Recent Posts

Over the years, Sandstorm^® has built websites on content management systems (CMS) using a variety of programming languages: Python, .NET, and PHP to name just a few. These programming languages support CMSs like Django, Kentico, and Joomla, respectively. Two of the most popular CMSs are Drupal and WordPress, built on PHP.

A common question we hear from clients is whether they should use Drupal or WordPress. While there’s no right answer, there is an answer that’s right for you. Each one has its place, so we've laid out where you can gain the most benefit from each CMS.

The Benefits of Drupal

Speed and Performance

When it comes to a scalable CMS that can support high-volume traffic and vast libraries of content, Drupal beats out WordPress. Not only does Drupal offer better performance out of the box—including default cache features that help pages load faster—it’s more robust for handling complex projects with lots of functionality.

Security

Drupal is favored by many top companies and government agencies, including whitehouse.gov, for its enterprise-level security. Drupal has a very active security team with a stringent review process for plugins and a robust permissions layer that provides nuanced limitations for user access.

WordPress, on the other hand, is a popular target for hackers whose malicious attacks often succeed due to fully coded plugins compromising security. Additionally, WordPress doesn’t provide the flexibility in tailored permissions that Drupal does.

Lead Conversion

When it comes to getting leads through web contact forms, WordPress requires third-party tools like Gravity Forms or JotForm, which will cost you extra.

With Drupal, web form functionalities are already built into the platform, so you don’t need external tools. Drupal can also enable rules and set up triggers so that when someone fills out a form on your website they receive an SMS message from your company, which helps with lead nurturing efforts and potential conversions.

The Benefits of WordPress

Ease of Use for Small Businesses

Since WordPress started primarily for less tech-savvy bloggers, small businesses with a junior development team benefit the most from the platform. Additionally, most writers and content managers have some experience with WordPress, so there's little need to train them on the platform.

Where It's a Toss Up

Supportive Community

Drupal and WordPress users have created diverse global communities that offer international conferences like DrupalCon and WordCamp; local training events and Meetups; and active forums where users can ask questions and learn more about the platform. While the WordPress community is larger than Drupal’s, it’s uncommon that you would run into an issue with either platform that someone hasn’t encountered, and solved, before.

Search Engine Optimization

It doesn’t matter to Google which platform you use, and both platforms offer excellent plugins and modules to help you with your SEO, including Yoast for WordPress and Content Optimizer for Drupal.

At Sandstorm^®, our experts have extensive experience developing, designing, and writing in Drupal, WordPress, and many other content management systems. We’d love to find the one that’s right for you.

Now more than ever, digital security is something that needs a thoughtful approach.

From Yahoo! to the DNC, large, high-profile security breaches are filling the news and making security a hot topic for everyday conversation. There are so many hacks that even data visualizers are struggling to make sense of them all. Which is why 2017 will be the year that companies finally realize the value and necessity of security for their digital properties.

Whether cause or effect, our increasing reliance on technology correlates with the spike in frequency, size, and severity of security breaches. At Sandstorm^®, we're big fans of Steve Gibson and his podcast Security Now, where he talks about the race to keep up with new security threats. With each new security improvement developers release, hackers are ready to uncover weaknesses. Over the years, this has brought us to a place where both the threats—and the necessary defenses against those threats—have reached a level of complexity that can seem daunting.

From Convenience to Security

The complexity and automated nature of modern attacks has changed the industry’s view on the lengths hackers are willing to go to. Now, we have to assume that there is always someone looking to exploit opportunities and weaknesses.

While these are just a few examples of the risks and remediations that companies need to consider, they illustrate the many different attack vectors that developers need to address. The trick is to do the following:

• Define the requirements
• Identify the risks and determine the solutions
• Design a highly functional application that still puts the user first

Trend #1: Rise of the Botnets

Botnets are a major reason for the increase in security issues. As an industry, we’ve known for some time about the danger of improperly patched or unsecure computers and servers that get infected with malware. But in the last few years, risk has increased exponentially due to the prominence of the Internet of Things (IOT). We have an explosion of internet-connected devices (light bulbs, refrigerators, dishwashers, teddy bears) with many of them rushed to market without regard for security.

Night of the Living Malware

Malware programs target these vulnerable systems to create zombie armies of infected computers that work together to feed on sites. The most recent and well known is the Murai botnet, the code of which was released as open source and has since spawned a plethora of derivations. That's right; you heard me. They’re multiplying, evolving, and getting smarter like a creature out of a bad horror movie.

How bad is it? Projections as of 2016 suggested that 35% of all internet traffic consisted of malicious bots. That's a lot of zombies wandering around looking for your server's brains.

