From Engnyte to MS SharePoint Online: A Successful Migration to Improve Data Security and Management
Info Setronica | April 3rd, 2023
Setronica’s team migrated the client’s data to Microsoft SharePoint Online, Azure and Azure DevOps stack, saving fees, improving collaboration and security with role-based access control.
The Most Efficient Development Philosophy: Think DevOps
Alisa Zamaraeva | November 11th, 2022
In the world of modern technologies, software development is one of the fastest-evolving areas. Through the last decades, even development approaches changed and brought out new methodologies. The most popular one today is DevOps. What Kind of Beast is DevOps? Sometimes DevOps is considered as just a term for particular tools, in fact being a whole philosophy reflecting the necessity of close collaboration between the teams responsible for application delivery. The methodology is based on 3 principles: Some business owners have already heard of DevOps here or there and came to a conclusion that DevOps is some kind of technological stack: CI servers, development platforms, automatic deployment tools and so on. The truth is, DevOps implies using some particular tools but is not limited by them. Without the above-mentioned principles and your team sticking to them, such tools can be useless. The same is true for people who think that implementing CI/CD pipelines is enough to implement DevOps. The key principle still lies in the area of team communication: everyone who works on an application must exchange information. Otherwise it will make no difference to the traditional development. Another trap one can fall into is thinking that hiring a few DevOps engineers will solve all the problems. Actually, having an outsource DevOps team is a good idea — until your own developers accept the described principles and use the same instruments. You have to adjust your processes and culture first. And a good professional can help here, if you accept their advice. DevOps Tools Though DevOps tools don’t equal the DevOps approach, it’s necessary to adopt the corresponding stack. DevOps implies working with the cloud infrastructure. The most popular cloud service is AWS. Besides a public cloud, AWS provides specific APIs and various web-services. Cloud infrastructure helps to make development teams’ collaboration easier and application deployment smoother. Besides, AWS offers a huge number of useful services for almost everything from data storage to CI/CD orchestration. Kubernetes is another great tool which leverages DevOps. It helps to wrap services into containers and manages everything connected with them. Also, DevOps uses tools for deployment automation, cloud infrastructure management (for example, Terraform), CI/CD automation software like Jenkins or TeamCity and several others. Most of them concentrate on the automation of any development or operating process that can be automated, because this is how continuous integration and delivery is achieved. As we said before, adopting the proper tooling is only the first step for implementing DevOps into your processes. DevOps as a Development Approach In traditional development, the team is usually divided into groups: developers, QAs, system administrators (if any), management and so on. The development cycle — whatever methodology is applied — in this case is divided into consistent steps: creating a technical task, prototyping, writing code, testing, etc. But going from step to step, some information about the application (and the desired result) is lost, because no one cares about explaining to colleagues what was done and why. No one sees the process in the whole, probably except for the project manager, and doesn’t understand its purpose. Such miscommunications may cause undesired process interruptions, restrain the development process and move the deadlines further and further. DevOps implies tight connections and interactions between the developers and other teams. And that’s how it works: when developers, QAs, and system administrators know what’s happening in other teams, they’re able to think in advance and avoid many annoying problems. The best you can do to support the cooperation is to hire or train DevOps professionals who will think as developers and system admins at the same time. Of course, a few DevOps engineers can’t ensure your whole development cycle automatically becomes DevOps. Every team member must adopt the corresponding instruments and remember about communication. In Setronica, all software engineers and other professionals stick to the DevOps approach and have perfected all the corresponding tools and skills. DevOps Benefits So, once again: why is it worth using the DevOps approach? The short answer is that DevOps allows the team to work faster and make fewer mistakes. And if you dive in deeper, you’ll see that this approach emerged in response to the developers’ and users’ needs for quite a reason. The efficiency of DevOps is proven by the following points: Thus, DevOps helps optimize business and development processes, cuts costs and saves time. With DevOps tools and way of thinking, any team can perform the maximum efficiency with minimum expenses. In Setronica, we think that DevOps is the most profitable development approach. It’s not a silver bullet, but it proved its efficiency for many companies. That’s why we adopted the DevOps tools and practices and keep sharpening our professional skills. Let’s start building something great together! Contact us to implement CI/CD pipeline, set up a robust cloud environment and adjust your system and team to DevOps principles. To learn about our team and expertise, visit our ‘About Us‘ webpage.
