Sandstorm Blog

Jeff
Sandstorm developers Joe Ruel and Jeff Umbricht at DrupalCon 2018

Every year since 2005, the Drupal community has flocked to DrupalCon to learn, explore and share. This year, the Sandstorm® team headed to Nashville, Tennessee–site of DrupalCon 2018–to get the latest updates on one of our favorite CMSs, find inspiration, and get our hot-chicken fix. Here are a few of the things we took away from this year’s conference.

1. “Clients buy solutions not code.”

Software wizard Vladimir Roudakov reminded us that no matter how impeccable and innovative our code looks, what’s most important to our clients is that our code solves the problems they’re facing. It was a great message to ground us throughout our time in Nashville.

2. By 2020, there will be more than 50 billion connected devices
                      and
3. Most traffic on the internet is non-human

Developer advocate Emily Rose made a pretty compelling case for why we’ll be developing for humanoids in the not-so-far future. With 61% of the internet made up of bot traffic and connected devices estimated to outnumber people 6:1 in two years, that’s a concept that’s hard to argue with.

4. Increasing page speed by one second can increase conversion by 27%

Google announced that by July 2018, pagespeed will be a ranking factor for mobile searches. For businesses to reach that coveted first position in the search engine, they’ll need to make sure their site loads lightning fast. And the reward—a big bump in conversion rate—will be worth it.

5. Drupal makes big dreams a reality

To celebrate the total solar eclipse, Miles McLean and Ken Fang used Drupal to create a once-in-a-lifetime viewing experience, integrating more than 20 video feeds and real-time tracker. Forty million people used the tool to see the solar eclipse.

If you’re looking to do big things with your website, drop us a line.

This blog was posted by Jeff on May 2, 2018.
Jeff Umbricht

About the Author

Jeff Umbricht

Jeff is an Illinois native with a passion for web development. Making code into great things drives him every day. He’s often busy building awesome experiences for Sandstorm clients, and there’s a high probability that he’s rocking out to metal while he codes.

Sandy
Just Launched: Kentico Website for Beloved Household Products, CLR® and Tarn-X®

Jelmar is most recognized for its broad range of cleaning products (CLR and Tarn-X) that have helped solve some of the toughest household cleaning problems... maybe you've seen their commercials to clean your showerhead?

The CLR Brands website was outdated and virtually unusable on a mobile device. There was also a great deal of confusion across the brands – parent company, Jelmar vs its flagship products (CLR and Tarn-X) and related products. The site did not provide a cohesive experience, nor was it intuitive for consumers visiting the site for more information or where to buy CLR or Tarn-X products. It also did not properly serve the needs of its distributors and retailers. Given the brand structure and Jelmar’s drastically different audiences, it was critical to have a modernized user experience that was cohesive while providing variations based on the two distinct user groups. Sandstorm was challenged with reinvigorating and personalizing the CLR brand experience integrating social, digital, marketing automation and the website; as well as utilizing technology to drive better business decisions – which is why the Kentico EMS content management system was ultimately selected.

Based on our in-depth user research, one of the primary goals for consumers was to identify where they could buy CLR products. Sandstorm completely overhauled the “Where to Buy” feature (formerly the Retailer Locator feature, which we renamed based on our usability study results). This tool incorporates a custom Product Search, including radius map in several key areas of the site to improve overall usability – check out the Where to Buy feature here. On the administrative side, Sandstorm developed a product management tool within Kentico, so Jelmar staff can easily manage updates to products in a single location, which propagates throughout the site. In addition, Sandstorm implemented Kentico’s Smart Search to drastically improve the findability of products, "How To" videos, FAQ spec sheets, blogs and news, etc.

Behind the scenes, Sandstorm utilized Kentico’s Staging and Synchronization features to manage development and testing in one environment, user acceptance and content editing in a second environment, and live production in a third, while ensuring that integration of code and content between the sites can always be easily managed and synchronized. From a content migration perspective, Sandstorm utilized Kentico’s import utility and custom scripts to map content into the new site, product details, images and related taxonomy. Sandstorm also leveraged Kentico’s features for tagging, categorization, Google sitemap generation, and other capabilities to improve SEO of the site.