GhostBot in the Machine

Another recent example is GiftGhostBot. This attack came to light in March 2017. Bots are brute forcing the pages that allow customers to check the balance on their gift cards. These bots keep guessing gift card numbers (at an estimated rate of four billion requests per hour) until they get one that has a remaining balance. They can then use that gift code to steal from the gift card holder.

What makes this GiftGhostBot particularly sinister is its sophistication. First, the attack is distributed across multiple compromised devices, servers, and computers—which means there’s no way to track and block these requests by IP. Second, the bots have been set up to use over 740 different user agent profiles, meaning they masquerade as different browsers and operating systems to confuse attempts to filter out their traffic. Vendors might add CAPTCHAs or completely remove these pages to remediate the issue. This is just another example of the exponential scale and complexity of attacks that have shifted the conversation towards security.

What You Can Do

1. Your best defense is keeping your systems up-to-date. Apply security updates to all technology in your ecosystem in a timely manner (including websites, servers, computers, employee mobile devices, etc.).
2. Be sure to spend the time to review all new features and components of your digital products with an eye for potential vulnerabilities. Always overestimate the lengths someone would go.
3. When in doubt, engage a knowledgeable specialist to help review your security configuration.

Trend #2: Are You a Robot? – Identifying Friend From Foe

If you’re thinking this is all about the rise of the machines, you might (or might not) be happy to hear that humans still play an important role in threatening your business’s security. While botnets have increased the quantity of attacks, the level of sophistication for attacks has also dramatically increased. In some areas, malicious entrepreneurs have even turned to crowdsourcing to enhance automated attacks. Take CAPTCHA as an example. When those annoying pictures were too much for some bots to circumvent, unscrupulous companies paid real people to fill them out. Bots passed the CAPTCHAs back to humans whose answers were fed back to the bots so they could proceed with their attack.

Invisible ReCAPTCHA

This resulted in concerns with the CAPTCHA as a solution for determining bot from human. While still used, it was understood that this solution is not 100% effective. Recently, however, Google updated their reCAPTCHA service with their new Invisible reCAPTCHA. Maybe you’ve seen this: It’s a simple checkbox that says “I am not a robot.” Because so much information on your behavior has been compiled by Google, it can compare your digital fingerprints and activity against its vast repository of analytics to determine if you’re a real person. Or that’s the theory anyway; the new service has just rolled out and we're excited to see how it matures.

Mollom

Mollom is another service we recommend, specifically for Drupal projects. It takes form submissions on your site and checks the content to see if it looks like bot-generated content. If it does, the content is flagged. This technique analyzes content to protect against spam, relying on the consolidation of massive amounts of examples to understand how to proceed.

What You Can Do

1. You can do is realize that identifying bots is not as straight-forward as it seems. They have gotten very good at pretending to look like real users performing real actions on your site.
2. Shift your thinking to a place where you assume that hackers and spammers are probably smarter (or at least more persistent) than you. Look at each element of your digital products as a place where a bot might pretend to be a human and consider what they might be able to do.
3. Layer different preventative techniques. Don't assume that one fix is enough and have a contingency plan for is a bot does get past your defenses.

Trend #3: Moving to SSL

Another major trend for 2017 will be the push for secure socket layer (SSL or HTTPS) traffic for everything. This has been an important shift for security in the last few years. Previously, SSL was only considered important for highly sensitive data, but a few things have pushed us into a world where regular HTTP traffic is considered unsecure.

Man in the Middle

First, a number of tools have come out that make watching the traffic of someone else on your network very easy to do. This allows a person to see the sites you are visiting and even steal your username and password. This is generally referred to as a man-in-the-middle attack resulting in session hijacking. Traffic over HTTPS helps to protect against that because your browser and the server are essentially communicating via a secret language that only they can understand.

Man on the Side

Second, browsers pulling in content over regular HTTP can't 100% confirm where the content they’re displaying came from. There have been a few complicated attacks over the past few years where malware was sent to site visitors instead of the assets they were expecting. This is generally referred to as a man-on-the-side attack. The attempted attack on GitHub in 2015 is an example of this. Moving towards HTTPS traffic gives the browser certainty that the content it received is the one it was expecting.

Pushing the Transition

If you’re thinking all of that sounds scary, you're not alone. Google agrees and has started to roll out changes to the Chrome browser—you've probably noticed that grayed out "not secure" message near the URL. Additionally, if you log in to a site over regular HTTP, you may also notice a red "not secure" message. This is meant to push websites towards SSL, and it’s only the start. Google has announced additional plans to clearly mark all traffic as not secure going forward.

What You Can Do

1. Work with your hosting provider or website developer to purchase an SSL certificate from a reputable vendor.
2. Have those same partners review your SSL configuration to confirm that you’re using strong protocols and ciphers that have not been deemed to be compromised.
3. You may also need to review your site to confirm that you don't have any mixed content errors, which is when HTTPS pages are referencing insecure HTTP resources.
4. While you're at it, complete a full review of your server configuration.
5. A full penetration test or security scan may also be a good investment.