Information Security Management System
Alisa Zamaraeva | April 3rd, 2020
ISO-27001 is widely known for providing requirements for information security management systems. The development of software products and digital services has changed a lot over the 20 years of our company’s existence. We’ve used different ways to improve the development process and introduced the most promising technologies and quality control methods. Even though this brought fruitful results, we are not ready to stop. The moment you manage to team up the best technical specialists, unite them into a single and monolithic department for solving any technological problems, it’s time to improve management processes. One of the improvement methods that we decided to apply was the construction of a system according to the ISO27001-2013 standard “Information Security Management System ”. Company’s Mission In addition to the direct goals and successful results in the context of particular projects, we also take care of maintaining our mission: creating the best and most effective digital services for our customers, creating our own services, and improving the industry by introducing the best and most advanced technologies. The main product of our business is not a software code per se; it is architectural and managerial decisions, expertise, and methods for the most efficient construction of digital platforms. We believe that identifying and executing the company’s mission is very important for building an information security system. The applicability of the standard in the company and its scope can be determined by a correctly organized mission. Scope If a business is in the technological field, any consultant or auditor will recommend that the entire company be included in the scope of the ISMS, which makes the implementation process complicated, lengthy, and expensive. These factors usually become an obstacle to the implementation of security in processes. We created the architecture that allowed us to include only certain areas in security processes related to decision making and defining the functioning of business processes. This greatly reduced the complexity of the implementation. This software development process was successfully certified. Implementation Method The ISO series standards focus primarily on business continuity. Among managers, there is a tendency to believe that security processes are needed only to protect material assets, storage media, and control access to the office. For these purposes, a company usually creates a security department with people experienced in law enforcement (police or army). As a result, they have a department that interferes with business development (or even freezes it) in order to reduce the risk of data or office equipment being stolen. This method didn’t work well for us as the main value in our company is flexibility and the ability to adapt to any conditions to improve efficiency. That is why we have built a risk management system that allows us to manage incidents and accidents, investigate causes, and prevent their occurrence. In other words, it allows keeping business continuity that everyone needs. Thus, the protection against theft of data or office equipment that we mentioned above, became an addition to a well-built system. This happened all by itself with an introduction of a modern standard, specifically focused on the prevention of such issues. Security has become a part of our business processes having integrated itself as an invisible part, taken for granted. Implementation Result As a result, we got business processes protected in their architecture from external influences. Duplication of decisions, transparent management processes, simple and understandable instructions “What to do if …” for any emergency. For business, this means an opportunity to concentrate not on micromanagement within the organization and attempts to tie the company together, but on finding new ways to grow and expand. Security has become the corporate glue that has put together development teams, management, and leadership into a single structure. Our method suits perfectly the SCRUM and Kanban methodologies used in company management. In accordance with the Agile manifesto, we focus on the people who work for us, rather than the processes in which people become cogs in the mechanism. Everyone is important to us, that is why with the help of security processes we made, our team feels as comfortable as possible, both in terms of security of their work processes and due to the simplicity of corporate interaction based on the principles of ISO27001-2013. Future Plans We do not stand still, our business is constantly transforming and improving, so our security system is changing and developing with it. In the future, we not only want to improve our own processes, make them simpler, more resistant to threats, and more understandable, but also eager to help our customers and partners to build reliable processes. We offer our knowledge and experience, we know exactly how to apply it with minimal risk for a company that needs such knowledge. Indeed, one of the most important requirements of the ISO27001-2013 standard is the continuous improvement of the implemented system. The most important thing for us is not to stand still.
How Designated PIM Software Beats the Spreadsheets
Yuliya Malinina | February 17th, 2020
I’ve been working with and making Product Information Management (PIM) software for eCommerce since 2008. Here are the thoughts I want to share. First things first, my intro to PIM PIM’s main idea is centralizing product content creation. This is implemented through 3 following steps: Collect ALL information on products (Supplier price lists, Digital assets, Marketing materials, Buyers’ testimonials, Internal instructions for content managers). Enrich product profile with data valuable for end-user (add a product to hierarchies, translate product descriptions into a brand’s tone and language of the content consumer). Disseminate product info across all channels (Website, Mobile app, Amazon catalog, Facebook store page, eCommerce platform, etc.). Get feedback, and go to Step 1. Now to the main point of this article One of the most common “not to have PIM” reasons I’ve been getting — “We manage all our product descriptions in Excel spreadsheets. How’s PIM better than this?” My usual answer is that PIM is the one place where content is. It minimizes the chance of errors and allows multiple parties to update product catalog content at the same time. One place to keep product content To elaborate on the points above: PIM allows manufacturers and retailers to focus all content creation efforts in one place and maintain a consistent presence in all channels. There can be only one product profile, and only this profile will be distributed between content consumers. As a result, we can avoid the problem shown below: Minimized error possibility Via role-based access control. If a user with the Content Editor rights is not supposed to change a product name provided by the Supplier, for instance, they won’t be able to. With the help of UI. PIM’s UI displays numerous product attributes in logically arranged groups, some attributes have references to pre-filled lists of possible values. Also, PIM user interface helps content editors with tips when some mandatory data is missing. On top of things, there is a changelog of the product profile. So, one can see when the product title from the Supplier was changed, compare the previous and current versions of it, and edit the title for the eCommerce channel if required. PIM Workflow PIM software has a certain workflow, during which the product profile is gradually getting closer and closer to a “ready for publishing” status. Workflow is transparent for the company staff so that the digital assets team would know which products are waiting for a photo. As a result, content editors would be able to distinguish and prioritize new products with yet empty profiles and the products, which content requires immediate attention and corrections. And all of them are able to work in parallel. And to bring the issue to a close, ask yourself: “Can I achieve all of the above with the help of spreadsheets?”. Probably not!
