The Biggest Problem Companies Have with Web Development
In our work with clients and new prospects, we’re lucky to be able to talk with many local businesses about their web development. Some of them come in never having hired a developer before, while others have cycled through several freelancers or even agencies, never finding the right fit.
Apr 2021 - 3 minutes read
Although many challenges can set the average development project back for days or even weeks, the most unfortunate stories that we hear aren’t about delays. Instead, they’re about a simple, innocuous habit that even the most conscientious developers can do without thinking.
So, what’s this big issue? The biggest problem we see in development today is that developers so often carry all the keys to the castle.
Even large and well-organized businesses can find that they’re not in control of their web development, and they don’t even realize it’s happening. It’s only when a developer leaves or gets fired that they realize that the business doesn’t have any master credentials for their own website, app, or other development projects.
Let’s discuss this issue as we’ve experienced it, and show how businesses can amicably take back control of their development, keeping their projects safely within their sphere of influence.
Why is This Problem So Common?
We believe that this issue is so prevalent not because of malice, but because developers and their clients simply don’t know any better.
When a company is still in its early stage, it’s typical for them to hire either a freelance developer, or bring an individual on to their team who can work on their digital assets. At these early stages, many companies won’t have set any security or password policies, and may not have the budget for enterprise password vaults or other similar software.
This leaves it to the developer to determine how they want to proceed with password management and security. In these situations, it’s easy for security to become a casualty of speed. If a developer is crunched for time, it’s simplest for them to open accounts in their name, and keep the passwords and credentials in a personal vault. Most of the time this occurs because of inertia, not malice.
Most companies won’t even realize that this is occurring until the developer moves on, or gets fired. That’s usually when the leaders of the company realize that they don’t own any of the master credentials, leading to a tense scramble to get them back.
How We Deal with This Issue
At SimplyPHP, we’re exposed to this issue by our potential clients, sometimes as often as once a month. We’ve been seeing it so frequently that it’s become a regular question that we ask incoming clients. Although most of the time it’s resolved by a simple conversation, it’s unfair of any developer to put their client or their boss in that situation.
To help avoid the issue in the first place, here’s what we suggest.
Set Security Policy Early
From the very first days of your company’s existence, make security a priority. If you don’t have the expertise to do this on your own, hire an expert to help. There are plenty of IT security consultations who would love to work with you to lay out sensible and risk-averse security protocols, including policies on password management, multi-factor authentication on company devices, and more.
If you have a security policy set in stone from the start, it’s much easier to enforce as the company continues to grow.
Centralize Password Storage
One of the things that any good security policy should lay out is a standard for password management, including where they’re stored to ensure maximum security. Depending on your needs, you may opt for a centralized credential server, or it may be simpler to use an enterprise product like LastPass, Dashlane, or 1Password.
Regularly Check Security Credentials
If your company makes a habit of regularly checking security credentials, it helps to avoid a security situation when a staff member is on their way out. Your business’s online security should never be a personal matter, or a referendum on whether you trust an employee. I
Instead, built it into your yearly calendar as a regular event. By regularly checking credentials, it allows every company to assess their security risks and remove anyone who no longer needs access.
Take Back Control of Your Credentials
No business should let their developer put them in a situation where they’re no longer in control of their master credentials. When a business isn’t in control of this critical data, it’s more than just a security risk. It puts your company’s very identity in the hands of one person. By taking back control of your business, you can ensure a much more secure future moving forward.
SimplyPHP is passionate about web development, and we love to share resources with current and future clients on the philosophy that drives our company. Want to hear more? You can find our growing collection of articles on our website, and videos and podcasts on our YouTube channel.