How Sandstorm Can Help

This is just the start of the conversation and we've only covered a few topics. Whether you’re moving your current website to SSL or want to ensure your new website is developed with the latest security in mind, we utilize the technology and techniques that make sure you’re protected.

Each year, some of the sharpest thinkers you’re likely to meet gather at Chicago’s Columbia College for a high-stakes advertising competition. They’re not professional strategists, copywriters and art directors—they’re college students taking part in The One Club’s Creative Boot Camp, and their work is insightful and inspired.

I know this firsthand because, along with Janna Fiester (Executive Creative Director here at Sandstorm), I was a mentor and judge at this year’s Creative Boot Camp. The annual event is presented by The One Club, the non-profit organization devoted to elevating creative work in the advertising industry. One of the missions of The One Club is to educate and inspire students of the business, and the Creative Boot Camp gives collegians the opportunity to work in teams to develop a multi-media marketing campaign.

Seventeen teams—comprised of students from Columbia, DePaul, Harper and other area schools—worked closely together for three days to develop campaigns for Kraft American Cheese Singles. Serving as mentors, Janna and I (along with a handful of other Chicago ad professionals) moved from team to team answering questions, resolving conflicts and sharing our perspectives.

“You could really sense the passion each team had for their work,” recalls Janna. “These were college students who had never met before being assigned to their Creative Boot Camp team. The research and strategy development they were doing to provide a foundation for the creative work was truly amazing.”

The teams worked around the clock on their campaigns and, on the fourth day, formally presented their work to a panel of judges comprised of Janna and me and four other ad executives. Each team presented its research, strategy and creative rationale for campaigns that spanned TV, print, social media, point-of-purchase and field marketing.

At the conclusion of the presentations, the judges selected the top three teams, each of which received a year’s membership in The One Club. The members of the first-place team were also awarded interviews at Leo Burnett, the agency which sponsored the event.

“It was an amazing experience,” says Janna, “and throughout the four days, the students were incredibly appreciative of the time and expertise we were sharing with them.” And while I concur with her assessment, I have to say that we got back at least as much as we gave.

We can’t wait til next year, when we get to do it all over again.

What Your Employees Want (And How Company Culture Can Give it To Them)

Culture has a huge impact on your brand. It’s something I recently talked about with Forbes, and I’ll shout it from the roof of our office if it helps other leaders avoid learning the hard way like I did.

In Sandstorm’s early days, I discovered just how important creating a positive culture really is. By not focusing on our culture, I ended up not looking forward to working at my own company. But after we took the steps to transform our culture, we added more than 30 Sandstormers to our roster and grew business by 425%. Best of all, I’m absolutely sure that Sandstormers love coming to work every day.

Creating a great culture is as much an art as a science, but it starts by knowing what employees want. A study from PwC shows that these are the four things people want most from their job, and this is how we address them through our unique culture.

1. Job Flexibility

It’s not just Millennials who want flexibility at work; everyone wants a healthy work-life balance. The world’s full of tools that let us work anywhere at any time, so why should we miss our daughter’s first soccer goal or be at the office early after a late-night code deployment?

One of our core values is warrior spirit. To us, warrior spirit means being on an endless crusade to make great ideas a reality and bring out the best in each other. We’re problem solvers, champions, and collaborators who architect client success. And that’s something we do whether we’re in the office or working remote, at work and at play.

2. Professional Development

Career growth is essential to Millennials, and it’s why learning and sharing is another of our core values. If we want to be the best, we need the tools and time to learn how. That’s why we spend thousands of hours every year attending conferences, taking classes, exploring new technologies and trends, and sharing what we learn with each other.

Our senior staff has decades of experience, and they use it to mentor younger members of our team. They’re also active members of the community, sharing their expertise at events and boot camps and speaking at conferences, which helps us discover the next member of our team.

3. To Do Good While Being Great

Reputation matters to clients and employees, and what a brand says and does needs to align. Our mission is to do good work for good people, and we don’t work with organizations we don’t believe in.

We do good outside of work, too. Sandstormers get paid time off each year to volunteer, and we organize volunteer opportunities where we work together at a food pantry or collect for a clothing drive.

4. Have Fun

We’re people, not drones. And nothing builds stronger bonds than having fun together. It’s extremely rare for a week to go by at Sandstorm without there being a birthday lunch or a happy hour. That’s not even counting our super secret events to Cubs games, scavenger hunts, or other outings organized by our Co-Captains of Fun.

And this year I was finally able to give everyone the last week of the year off to go on vacation or spend some much-deserved time with friends and family. I was so happy!

Changing our culture really transformed our business. We can keep growing while making sure our lives are rich, meaningful, and full of fun. And that’s the real reward of focusing on your culture.