The entire project included a complete redesign, in-depth user research, information architecture, usability testing, UX/UI development, Kentico install/configuration, Kentico web development, content migration, QA testing, analytics and launch. Additionally, upon launch, Sandstorm ran multiple email campaigns using Kentico’s Contact Management and Email Marketing features to deliver messages segmented for audiences interested in retail products separately from products for industrial/commercial uses.

End results? 380% increase in use with a 78% increase in site entrances directly to the new "Where to Buy" versus the previous "Retailer Locator". Overall 12% increase of pageviews, and an 11% reduction in bounce rate – within the first 30 days. Visit clrbrands.com.

This blog was posted by Sandy on January 23, 2018.
Sandy Marsico, Founder & CEO

About the Author

Sandy Marsico

Sandy Marsico is the founder & CEO of Sandstorm®, a digital brand experience agency that turns consumer insights into engaging user experiences through our unique blend of data science, brand strategy, UX and enterprise-level technology.

Emily Kodner
NICB Drupal 8 E-Commerce Site

At Sandstorm®, we take security seriously. For the not-for-profit National Insurance Crime Bureau (NICB), that means preventing insurance fraud and theft across the United States. NICB turned to Sandstorm to design and develop a brand-new website that could better help them advance their mission.

The launch of this site represents a significant shift for NICB. The previous website addressed two audiences: the general public and current members. By focusing on non-member audiences, NICB can more clearly convey their message and raise awareness with common consumers.

With an iterative, user-centered approach that utilized usability testing to refine navigation items and page layouts, we designed an intuitive user experience that we developed in Drupal 8. By building in the newest version of Drupal’s content management system, we were able to give NICB a robust e-commerce platform with an intuitive administrative interface.

We are honored to help NICB raise awareness of their mission and help combat insurance fraud and theft. Check out the new NICB website for yourself.

This blog was posted by Emily Kodner on November 21, 2017.
Emily Kodner

About the Author

Emily Kodner

Emily is our Web Strategy Director. She consults with clients, leads projects and works alongside our team of creatives and developers to provide solutions to complex business challenges.

Emily Kodner
Association for Corporate Growth launches new, responsive website.

At Sandstorm®, we thrive on designing and developing exciting new websites. But we also know how important a great event can be. That’s why we couldn’t have asked for a better opportunity in creating a site for ACG.

The Association for Corporate Growth (ACG) is the global community for business leaders focused on driving middle market growth through mergers and acquisitions. As a chapter-led organization, ACG is heavily focused on events, holding over 1,200 around the world each year for industry professionals and the association’s 14,500 members to network.

In order to drive their own growth, ACG turned to us to design and develop a website platform that provided individual sites for the global organization as well as its 58 chapters. Each site not only needed to be mobile friendly and visually appealing, it needed to be user friendly and easy to manage for each chapter, an objective we were able to achieve as a result of several efforts:

  • Attending ACG’s annual event and conducting stakeholder interviews to hear directly from leaders and members what they needed from the new website
  • By integrating the Drupal 8 content management system (CMS) with the netFORUM association management system (AMS)
  • Conducting a usability study on the new design to ensure it was intuitive and easy to use
  • Building a collaborative space for chapters and committees to digitally communicate and share essential documentation

We’re honored to help ACG continue driving middle market growth around the world. Check out the new ACG website for yourself.

This blog was posted by Emily Kodner on June 20, 2017.
Emily Kodner

About the Author

Emily Kodner

Emily is our Web Strategy Director. She consults with clients, leads projects and works alongside our team of creatives and developers to provide solutions to complex business challenges.

Nick
Drupal vs. Wordpress

Over the years, Sandstorm® has built websites on content management systems (CMS) using a variety of programming languages: Python, .NET, and PHP to name just a few. These programming languages support CMSs like Django, Kentico, and Joomla, respectively. Two of the most popular CMSs are Drupal and WordPress, built on PHP.

A common question we hear from clients is whether they should use Drupal or WordPress. While there’s no right answer, there is an answer that’s right for you. Each one has its place, so we've laid out where you can gain the most benefit from each CMS.

