like SurveyMonkey or Google Forms.
-
Review management: Manage customer reviews and ratings on your products. Encourage happy customers to leave reviews while responding to negative reviews appropriately.
-
Personalization: Implement personalization features such as personalized product recommendations or targeted promotions.
Ongoing store maintenance and optimization
Search engine optimization (SEO)
-
Content optimization: Regularly update product descriptions, blog posts, and category pages to keep content fresh and relevant for search engines.
-
SEO audits: Perform regular SEO audits using tools like Google Search Console or Screaming Frog to identify SEO issues (e.g., broken links, missing metadata, duplicate content).
-
URL structure: Keep a clean, logical URL structure and ensure that there are no broken links or redirects.
Conversion rate optimization (CRO)
-
A/B testing: Run A/B tests on different page elements, such as product pages or checkout process, to improve conversion rates.
-
Cart abandonment: Implement cart abandonment email campaigns or exit-intent pop-ups to recover lost sales.
-
Checkout optimization: Simplify your checkout process by reducing the number of steps and offering guest checkout to improve conversions.
Marketing integration
-
Email campaigns: Set up automated email marketing flows for welcome emails, abandoned cart emails, and post-purchase follow-ups. Platforms like Adobe Marketo, Mailchimp, or Klaviyo integrate well with Adobe Commerce.
-
Social media and ad integration: Integrate with platforms like Facebook, Instagram, and Google Ads to run targeted campaigns and track performance.
Mobile optimization
-
Mobile responsiveness: Regularly test your site’s mobile responsiveness and usability. Given that mobile commerce is growing, a mobile-first approach is essential for continued success.
-
Mobile performance: Use Google’s mobile-friendly test and performance tools to optimize your mobile store experience.
Scaling and new feature development
-
Auto-scaling for traffic handling:
-
Adobe Commerce Cloud supports auto-scaling to dynamically adjust server resources (for example, web nodes) based on real-time traffic demands, ensuring that your store can handle high visitor volumes without manual intervention. See autoscaling in the Cloud Guide.
-
Web and service tiers can scale independently, adding more web nodes for increased traffic and scaling database or service nodes for backend performance during peak periods. See scaled architecture in the Cloud Guide.
-
-
Performance monitoring:
-
Use New Relic to monitor real-time performance metrics (e.g., CPU usage, traffic levels) and make adjustments as necessary.
-
Test performance in staging environments before scaling to avoid issues in production.
-
-
Development of new features:
-
Integrate advanced features like AI-driven personalization, subscription management, and custom solutions.
-
Continuously test and refine features in staging environments before deployment to production to minimize downtime.
-
-
Ongoing site maintenance:
-
Regularly review system logs and performance metrics to identify areas for improvement.
-
Ensure infrastructure remains scalable and adaptable to new business requirements and growth.
-
Reporting and analytics
-
Adobe Commerce Intelligence: Commerce Intelligence, a core capability of Adobe Commerce, provides best practice insights across multiple data sources, allowing merchants to make scientific data-driven decisions and take clear and informed actions. See the Commerce Intelligence User Guide.
-
Adobe Analytics: Adobe Analytics offers a powerful solution to track, analyze, and optimize your online store’s performance. Adobe Analytics helps eCommerce businesses gain deeper insights into customer behavior, product performance, conversion rates, and other key metrics, enabling data-driven decision-making.
-
Google Analytics: Use Google Analytics to track customer behavior, traffic sources, and conversion rates.
-
Additional Commerce Intelligence tools: Adobe Commerce includes Advanced Reporting. This feature gives you access to a suite of dynamic reports based on your product, order, and customer data, with a personalized dashboard that tailored to your business needs, see advanced reporting in the Admin User Guide for more information.
Conclusion
Post-launch support and maintenance are ongoing efforts that require regular attention to ensure your Adobe Commerce store continues to perform well, remains secure, and adapts to the needs of your business. Implementing a structured approach to site monitoring, customer support, optimization, and updates is crucial for long-term success.