The Changing Face of Software

The right software can greatly enhance the productivity of business users. However, traditional tools are not always suited to the modern business landscape, where people may work from home or a local Starbucks as easily as a cubicle. Likewise, associations and nonprofits may have committees and boards who lack access to the same physical network, creating a barrier to collaboration.

Software as a Service

Fortunately, the last two years have seen a remarkable level of growth in decentralized, Web-based applications, often described by the term "Software as a Service" (SaaS). Because this type of software is accessed through a Web browser, it's available to anyone with an Internet connection. Even better, many of the most useful tools are available at no cost. When there are fees, SaaS applications have an additional (and significant) advantage over traditional offline software. Pricing usually takes the form of a subscription which can generally be changed or canceled at will, making the cost of commitment very low.

Alternatives to Existing Software

With a driving interest in technology (not to mention enormous resources), Google is a leader in providing excellent tools for free. One of its most notable offerings is a collection of applications called Google Docs. This system provides an online alternative for creating and editing text documents, spreadsheets and presentations. It can open and save standard Microsoft Office documents and makes it very easy to share them with others for review and collaboration. Google provides a number of other tools (nearly all free) which provide Web-based alternatives for email, calendars, and even payment processing.

New Opportunities

Web-based software also offers new possibilities for accomplishing tasks that traditional office applications don't handle well. For example, many people resort to email for group communication when it's really better suited to one-on-one correspondence. Services such as our own GroupLoop.com, a committee management tool, aim to solve this problem by organizing discussions and providing specific features for certain kinds of communication like RSVPs and reminders. A business-oriented group chat application called Campfire provides an excellent way to hold a discussion in real time while maintaining a permanent, searchable archive. Blogs and email newsletters provide much more economical and timely methods of communicating with members than traditional printed mailings.

Integration

A common question when considering the adoption of new technologies is how well they may integrate with existing systems. Specifics vary, of course, but in general this is an area that SaaS vendors have worked hard to address. Many services provide open access for developers to write software that extends features or provides access to data so that systems can work together. New data standards are making exchanges of information easier than ever. For example, using Google Calendar to schedule events automatically makes a data feed available that can be used to display those events on a website.

Privacy and Security

Many business users are also concerned about the security of data hosted by Web-based applications. Working this way does mean giving up a certain amount of control. However, it's worth noting that the network-level protection offered by service providers like Google is typically far more robust than what an average business employs to protect its data. The same common-sense guidelines apply to Web applications as offline ones, such as choosing strong passwords. Many providers make their services available over encrypted connections for additional security. It's always a good idea to review a service provider's policies before trusting them with sensitive information, and when the Web browser becomes a platform for delivering software, it's also critical to keep up to date on patches.

The Bottom Line

The modern software landscape offers many new ways of delivering both existing and innovative services through the Web. Adopting SaaS technologies can be an excellent way to gain efficiency while reducing software costs. With a generally low cost of commitment, there's almost certainly at least one area where Web-based software can benefit your business. If you're able to identify such an area but can't find software to meet the need, CWS specializes in developing custom Web applications and we encourage you to contact us for a risk-free discussion.

Ask CWS: How do Online Credit Card Payments Work?

As more and more business is being done online, we've seen an increase in the demand for applications that include real-time processing of credit cards. To make smart decisions when you're setting up a payment solution, it's helpful to have an understanding of how these transactions are handled. Although the whole process happens very quickly (usually just a couple of seconds), there are several different components involved that all have to work together.

Step 1: A customer submits payment information to your website. This connection must be encrypted with SSL, a sophisticated technology that prevents anyone from intercepting the contents of the request while it's being transmitted from the user's local computer to your server. As a website owner, you'll need to purchase (and renew annually) an SSL certificate for these connections.

Step 2: Your Web server takes the payment information and opens a second SSL-encrypted connection in the background to a payment gateway. A gateway is a secure server that acts as a bridge between Web applications and the payment processing network. There are many different gateway providers, though your bank may have a partnership with a particular vendor. Some popular gateways include Authorize.net, LinkPoint and Payflow Pro. Although they all perform the same essential funcion, each has its own set of features (and fees), and many factors may influence your decision. For example, if you're using an off-the-shelf shopping cart, it likely supports a particular set of gateways. Some gateways handle particular types of transactions that others do not.