The Benefits of Drupal

Speed and Performance

When it comes to a scalable CMS that can support high-volume traffic and vast libraries of content, Drupal beats out WordPress. Not only does Drupal offer better performance out of the box—including default cache features that help pages load faster—it’s more robust for handling complex projects with lots of functionality.

Security

Drupal is favored by many top companies and government agencies, including whitehouse.gov, for its enterprise-level security. Drupal has a very active security team with a stringent review process for plugins and a robust permissions layer that provides nuanced limitations for user access.

WordPress, on the other hand, is a popular target for hackers whose malicious attacks often succeed due to fully coded plugins compromising security. Additionally, WordPress doesn’t provide the flexibility in tailored permissions that Drupal does.

Lead Conversion

When it comes to getting leads through web contact forms, WordPress requires third-party tools like Gravity Forms or JotForm, which will cost you extra.

With Drupal, web form functionalities are already built into the platform, so you don’t need external tools. Drupal can also enable rules and set up triggers so that when someone fills out a form on your website they receive an SMS message from your company, which helps with lead nurturing efforts and potential conversions.

The Benefits of WordPress

Ease of Use for Small Businesses

Since WordPress started primarily for less tech-savvy bloggers, small businesses with a junior development team benefit the most from the platform. Additionally, most writers and content managers have some experience with WordPress, so there's little need to train them on the platform.

Where It's a Toss Up

Supportive Community

Drupal and WordPress users have created diverse global communities that offer international conferences like DrupalCon and WordCamp; local training events and Meetups; and active forums where users can ask questions and learn more about the platform. While the WordPress community is larger than Drupal’s, it’s uncommon that you would run into an issue with either platform that someone hasn’t encountered, and solved, before.

Search Engine Optimization

It doesn’t matter to Google which platform you use, and both platforms offer excellent plugins and modules to help you with your SEO, including Yoast for WordPress and Content Optimizer for Drupal.

At Sandstorm®, our experts have extensive experience developing, designing, and writing in Drupal, WordPress, and many other content management systems. We’d love to find the one that’s right for you.

This blog was posted by Nick on May 1, 2017.
Nick Meshes

About the Author

Nick Meshes

Nick is Sandstorm’s Director of Analytics and Technology. He’s boosting our quantitative focus. He’s busy increasing our capabilities in web analytics, website optimization testing, SEO, SEM, display advertising, business intelligence, and personalization.

Sean

Now more than ever, digital security is something that needs a thoughtful approach.

From Yahoo! to the DNC, large, high-profile security breaches are filling the news and making security a hot topic for everyday conversation. There are so many hacks that even data visualizers are struggling to make sense of them all. Which is why 2017 will be the year that companies finally realize the value and necessity of security for their digital properties.

Whether cause or effect, our increasing reliance on technology correlates with the spike in frequency, size, and severity of security breaches. At Sandstorm®, we're big fans of Steve Gibson and his podcast Security Now, where he talks about the race to keep up with new security threats. With each new security improvement developers release, hackers are ready to uncover weaknesses. Over the years, this has brought us to a place where both the threats—and the necessary defenses against those threats—have reached a level of complexity that can seem daunting.

From Convenience to Security

The complexity and automated nature of modern attacks has changed the industry’s view on the lengths hackers are willing to go to. Now, we have to assume that there is always someone looking to exploit opportunities and weaknesses.

While these are just a few examples of the risks and remediations that companies need to consider, they illustrate the many different attack vectors that developers need to address. The trick is to do the following:

  • Define the requirements
  • Identify the risks and determine the solutions
  • Design a highly functional application that still puts the user first

Trend #1: Rise of the Botnets

Botnets are a major reason for the increase in security issues. As an industry, we’ve known for some time about the danger of improperly patched or unsecure computers and servers that get infected with malware. But in the last few years, risk has increased exponentially due to the prominence of the Internet of Things (IOT). We have an explosion of internet-connected devices (light bulbs, refrigerators, dishwashers, teddy bears) with many of them rushed to market without regard for security.

