I've heard a lot about the need for speed in starting an e-business, but I am also aware that everything has to be right with the website and the supporting processes, and it has to be secure. How do I get the balance right between ensuring the site is secure, and getting the first mover advantage that everyone keeps talking about? I'm concerned that if I spend too long developing and testing my site, I'll lose out to a company that's up and running more quickly.
In trying to work out how long you have to deliver your e-business, you must recognise two truisms:
You're pretty much caught between a rock and a hard place. The trick you need to pull off is to successfully deliver the absolute minimum set of functionality that you can get away with for the initial launch, without doing this in such a way that it constrains what you might want to deliver in the future.
However, working out the absolute minimum set of functionality for launch is pretty tough, since this has to make sense in the wider context of your vision. You need a strong idea of what the long term vision is, and the major steps you intend to take in order to get there.
So how long should you spend in total? To give you something to benchmark against, at Quidnunc, we manage our clients through a structured process that aims to get to the bottom of these types of questions in four to eight weeks.
We then go on to launch the first version of the site within a further three to six months. Unless your site is trivial (if so, what's stopping anyone else doing it?) you can't launch any quicker than three months, given that you need to factor time to design, build and test the software, hardware and hosting services; create the operational team; put in place the relationships you need and create, then deliver on your marketing plan.
Stake your claim quickly
There are two aspects of Internet-user behaviour that pull online ventures in opposite directions. On the one hand, people quickly settle on a small number of sites that they visit regularly, and don't explore further unless they have to. This means that there are very significant advantages to moving as fast as possible.
On the other hand, people tend to give a site one try and if they have a bad experience never return to it. This would imply that it's a wise idea to delay launching until your site is sufficiently robust and functional to be sure that customers will have an experience that they want to repeat.
The right approach depends on your situation. If you really intend to be the first player, then you need to prioritise ruthlessly what you will deliver from day one, to stake a claim before anyone else gets there. It is perfectly reasonable to "fake" things behind the scenes in these circumstances, perhaps using third-party hosted services (e.g. for secure payment) and clerical staff to do all the transactions manually. This will allow you to build the audience and turnover that will enable you to raise the money to build scalable automated transaction systems, as well as allow you to get user feedback to refine the site and service offering.
However, it should only be viewed as a short term fix, as this approach is unlikely to generate operating profits. So, always have the end goal in mind before you start, even if the implementation is phased. What's a more likely scenario, is that there are existing players in your category. In this case you need to launch with a site that is comparable to the competitors in all the important areas, and notably superior in at least one of them.
If you want to be a market leader, rather than a niche player, there is not much point in bodging something lightweight together. It won't save you much time, and you will only have to throw it away. So, spend the money to build a proper flexible and scalable n-tier architecture.
Security is a priority
From the security perspective, it's important to consider a variety of opportunity costs - including of course, the cost of poor security versus the cost of lost business due to implementation delays. It is not unreasonable to assume that a security breach within an e-commerce business can result in the whole business failing.
Having said that, if the security concerns can be addressed rapidly and easily, these issues can be avoided - and the obvious way to achieve this is to reuse measures that have proven successful elsewhere. Firewalls, IDS technology, SSL and secure shells for management all provide well-understood mechanisms, and if well-managed, can be highly effective against all but the most determined attacker.
I'd recommend that new e-businesses begin with the straightforward mechanisms provided by their hosting organisation, and get their business running.
Thereafter, the only really effective way of being assured of their security is to carry out testing.