Achieve, Experts in Website Security
“Insecure software is already undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially.” Open Web Application Security Project Top Ten List
A secure website is the best website. It doesn’t matter how glamorous, functional, or robust it is, if it is not secure then it is not worth the screen it is displayed on. Here at Achieve we make sure to follow and exceed the best security practices for a Drupal website. Our developers have extensive experience with web development and strictly adhere to all industry best practices for a safe and compliant site. Achieve has over 90,000 Drupal development hours and counting!
Achieve pays attention to every detail. There are reams and reams of content on website security best practices and the development team is fluent with all of it. Through extensive research, regular updates and communications between team members our developers are all on the cutting edge of security developments.
The Open Web Application Security Project (OWASP) publishes the top 10 security threats to application-based software. Achieve closely follows the verification standards set forth by OWASP for performing web application security assessment. One of the advantages of using Drupal is that out of the box it already meets or exceeds OWASPs recommended practices for secure web applications. Since Achieve is an expert in Drupal development our team always ensures that all custom development initiatives meet or exceed any recommended security practices by OWASP. Our developers routinely design security measures into the application from the start, which is far more cost effective and secure than retrofitting security after the fact.
Drupal’s extensive framework and robust platform give you the best chance at maintaining best security practices for your website, but it is up to the developers to manipulate the software and create the architecture that is intuitive to the user while remaining secure. This is where Achieve comes in; following security best practices can double the lifespan of your website. Achieve’s Development team accomplishes this by constantly monitoring and upgrading any contributed modules for security patches incorporated in long term projects. Our team continually practices rigid internal code reviews to ensure all code is in compliance with Drupal best practices for security. Constant back and forth chatter between team members discussing the current state of one another’s code is common practice amongst the Achieve team. This process is essential to keeping code up to current best practices which are constantly changing.
This was never more evident than in the Dexcom Inc (NASDAQ: DXCM) project that Achieve just completed. As a medical device company, security is of paramount importance, and a driving force for Dexcom was to maintain the utmost level of security to protect its customer’s valuable and highly sensitive personal data. All data within Dexcom’s Oracle system had already been programmed for HIPAA compliance. Achieve had to make sure that all the critical patient data remained HIPAA compliant, otherwise Dexcom could risk being shut down. Achieve used the Drupal Commerce platform to highlight Dexcom’s products while preserving legacy pricing, current client data and payment systems all locked within their Oracle system through web services integration. By utilizing Drupal web services, Achieve was able to create a HIPAA compliant site while also establishing a secure method of access to critical patient data. Through an array of custom built modules Achieve was able to keep all patient data, but the one bit of requested information which was locked in Dexcom’s Oracle system behind a firewall at all times.
A common reason for security breaches among websites is incorrect permission settings amongst users. Drupal gives administrators the ability to set numerous restrictions for users on a node by node level. Achieve is able to manipulate the granularity of Drupal’s permission settings to authorize who can view, edit, and access critical content on a person-by-person basis. Achieve has extensive experience in this area. Currently, we are working on a site for Hunter Industries that gives access to copious amounts of content to users based on their level of membership. Achieve has accomplished similar projects for Bella Pictures, an award winning company that is transforming the wedding photography and videography industry, on both their flagship site, bellapictures.com, and a property focused on the cost-conscious side of today’s wedding market, studioblue.com.
Here at Achieve we are proud of the work we do and strive to build the most secure sites possible. Through transparent work and meticulous coding Achieve is able to create a secure interface for your organization whether it be for wedding photography, medical supplies, HIPPA compliance, membership levels or just for peace of mind of having a secure site insulated from security breaches. Our rigid quality assurance processes are constantly being updated and reviewed in order to deliver the best product to our clients, so that they can Achieve Security.