Stories in Sustainable/Open Business
It goes something like this:
(Client): I want to add a shopping cart to my site. I heard that xyz cart is free, can you add that for me?
(Developer): Sure! That looks easy.
Whether you realize it or not, you're doing CRM already. Customer Relationship Management (CRM) has become a hot buzzword that all kinds of businesses desperately want. I think the perception is that a CRM will somehow magically bring in sales, coordinate sponsors, manage members, fix your business.
What are the results you are trying to achieve? How can your web site help you get those results? These are a couple of questions we're starting to ask all our clients, and what we're finding often reveals some very easy things we can do to drive more results, quickly and easily.
There's a few problems with setting up shop on the web. All of your competitors are right next door. You're in the worst neighborhood, with crooks inventing new tools to break in every day. That parking lot you just built now has to accommodate scooters and semi trucks. Your customers now expect perfect service, or they will just go next door.
Results. Return On Investment. Value. How do you measure these things in a website? There's one thing you can easily measure -- cost. Or at least the amount you actually spend to build and maintain a site. The others are far more troublesome to measure.
Not 4 hours after posting my most recent blog stressing the importance of setting up systems with disaster recovery in mind, fate stepped up and thwacked me. "Oh yeah, think you're so resilient?
If there's one thing that's constant in the web world, it's change. We've seen huge change over the years: personal pages, forums, RSS, blogs, YouTube, MySpace, Twitter, Facebook, Pinterest, spam, ubiquitous performance attacks, Internet Explorer 10, Firefox going from 0.9 to 22, smart phones, tablets, and more.
Before doing any changes to your web site, the first thing to figure out are your goals. As a web development shop, we focus on building web sites that create measurable value for our customers, aligned with their goals.
Some common goals:
- Help me close more sales from people who I send to my web site (brochure/information)
- Bring me new customers (online marketing, SEO)
- Help me manage sales leads (CRM)
- Increase sales (e-commerce)
How you should revamp your site completely depends upon which of those goals (or whatever other goals you may have) are most important for your business at the current time.
Yesterday Drupal.org got hacked, and potentially all the password hashes on the site fell into malicious hands. According to the security team's announcement, the attack was not a result of a Drupal vulnerability, but of other, as yet undisclosed, software on the server.
Drupal has long had one of the best security track records among open source CMSs. The security team does a great job of tracking down even the smallest exploits, often removing modules that maintainers choose not to fix. The vast majority of fixes and security updates we see are protecting against "privilege escalation" -- vulnerabilities that can only be exploited by users who already have some level of administrative access.
For example, there was a webform update yesterday to close a hole that allowed somebody who already had permission to create or edit a webform, to gain full administrative access. We use webforms on a huge number of sites, but we have never set up a configuration where we give an untrusted user the power to create or edit webforms. And yet on a large, community driven site, you might want to give some people the ability to create a survey without further access. This kind of strict, detailed review leads to a project that has a high level of security baked in. It's very rare that we see the more dangerous kinds of exploits -- SQL Injection, Cross-site scripting (XSS), or Remote Code Execution.
This incident highlights that there is more to security than just the software. In this case, something else in the hosting environment provided a weakness that allowed an attacker to break in. What was it? They haven't said, so far, but we can speculate on some possibilities:
Hey, that's not what I was thinking!
That's a very common complaint customers have with developers, when they receive the result of weeks or months of hard work. And it indicates a failure of planning.
What a pleasure to work with Freelock in launching our family website for the West Seattle community. John and Jill were vital to our success. We quickly saw that Drupal could handle our scope of requirements and thrilled to find that many of our wish list features were doable with such a capable staff. Communication and support are out of this world impressive with the Freelock team and set the standard for the industry. On time and in budget. Freelock is the clear choice.West Seattle Family Zone