Step 3: The payment gateway contacts the processing network to determine if funds are available for the transaction. The cardholder's issuing bank relays a response back to the gateway.

Step 4: What happens next depends on the type of transaction. An authorization simply gets approval for the purchase, with the actual charge to happen at a later time. For example, when shipping hard goods, the sale is not complete until the order has been fulfilled. A final sale, on the other hand, immediately charges the customer. Examples would be payment for a service or electronic download, where fulfillment occurs immediately. The payment gateway has details for the merchant account provided by your bank and will route the payment accordingly.

Step 5: The results of the transaction will be passed from the payment gateway back to your Web server. For approved payments, this typically includes a unique ID that can be used to reference the transaction later. If the transaction failed, a status code or other message will be given to help determine the cause (insufficient credit, incorrect expiration date, etc.). The Web server will then display an appropriate success or failure screen to the user.

The entire process happens very quickly under normal circumstances, and the customer never sees what's happening in steps 2-4. However, all this background infrastructure is critical and the pieces must work together. As a website owner, you must have the following to accept payments online:

1. An SSL certificate (see step 1 above)
2. A merchant account that supports Internet transactions. If you don't have one already, apply with your bank. One notable exception is a service offered by PayPal called Website Payments Pro, which bundles merchant and gateway services together and does not require a separate merchant account.
3. A payment gateway that supports your merchant account

Each of these services will have its own set of fees, so shop around and find the best set of features and value for your needs.

A helpful summary of the entire process can be found here. CWS specializes in developing Web applications that make businesses work better. If we can help you implement an online payment solution, contact us at support (at) cws (dot) net.

Walking a Mile in Someone Else's Shoes

One of the values we try to live by at CWS is user-centric design. That is, we believe that websites and Web-based applications are most effective when they're designed to make the tasks performed by end users as easy as possible. This may sound obvious, but in reality it's much easier said than done.

People tend to assume that others basically think like themselves, and it's very difficult to overcome that feeling. In the same way that a filmmaker might have a hard time watching a movie without analyzing the lighting and camera angles that the rest of us take for granted, the different groups of people using a site will come with different sets of assumptions.

This can be a trap both for the people who create websites and those who own the content. Programmers can think of a site in terms of infrastructure, or let technology drive design in place of experience. Business owners or other stakeholders may be more concerned about what they want to say than what the end user wants to know. Thinking about a site solely from our own perspective can handicap a great idea.

This principle applies both to design in general, content writing (the most overlooked component of good design) and to search engine optimization. There may be a big difference between the search terms that a business owner thinks are applicable to his website and those that his customers actually use. It doesn't do any good if a site performs well for searches on "mechanical contractor" but consumers are only looking for "heating repair." In the same way, a site that gives a passionate description of product benefits but never answers questions about price may drive away people who are doing research to build a shortlist of potential vendors.

There are many formal processes and tools to help you put yourself in a user's shoes (personas and use cases, for example), and we can help you walk through these, but the best way to start is simply talking to the people who will use the site or application being designed. Find out what people love and hate about the tools they use now.

Customer loyalty comes from giving people what they want. As Zig Ziglar has famously said, "You will get all you want in life if you help enough other people get what they want."

New GroupLoop Feature: Additional Email Support

One of our most common feature requests for GroupLoop is tighter integration with email software. The application already offers several features for notification by email, like when you post a new message or document, or set a reminder for calendar events. But now GroupLoop can accept incoming email, too. You can send a message to your GroupLoop account and it will be automatically forwarded to other members while still maintaining the central archive that makes GroupLoop so useful.

Here's how it works. Each GroupLoop committee can now be assigned a "drop box" email address that allows it to process messages. To start using the feature, you'll need to assign a short name to the committee (no spaces or special characters) that will form the email address.



For example, say the account cws.grouploop.com has a committee called GroupLoop Developers. We might assign it a short name of "developers." The email address for that group would then become developers.cws@mail.grouploop.com.

