In response to current press reports regarding security issues at Moonpig.com
Conosco’s outsourced role is to manage the hardware infrastructure that the moonpig.com website is hosted on. The security issues reported today are related to the software application that supports the mobile app, not the infrastructure. For further information please see http://www.moonpig.com/uk/Information/Press/
Moonpig is the UK’s leading online personalised greetings card company. Customers can upload photos to create their own cards or select from existing designs, then add a personalised message and have the card sent direct to the recipient. Moonpig started in 1999 and now has £46m revenues in the UK, with Australian and US subsidiaries growing fast.
Moonpig came to us in 2007 having just raised major funding for a make-or-break television advertising campaign, but with a creaking server infrastructure that wouldn’t cope with the anticipated rush of orders.
We needed to build a new server platform that could handle the peak demands for three years of high growth fuelled by TV advertising. It had to allow for simple and cost-effective expansion without any major changes in the architecture. It had to avoid single points of failure. And the primary objective was to avoid any disruption to the existing service. Oh, and the TV campaign was about to launch.
Without wasting any time we designed and built a new platform including four blade servers, a 15-disk SAN, four high-end firewalls, a clustered SQL server, load-balanced web servers and a VMWare virtual server platform for flexibility.
Blade servers offered high capacity for minimum rack space and energy consumption, as well as allowing defective components to be swapped out without stopping the service.
Virtualisation provided highly efficient use and sharing of physical server hardware, as well as instant failover to different hardware if there’s a physical failure. The SAN also gave the servers great flexibility, allowing the instant provisioning of storage to any server, whilst retaining the simplicity of only one storage platform to manage.
The platform went live, the campaign launched, the jingle worked, demand exploded and the servers didn’t. The success enabled Moonpig to keep advertising and growing.
We now provide a fully outsourced IT department as a fixed price service, collaborating closely on strategy and budgets. We support the production platform of over 100 servers as well as the office desktop environment. We manage the networking, security, remote access, virtualisation and much more. We provide the project teams for upgrades and PCI compliance work. And we audit the systems every quarter to ensure the documentation is up to date.
Online success attracts denial-of-service attacks, where a multitude of hacked PCs are remotely commanded to simultaneously visit the target’s website, overload the servers until they grind to a halt and so deny the service to all of the target’s customers. The target then gets a ransom demand from somewhere overseas.
We helped Moonpig to resist such approaches by reinforcing the firewalls to handle high loads and using sophisticated techniques such as IPS appliances to control denial-of-service attacks and to prevent and detect security breaches.
Although a highly technological company, Moonpig relies on our service to allow it to focus on its strengths in web applications and logistics, and avoid the distractions of keeping the underlying machines running.
“With Conosco’s experience and expertise in a wide range of technologies we were able to grow at a rapid rate. Since the beginning of their involvement, our website systems availability has been improved to the highest level. Conosco have been very professional in their approach and have made our experience of IT ‘effortless’ indeed.”
James Henson, IT Director, moonpig.com Ltd.