Cookie Day. What will happen on Feb 17, 2020?
Yevgeny Gorbachev | February 12th, 2020
Winter is coming… A cookie day for people and their agents – browsers, that may break your user experience or even affect your life… Will it be a global Armageddon of the Web, or just cause a local malfunction of some old-time sites? It’s time to figure it out. Taste of HTTP Cookie First of all, please welcome to the world of HTTP cookies. Mozilla Developer Network gives the following definition of cookie: An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user’s web browser. The browser may store it and send it back with the next request to the same server. It was intended to introduce the state of a web session for the stateless HTTP protocol. Cookies are set by a server and then sent back by the agent with every request to the server. That, in turn, allows to manage the session, personalize user’s preferences, or track user behavior. Be Aware! Confidential information must never be stored in cookies, as the entire mechanism is totally insecure. The cookie values are visible to the end-user and can be changed by him or a man-in-the-middle. Cookies are often used to identify a user and their authenticated session, so stealing a cookie can lead to hijacking the session as well. Common ways to do that include Social Engineering or exploiting cross-site scripting (XSS) vulnerability in the application. That is why the proper baking of the cookies is so important. Besides a data payload, the cookie may also have additional settings, instructing the user’s browser how to handle it. For instance, the cookie could be a session one that is deleted when the agent shuts down, or a permanent one, expiring at a specific date (Expires) or after a specific length of time (Max-Age). All these instructions along with a cookie itself are specified by the server in the dedicated Set-Cookie header. The Set-Cookie Header in a Nutshell Common Syntax Set-Cookie: <cookie-name>=<value>[; <directive>[; <directive2>…]] All the directives could be split in two major parts. Lifetime Settings Directive Meaning <none> A session cookie is erased when the client shuts down, and the session is over. Expires The maximum lifetime of the cookie in HTTP-date format. Max-Age A number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. If both Expires and Max-Age are set, Max-Age has precedence. Security Settings Directive Meaning Domain It defines the scope of the cookie: what hosts the cookies should be sent to. If omitted, it defaults to the host of the current document URL, not including subdomains. If a domain is specified, subdomains are always included. Note: A cookie for a domain that does not include the server that set it should be rejected by the user agent. Path It defines the scope of the cookie: what URL path must exist in the requested URL in order to send the cookie. Secure A secure cookie is only sent to the server when a request is made with the https scheme. Insecure sites http can’t set cookies with the Secure directive anymore. HttpOnly Forbids JavaScript from accessing the cookie. For example, cookies that persist server-side sessions don’t need to be available to a client, and the HttpOnly flag must be set. This mitigates the XSS attacks. SameSite Strict The browser will only send cookies for same-site requests (requests originating from the site that set the cookie). If the request originated from a different URL than the URL of the current location, none of the cookies tagged with the Strict attribute will be included. Lax Same-site cookies are withheld on cross-site subrequests, such as calls to load images or frames, but will be sent when a user navigates to the URL from an external site; for example, by following a link. None The browser will send cookies with both cross-site requests and same-site requests. In general, a cookie must not be sent with cross-origin requests (where the site is defined by the registrable domain), providing some protection against cross-site request forgery attacks (CSRF). Note: Browsers are migrating to have cookies default to SameSite=Lax. If a cookie is needed to be sent cross-origin, opt out of the SameSite restriction using the None directive. The None directive requires the Secure attribute. <prefixes> __Secure Cookies with names starting with __Secure-must be set with Secure flag from a secure page (TLS aka HTTPS). __Host Cookies with names