Working with GVS

Typical Industries

Our service lines lend themselves to certain kinds of work and certain industries.

• Media and publishing companies
• Libraries
• Higher education
• Conference and other event sites
• E-commerce websites based on Ubercart

Process

Clients come to us with varying levels of experience and clarity about what they want to develop. Our role often includes helping clients identify abstract goals, developing features that address those goals and the underlying architecture for those features, and finally the project implementation.

In general, we follow these steps in developing a new website:

1. Identify project goals and/or user stories
2. Identify features that meet those goals and/or user stories
3. Develop designs and architecture for those features
4. Implement the design and features
5. Internal QA/review of the site
6. User acceptance testing and revisions
7. Deployment and performance tuning
8. Ongoing support and maintenance

GVS approaches development with an Agile/Scrum-based strategy where we revisit the above steps 2 through 7 in iterations throughout a project.

Secure Data Handling

The security of your sensitive information is something that we take very seriously. Here are a few of the procedures for all GVS projects.

What You Should Do

1. When sending passwords or any other sensitive information, please only use the telephone or encrypted files.

2. If possible, use SSH/SCP/SFTP to access your site rather than something like FTP. We will always use a secure channel if possible.

What We Do (where possible)

1. Firmware / Hard drive passwords: having an operating system password is pretty useless if the hard drive itself isn't password protected. Anyone who steals the laptop can just override the operating system password to get access to the hard drive.

2. Encrypted Data: protocols like FTP send data in clear text which means anyone on the network can read your files and username/password for the site. Instead it is much more safe to use SSH/SCP/SFTP to transfer files. The same applies for data sent to web sites over HTTP instead of HTTPS.

3. Development Servers: Aside from laptops, the other main place your data might get stored is on an Amazon Web Service EC2 or EBS device. Naturally these servers are only accessed via SSH or HTTP. Amazon has published information about the security practices for AWS products.

While there are certainly ways to make this more secure, these are as good or better than current industry standards.