Night of the Living Malware

Malware programs target these vulnerable systems to create zombie armies of infected computers that work together to feed on sites. The most recent and well known is the Murai botnet, the code of which was released as open source and has since spawned a plethora of derivations. That's right; you heard me. They’re multiplying, evolving, and getting smarter like a creature out of a bad horror movie.

How bad is it? Projections as of 2016 suggested that 35% of all internet traffic consisted of malicious bots. That's a lot of zombies wandering around looking for your server's brains.

GhostBot in the Machine

Another recent example is GiftGhostBot. This attack came to light in March 2017. Bots are brute forcing the pages that allow customers to check the balance on their gift cards. These bots keep guessing gift card numbers (at an estimated rate of four billion requests per hour) until they get one that has a remaining balance. They can then use that gift code to steal from the gift card holder.

What makes this GiftGhostBot particularly sinister is its sophistication. First, the attack is distributed across multiple compromised devices, servers, and computers—which means there’s no way to track and block these requests by IP. Second, the bots have been set up to use over 740 different user agent profiles, meaning they masquerade as different browsers and operating systems to confuse attempts to filter out their traffic. Vendors might add CAPTCHAs or completely remove these pages to remediate the issue. This is just another example of the exponential scale and complexity of attacks that have shifted the conversation towards security.

What You Can Do

  1. Your best defense is keeping your systems up-to-date. Apply security updates to all technology in your ecosystem in a timely manner (including websites, servers, computers, employee mobile devices, etc.).
  2. Be sure to spend the time to review all new features and components of your digital products with an eye for potential vulnerabilities. Always overestimate the lengths someone would go.
  3. When in doubt, engage a knowledgeable specialist to help review your security configuration.

Trend #2: Are You a Robot? – Identifying Friend From Foe

If you’re thinking this is all about the rise of the machines, you might (or might not) be happy to hear that humans still play an important role in threatening your business’s security. While botnets have increased the quantity of attacks, the level of sophistication for attacks has also dramatically increased. In some areas, malicious entrepreneurs have even turned to crowdsourcing to enhance automated attacks. Take CAPTCHA as an example. When those annoying pictures were too much for some bots to circumvent, unscrupulous companies paid real people to fill them out. Bots passed the CAPTCHAs back to humans whose answers were fed back to the bots so they could proceed with their attack.

Invisible ReCAPTCHA

This resulted in concerns with the CAPTCHA as a solution for determining bot from human. While still used, it was understood that this solution is not 100% effective. Recently, however, Google updated their reCAPTCHA service with their new Invisible reCAPTCHA. Maybe you’ve seen this: It’s a simple checkbox that says “I am not a robot.” Because so much information on your behavior has been compiled by Google, it can compare your digital fingerprints and activity against its vast repository of analytics to determine if you’re a real person. Or that’s the theory anyway; the new service has just rolled out and we're excited to see how it matures.

Mollom

Mollom is another service we recommend, specifically for Drupal projects. It takes form submissions on your site and checks the content to see if it looks like bot-generated content. If it does, the content is flagged. This technique analyzes content to protect against spam, relying on the consolidation of massive amounts of examples to understand how to proceed.

What You Can Do

  1. You can do is realize that identifying bots is not as straight-forward as it seems. They have gotten very good at pretending to look like real users performing real actions on your site.
  2. Shift your thinking to a place where you assume that hackers and spammers are probably smarter (or at least more persistent) than you. Look at each element of your digital products as a place where a bot might pretend to be a human and consider what they might be able to do.
  3. Layer different preventative techniques. Don't assume that one fix is enough and have a contingency plan for is a bot does get past your defenses.

Trend #3: Moving to SSL

Another major trend for 2017 will be the push for secure socket layer (SSL or HTTPS) traffic for everything. This has been an important shift for security in the last few years. Previously, SSL was only considered important for highly sensitive data, but a few things have pushed us into a world where regular HTTP traffic is considered unsecure.

Man in the Middle

First, a number of tools have come out that make watching the traffic of someone else on your network very easy to do. This allows a person to see the sites you are visiting and even steal your username and password. This is generally referred to as a man-in-the-middle attack resulting in session hijacking. Traffic over HTTPS helps to protect against that because your browser and the server are essentially communicating via a secret language that only they can understand.