starting with __Host-must be set with Secure flag, must be from a secure page (HTTPS), must not have a Domain attribute (and therefore aren’t sent to subdomains) and the path must be /. Same-Site-None Cookies Now we are ready to dive into technical details about the upcoming changes in browser behavior. Google Chrome will be the first browser to roll out a change that might not be compatible with a web application. Here they are: Since Chrome 80, cookies that do not specify a SameSite attribute will be treated as if they were SameSite=Lax with the additional behavior that they will still be included in POST requests to ease the transition for existing sites. Cookies that still need to be delivered in a cross-site context can explicitly request SameSite=None, and must also be marked Secure and delivered over HTTPS. Firefox already has these implemented with Firefox 69 behind a developer preference flag but has given no target release version for enabling it by default. Edge has announced support with an upcoming new version, but no ETA has been given on that yet. Safari has not signaled adoption yet. Others – No adoption signal yet. Which Workflows May Be Affected Single sign on (SSO) integration with Identity Providers (idPs) via the protocols as SAML 2.0 and OpenID Connect/OAuth2. When a web application implements SSO, several redirects happen under the hood for the user authentication from the agent to idP and back with authentication confirmation. That confirmation is represented by a token sent back to the app. The app performs the
How Search The Outsourcing Development Companies? Introduction
Yuliya Malinina | January 23rd, 2020
Searching for outsourcing development companies is a painstaking task. A contractor should be reliable and pro. One who can implement a task quickly, in time and efficiently. Where can we find outsourcing companies meeting the stated criteria? Most of us turn to sites with different ratings of developer companies. However, there are a lot of sites, collections do not match, open question how companies get to these tops. As a result instead of solving the problem, we get even more inconsistent information. Which websites show what information and what conclusions can be drawn from it is the topic of our series of articles. First of all lets deal with the sorting of companies that provide ratings: Aggregators of companies. Websites like Clutch, 99firms, hackernoon e.t.c.Who makes top lists of companies in various fields of business. Freelancing platforms. Like Toptal, Freelancer, Upwork e.t.c. Allows you to see performers ratings before hiring them. Analyst agencies. Like Gartner, Frost & Sullivan, IDC Corporate e.t.c. Periodically publish ratings of the best companies. Depending on the business-specific of rating providers they use different approaches. It’s impossible to say unequivocally that one approach is better than the others. More correct to say that you should choose an approach that suits your goals. Before we go to the first item “Aggregators of companies” let’s write down a task that you want to solve with outsourcing developers help and criteria that your ideal partner should have. Let’s try to find it together! For example, I want to find an outsourcing developer. That company should have experience in eCommerce and works for medium and large companies. Find out what comes out of this in the following articles. Stay tuned! Also, read another article in our blog New ones How to get access to an online database for every guinea pig breeder? and about Browser Extension development and marketing campaign based on intent data
How to get access to an online database for every guinea pig breeder?
Yuliya Malinina | January 16th, 2020
We’ve got an interesting challenge to create backend for guinea pig breeders database. During the development process we learned that now just a few sources exist and can be useful if you want to find guinea pig test cross answer. So we’re sharing the URLs to free trial software application for guinea pig breeders. It may give you more insight into your guinea pigs. Calculate Inbreeding coefficient. Import and Export of the Data. And find guinea pig test cross answer https://www.zooeasy.com/features/breeding-guinea-pig/ https://guineapigsplanet.weebly.com/guinea-pig-breed-guide.html
Which way is better for my business Browser Extension development or marketing campaign based on intent data?
