By far the most common oversight by clients (and often by inexperienced developers) is the long-term solution. We start projects so they can be finished, so that means that the project has to “live” somewhere for the foreseeable future, right? Most clients gloss over this need assuming the developer will take care of it. Other times, they wait until the day before the launch to find out the Developer didn’t plan. In the worst cases, the client has no idea where their digital product lives and the developer goes AWOL. It’s important to be a part of this planning from the beginning.
Whether it’s a Web site or an application, it has to live somewhere other than the developer’s laptop so that it can be seen and accessed by the world. That means a number of things, but most importantly are these two questions:
What services does the application need in order to function properly?
What kind of security is necessary and who offers it?
The first is something your developer should have at least an idea about before launch day comes, but make sure you have a punch list of system requirements so you know what you need in the event you need to change developers. Remember, you own the digital product - you paid for it - and it’s not OK for them to simply walk off with it and leave you hanging. It’s not a lease.
The second question will probably fall more under your knowledge. As the business owner, you know what regulations, if any, likely apply to your business better than your developer. It still needs to be a conversation, but your developer should be able to make some recommendations on infrastructure (or make a good judgement call based on your information).
For Compliance Clinic, we’re talking about a heavily regulated industry and security is going to be paramount for the application information. This is primarily related to the potential loss of reputation versus the sensitivity of any data being collected. For our part, we know that we need to be archiving digitally signed agreements for an unspecified period of time. We also like to err on the side of caution, so we’re looking for a service that encrypts data “at rest”. The “Big 3” (Microsoft Azure, Amazon Web Services [AWS], and Google Cloud Storage [GCS]) all do this, however only Azure and GCS do this by default. AWS, according to documentation, requires a setting to be flipped. For Compliance Clinic, we opted to use GCS for our archiving, primarily because of our familiarity and use of other Google products that allows us to manage the active services and settings more easily.
A second consideration is how quickly do you anticipate traffic outgrowing your infrastructure? While Digital Ocean can be an inexpensive hosting option for both marketing sites and application servers, it’s much slower to scale your servers up if you need it. We must consider whether low cost is worth the risk of the application being unavailable because too many people are trying to access it at the same time - which would be a great problem to have. For Compliance Clinic, we have opted to host the marketing site on a standalone Digital Ocean server with some content caching services in place to keep from overwhelming our meager site. The application is hosted separately, which can be easily done using subdomains, and allows us to host it on a separate Digital Ocean server (while we use GCS to archive PDFs) and leave it open to migrate to Google’s Cloud Platform for improved scalability in the near future.
Keep the needs of your application in mind when you’re considering the final home and get a requirements list from your developer prior to launch so you can speak to your business’ needs in the future.