Man on the Side

Second, browsers pulling in content over regular HTTP can't 100% confirm where the content they’re displaying came from. There have been a few complicated attacks over the past few years where malware was sent to site visitors instead of the assets they were expecting. This is generally referred to as a man-on-the-side attack. The attempted attack on GitHub in 2015 is an example of this. Moving towards HTTPS traffic gives the browser certainty that the content it received is the one it was expecting.

Pushing the Transition

If you’re thinking all of that sounds scary, you're not alone. Google agrees and has started to roll out changes to the Chrome browser—you've probably noticed that grayed out "not secure" message near the URL. Additionally, if you log in to a site over regular HTTP, you may also notice a red "not secure" message. This is meant to push websites towards SSL, and it’s only the start. Google has announced additional plans to clearly mark all traffic as not secure going forward.

What You Can Do

  1. Work with your hosting provider or website developer to purchase an SSL certificate from a reputable vendor.
  2. Have those same partners review your SSL configuration to confirm that you’re using strong protocols and ciphers that have not been deemed to be compromised.
  3. You may also need to review your site to confirm that you don't have any mixed content errors, which is when HTTPS pages are referencing insecure HTTP resources.
  4. While you're at it, complete a full review of your server configuration.
  5. A full penetration test or security scan may also be a good investment.

How Sandstorm Can Help

This is just the start of the conversation and we've only covered a few topics. Whether you’re moving your current website to SSL or want to ensure your new website is developed with the latest security in mind, we utilize the technology and techniques that make sure you’re protected.

This blog was posted by Sean on April 13, 2017.
Sean Fuller

About the Author

Sean Fuller

As Technology Director, Sean is a hands-on developer and technical lead on projects. He works with design and strategist teams from kick off through launch to plan, design and execute technical solutions for client projects. 

THIS FILE WAS POSTED UNDER: 
this file was posted under: 
Dubai skyline, user experience, UX, IA, information architecture

I recently had the incredible opportunity to travel to Dubai. It’s a city of extremes: intense 120° F heat, malls with skiing and diving—with tiger sharks—and architectural feats beyond my wildest imagination. Out of all these wonders, what impressed me the most was the ever-evolving infrastructure of this bustling, technologically advanced city.

In Dubai, the roads change constantly to account for all of the new construction. In fact, they change so frequently that residents and taxi drivers say they often run into a dead end or end up trapped on a road that has changed overnight. GPS isn’t just used for convenience in Dubai, it’s used for survival.

A website’s information architecture is a lot like a city’s infrastructure: as you add new information, you need to create new navigation. If you’re constantly changing where you place information and how customers navigate your website, your users will be just as lost as drivers in Dubai.

A common method to improve the user experience (or UX) of a digital space is to mimic a real world pattern. For example, e-commerce mimics a grocery store: you typically have a shopping cart, you add to the shopping cart, and then you go through the checkout process.

The challenge comes when you start building and adding on to the original experience. While Dubai’s original city center is pretty easy to navigate, as the city grew at a rapid pace the new roads ignored the original conventions. Often—to accommodate new construction—roads had to be shifted and changed, causing friction and confusion among drivers. When designing your website, it’s imperative that you account for how it may evolve in the future and avoid foreseeable challenges as your company grows.

Sandstorm has a dedicated team of UX design specialists—including designers, architects and researchers—who help clients build websites that utilize information architecture best practices and provide cutting-edge user experiences. 

This blog was posted by on August 29, 2016.
Safina Lavji

About the Author

Safina Lavji

As a UX Architect, Safina actively empathizes with users to bridge the gap between user needs and what the client delivers. 

Joshua
Ensono, branding, tech, mainframe, brand strategy, content strategy, marketing strategy, web development

Machines possessing hopes and dreams is a classic theme explored in science fiction. Sandstorm® explored this theme when Acxiom IT restructured their organization and needed a rebrand to reflect their new position as a tech company that dreams of the future.

Acxiom IT recently became a standalone infrastructure management services business, which required a new name and brand strategy to set them apart from their former parent company. Sandstorm® was hired to guide the 46-year-old business as they developed a new corporate identity. The result: the Ensono brand and a vision for the future.

