Clients begin new projects with a range of experience and clarity around their development needs. Our role often includes helping clients identify their goals (both abstract and concrete), developing features that address those goals and the underlying architecture for the implementation of those features, and finally the project implementation. Our extensive usability, information architecture and business analysis experience allow us to help clients realize their vision.
In general, we follow these steps in developing a new website:
Identify project goals and/or user stories
Identify features that meet those goals and/or user stories
Identify which current technologies best meet those goals and/or user stories
Develop wireframes, prototypes, designs and architecture for those features which fall outside the default behaviours of the identified component systems. This process is called "Documenting the Deltas"
Implement the design and features
Internal QA/review of the site
User acceptance testing (UAT) and revisions
Deployment and performance tuning
Ongoing support and maintenance
Gotham City Drupal uses an Agile/Scrum-based strategy for our development model, where we iterate through steps 2 through 7 above throughout the project lifecycle. In addition, please read our blog article on "Documenting the Deltas", an innovative and efficient method of producing intelligible, useful and actionable documentation for yout project.
Secure Data Handling
The security of your sensitive information is something that we take very seriously. Here are a few of the procedures for all our projects.
When sending passwords or any other sensitive information, please only use the telephone or encrypted files. Better yet, use RSA or DSA SSH key encryption. More information on how this works here.
If possible, use SSH/SCP/SFTP to access your site rather than something like FTP. We will always use a secure channel if possible.
What We Do (when possible)
Firmware / Hard drive passwords: having an operating system password is pretty useless if the hard drive itself isn't password protected. Anyone who steals the laptop can just override the operating system password to get access to the hard drive.
Encrypted Data: protocols like FTP send data in clear text which means anyone on the network can read your files and username/password for the site. Instead it is much safer to use SSH/SCP/SFTP to transfer files. The same applies for data sent to web sites over HTTP instead of HTTPS.
Development Servers: Aside from laptops, the other main place your data might get stored is on an Acquia Managed Cloud or Dev Cloud server, Pantheon dev server, Amazon Web Service EC2 or EBS device, or Rackspace Cloud Sites, Servers or Managed Cloud instance. Naturally these servers are only accessed via SSH or HTTP. Amazon has published information about the security practices for AWS products, and Rackspace Cloud has information on their Cloud Sites security practices here. E-Commerce security is discussed here. Acquia follows the same security procedures as for Rackspace.
While there are always ways to improve security, these protocols meet or exceed current industry standards.