Yuliya Malinina | January 16th, 2020
I found out that marketing campaigns with intent data using became more and more popular. I was very interested in it and decided that I’d love to do research to find out which way could be more effective for companies with cashback and coupons business because the past several months I took part in such a platform launch . Would benefits of using intent data be higher than other efforts for user acquisition? I’ll try to compare the benefits of using intent data to benefits of other actions such as UA based on social networks targeting and Browser Extension development like Rakuten’s cashback button, that finds deals, coupons, cashback at all connected with Rakuten stores and shows SERPs during their members browse something on the internet For the beginning let me share with you a bit more details what Intent data means for marketers (I’m pretty sure you know, but anyway, just in case.. ) Intent data shows which leads or accounts are actively conducting research online in other words it’s a behavioral information collected about an individual’s online activities, combining both topic and context data. So you can get a rich source of data regarding the interests of the buyer and can create the basis for predicting a future purchase. There are two types of Intent data collection: First party intent data – it also called engagement data and marketers have been using it for a long time, so there is nothing new here Third party intent data – most interesting and newest one because this data comes from external sources. While marketing automation tracks our own web properties, third-party intent data providers can track everyone else’s. A potential buyer often makes a small review before making a purchase. He can do this review directly on the seller’s website – read a blog, download whitepapers, analyze reviews of previous customers. Or on a third-party site – that is, watch content that is related to the product. The conversion to a purchase from such an advertisement is higher than in an advertisement using data collected about users on social networks. According to various estimates, by 200-400%. 3.5% – conversion from Google search (alternative sources say 1.7%) versus 0.7% in social networks, averaged data on the US market. The entire search engine business is built on intent data. The opportunity to use their knowledge about the intentions of users they sell to advertisers (through Google Ads, for example) After analyzing this information, using targeting based on data from social networks for advertising no longer looks as interesting as before. Therefore, I decided that I would choose between advertising based on intent data and a browser extension development. To answer this question, first I’ll try to find out if the browser extension is really effective and how much the cost of intent data providers services. Browser extension: First, let’s figure out why it is needed at all (if you’re not Rakuten and don’t have millions of your website visitors 🙂 ). First of all, to increase conversions in paying users. A plugin recognizes a specific product that user views and instantly displays all available coupons and discounts on it. Such triggers in 90% of cases motivate a person to buy and conversion rate increases. Also, if users allow browser plugins to view the contents of the pages they read it can become one of the sources of Intent data as well! For example if I create a browser extension for my site it turns out that I automatically begin to collect this valuable information and in the future I can share it with advertising networks by acquiring another source of income? (Not sure but it would be good to know.. ) And the most interesting thing is that users who install the plugin also have benefits from its use, primarily by saving their time. They no longer need to constantly look at the offers of stores in order not to miss the discount, because the plug-in will notify them about it as soon as a favorable offer appears in the store. Using SimilarWeb (also, by the way, a browser extension) I found Cashback and Coupons sites with monthly number of visitors less than 1M (To comparison: Rakuten has over 70M visitors monthly) – https://dealhack.com, https://www.rebatesme.com. So, less than 1M users visit them every month but they all have a plugin which they actively promote on their sites. Does this mean that their plugins are effective? I can evaluate this only by indirect signs, such as plugin updates in their Chrome Store stores. All companies have the latest plugin version update released no later than November 2019, which means that they support them. Would you start spending money on supporting something that doesn’t bring you income at all? I don’t think so. I certainly wouldn’t. I assume that the plugin will help increase conversions and it would not be bad to develop it. Intent Data Providers: Google search helped me to find a list of B2B Intent Data Providers very quickly , https://datarade.ai/data-categories/b2b-intent-data, but none of them published their prices openly, so it was not possible to quickly evaluate the financial side of the campaign. I’m going to communicate with each of them and share my results with you as soon as I get them.
Why is an RnD outsourcing service a good choice for business improvement?
Yuliya Malinina | December 20th, 2019
RnD – research and development – is the process, that has main goal to find new opportunities, products, services, operations or improve existing ones. Everything to increase competitive advantage. There is the stereotype, that only leading companies can afford RnD. However, nowadays middle and small companies can take advantage of the RnD process turning to the services of outsourcing companies. Moreover, even big companies increasingly prefer to entrust finding new solutions to professionals, rather than building an internal team. Reasons to consider RnD outsourcing: Top talent ready to work. You don’t need to bear costs for hiring and onboarding. Faster time-to-market. Improvements or new products are ready within a much shorter time-frames. Understandable and measurable process. High-level roadmap, important metrics, demo, and MVP. Expertise in the different areas of business. Outsourcing works with various clients, that contribute to accumulating interdisciplinary expertise. That helps with finding your unique solution. Entrusting RnD to an outsourcing company will become a great decision in the process of finding new opportunities, products, services, operations or improving existing ones. An experienced team will save you time and cut costs. Contact us and let us tell you why Setronica Research and Development service is a good choice for your business.
Recent Posts
- Enhancing Medical Image Segmentation with CIDN: A New Approach to Detecting Vessels and Bone Fractures
- Coding Marathon: Inside Setronica’s 8-Hour Innovation Sprint
- From Veins to Bones: SE-RegUNet’s New Frontier in Medical Imaging
- Setronica’s DevOps Mastery: Maintaining and Optimizing Wowcher’s E-commerce System
- How to Use Kaggle Datasets for Research: 10 Essential Steps