Sandstorm®'s first step was diligent research. We examined the client's history, needs, behaviors and desires to understand where they've been and devised a marketing strategy to help them reach where they wanted to go. In speaking with their senior leadership, it became clear that they wanted to position themselves as a solution that meets the needs of the present and the future. Although they offered industry-leading mainframe solutions, Ensono needed help representing themselves as a company that develops and innovates for the future.

With renewed focus on addressing current client needs while engineering solutions for the demands of tomorrow, we turned to creating a new name. Sandstorm® went international while exploring the concepts of progress and dreaming: "enso" is a Zen concept that refers to strength and creativity, and "in sogno" is an Italian expression meaning "in dreams." By merging these words and concepts together, Ensono, or the company that dreams, was created. This idea of inventive and adaptable thinking followed through the positioning statement, key messages, content marketing tactics, and digital marketing strategies.

Sandstorm® assisted Ensono with their brand launch and website development and has continued to partner with them on many projects including: collateral materials, promotional video, product campaigns, corporate signage, and assisting with the interior design of their new office space.

If you are dreaming of a new marketing strategy, Sandstorm can make it a reality.  

 

This blog was posted by Joshua on August 4, 2016.
joshua sovell

About the Author

Joshua Sovell

As the Marketing Manager Joshua is in charge of crafting the Sandstorm narrative via compelling blog content and community engagement.

Jeff
Jeff Umbricht: Front-End Developer, Outdoorsman, Metalhead

Hey, my name is Jeff, and I’m the new guy. I’m a twenty-something who grew up in the northwest suburbs and made my way to Chicago after a couple years in Evanston.

My interest for web development started at the age of 13 after making a website for a friend’s band. In college I started making a career out of this passion by studying web design and interactive media. I learned a little bit about everything from video production to graphic design to web application development. My focus gravitated toward the behind the scenes aspect: web development.

There’s nothing more satisfying than writing code to make a browser transform text into something amazing! After a few years into the industry and honing my dev chops, I’ve joined the amazing team at Sandstorm as the newest front end developer. I’m ecstatic to be surrounded by such passionate individuals and excited to do good work for good people!

A few fun facts about me:

  • I built a holiday wish list website for my family to keep track of who wants what and who bought what. This comes in very handy with 4 children who each have their own significant other.
  • I’m a metalhead. February 2016 will be the 3rd consecutive year I’ve gone on a heavy metal cruise called “70,000 Tons of Metal.”
  • I’ve been known to keep a tent in my car just in case my friends and I feel like an impromptu camping trip. I’m slowly checking places off my must see list including: Big Sur, Shawnee National Forest, Grand Staircase-Escalante, and Death Valley.
This blog was posted by Jeff on October 8, 2015.
Jeff Umbricht

About the Author

Jeff Umbricht

Jeff is an Illinois native with a passion for web development. Making code into great things drives him every day. He’s often busy building awesome experiences for Sandstorm clients, and there’s a high probability that he’s rocking out to metal while he codes.

THIS FILE WAS POSTED UNDER: 
this file was posted under: 
Jason
Andy Cullen, Senior Engineer and Team Lead

Senior Web Developer Andy Cullen is expanding his role into Senior Engineer and Team Lead. In a position that is new for both Andy and Sandstorm, he’ll mentor our junior and mid-level developers as well as provide direction for the team for Drupal web development projects and beyond. Andy will make sure they have the support they need while helping them grow into larger projects and responsibilities.

Andy will also coordinate with our strategy team to provide valuable insight for clients, all the while keeping our projects rolling with the quality and cool determination he’s known for here at Sandstorm.

Congrats, Andy!

This blog was posted by Jason on August 6, 2015.
Jason Dabrowski

About the Author

Jason Dabrowski

Jason is one of Sandstorm’s designers and also helps keep the office running smoothly. As a veteran of the theatre—from acting to directing, lighting to set design—he knows the value of hard work and a positive attitude. Look for his unique voice on the blog.

THIS FILE WAS POSTED UNDER: 
this file was posted under: 

Pages