Only people who belong to the committee can send messages to the address. When they do, the text of the email will be created as a new GroupLoop message, and a copy will be forwarded to everyone in the group. If a member replies to the email, their message will be added as a comment under the original posting. This helps keep email conversations centralized, permanently archived and collected by discussion, without requiring a login every time you want to add to the conversation.

To assign a short name to your committee (only account administrators can do this), click the "People" tab and then the committee name under "Manage Committees" in the right sidebar.

We hope this new feature saves you time and helps to make GroupLoop an even more useful part of your workflow!

Launch: 300Financial.com

As previously mentioned, CWS has been working the past few months with 300 Financial, an organization providing services to financial advisors, on a variety of applications. Last week the company's public website was released along with a number of private web-based tools.

One of these tools allows advisors to collect some basic financial information from a potential client and automatically determine both things that are done well and potential trouble spots. The web-based application considers such variables as asset allocation, exposure to interest rate volatility, the impact of account expenses over time, and estate planning needs.

This system automatically assembles a report for the client in the form of an 80-page PDF document, with options that the financial advisor can tailor as needed to the client's unique situation. Armed with this information, advisor and client can quickly identify areas to target for improvement and make intelligent decisions together.

Another set of calculators helps those nearing or in retirement to design a series of structured investments that will provide the correct mix of portfolio growth and monthly income for their needs, again based on the individual's situation.

CWS has enjoyed developing these tools to help deliver the right knowledge to financial advisors and their clients, giving them the insight needed to make wise choices for the future. We look forward to ongoing development with 300 Financial.

How Security Problems Happen

As computers and web-based software have become deeply integrated into our daily lives, so has a consciousness of security issues and the vulnerability of digital information. Even in the past few months, a number of high-profile breaches of computer security have been widely reported.

How do attacks happen? Although specifics vary, a surprising number of security breaches come through the same pathways -- just as a large number of residential burglars enter through the front door.

A new report from the SANS Software Security Institute has just been released analyzing the top security vulnerabilities reported during 2006. The report identifies three main programming errors which were responsible for most breaches. Even non-programmers can learn something from this report.

Error 1: Accepting input from users without validating it. If you sell your car to a dealer, he's probably going to pop the hood and make sure the vehicle contains an engine before he writes you a check. In the same way, a web-based application needs to ensure that any data it receives is safe before it uses it. In a simple case, attackers (usually automated software rather than actual human beings) can manipulate an insecure contact form on your website into sending spam. More serious attacks could result in exposing an entire database of customer information to the world.

What can you do? If you're responsible for having a website or application developed, discuss the security implications with your programmers and be sure they have a good understanding of how to handle these issues.

Errors 2 and 3: Buffer and integer overflows. In plain English, a buffer is a bucket of computer memory that's intended to hold a certain amount of information. If an attacker force-feeds more data than expected into a buffer, he can sometimes manipulate the computer into executing additional code. Similar attacks can be made by forcing the value of an number to become larger than the software is equipped to handle. Most of these kinds of attacks occur on system-level software that the average user has little control over.

What can you do? Immediately apply software patches as soon as they're released. Don't ignore that Windows Update icon that says you have updates to install. Install antivirus software and keep it up to date.

These measures will not make your software invulnerable to attack. Even well-designed programs can fall prey to a determined attacker, just as a well-secured home may be burglarized. But you should still lock the front door.

Launch: Runway Reporting System

Let's pretend you're driving down the freeway in your new corvette at 120mph. Since it's the middle of winter, wouldn't it be nice to know if there are icy spots up ahead?

At the airport, pilots are faced with this situation each time they land a plane.

To solve this problem, CWS developed an "Airport Field Conditions Reporting System" which is now in use at the Rochester International Airport. Control towers all over the country have access to real-time statistics about the conditions of the runways at our airport. They can relay this information to pilots as they prepare for landing, or re-route air traffic if necessary.

During severe weather conditions, the website may be updated several times each hour as airport crews continue to plow runways and apply chemicals. Ground staff at the airport has access to update the live data quickly, with each update logged and available immediately.