Brilliant Thinking

Contents

Marketing - it (usually) starts once the site is launched (notwithstanding any pre-launch campaigns of course).

However, the marketing plan is a key tool in understanding the needs of the website before design and development begin - the plan helps identify the demographics of your target audience as well as possibly indicating traffic volumes or targets. This information feeds into the user interface, graphic design, site engine, hosting and infrastructure components so that the right systems are designed and built to meet your needs and your audience’s needs.

I am not going to get into a discussion of which marketing channels you should use because there is no hard and fast rule - except to say that you should look at all the channels and decide which will be best for your site, from online communities, through video blogs, podcasts, search engine optimisation, traditional advertising or even targeted mailshots and postcards.

My partner runs her own business - it’s an exclusive personal shopping business with a small but very important client base. They are the kind of people whose buying patterns aren’t the same as the rest of the general population, they buy based on different paradigms. It is true that they do use the Internet, but not in the same way as the “majority”.

Today, I took a call for my partner from a search engine optimisation company. They call my partner’s company periodically touting for business, and it’s usually quite polite. Here’s a typical conversation:

SEO: “Hello, I’m Mr Smith from SEO Company. We have been looking at your website and noticed you aren’t being found in the search engines. We’d like to send you a free report that highlights our findings so that you can see how to improve your search engine results and get more traffic.”

It’s at this point that the call is usually transferred to me since we look after the web side of things.

Me: “Many thanks, but we’re not looking to increase the number of visitors to the site. The service is aimed at a small number of clients and we only take on clients through word of mouth and personal recommendation.”

SEO: “We see that you’re not appearing in the top results for phrases such as ‘personal shopper’, and our free report can help you improve this and achieve a high ranking for a number of phrases, including ‘blah blah blah’ and ‘an other phrase’.”

Me: “Thank you. However, the personal shopping service is bespoke and clients are effectively ‘hand picked’ and so additional search engine traffic is not necessary. We’re not looking to generate volume sales through the website so do not need SEO.”

SEO: “….”

After 2 or 3 rounds, the SEO company I am referring to get the point that we don’t even want the free report (which will try to sell their services of course) and usually politely end the conversation and we both go about our businesses.

However, today, the SEO representative - and I don’t know if they were sitting in a call centre somewhere doing cold calling, or were actually in the company offices - was of a different breed and left a very sour taste in the mouth.

It all started quite politely …

SEO: “Hello, I’m Mr Smith from SEO Company. We have been looking at your website and noticed you aren’t being found in the search engines. We’d like to send you a free report that highlights our findings so that you can see how to improve your search engine results and get more traffic.”

Me: “Many thanks, but we’re not looking to increase the number of visitors to the site. The service is aimed at a small number of clients and we only take on clients through word of mouth and personal recommendation.”

SEO: “We see that you’re not appearing in the top results for phrases such as ‘personal shopper’, and our free report can help you improve this and achieve a high ranking for a number of phrases, including ‘blah blah blah’ and ‘an other phrase’.”

Me: “Thank you. However, the personal shopping service is bespoke and clients are effectively ‘hand picked’ and …”

But I didn’t get to finish the sentence today …

SEO: “So, why have you got a website then?” He cut me off and questioned the business model. I suspect this was on the basis that he couldn’t figure out how to get a sale based on my polite refusal and thought that by wrong footing me he’d maybe spin a sale.

Me: “Because prospects still like to see that Street Chic is a credible organisation even if they are recommended to us personally.”

SEO: “So, you need to increase your rankings for ‘personal shopper’ so that you can generate more leads.”

Me: (still polite, but now frustrated that the usual 2 or 3 exchanges didn’t conclude the conversation): “No, we don’t. Our clients purchase a service such as ours using completely different criteria to online shopping and our marketing strategy does not require any SEO components in order to reach them effectively. I’d like to …”

I didn’t get to finish:

SEO: (muttering) “right then” (click)

It sounded as if he was saying something else under his breath as the receiver went down - I couldn’t quite hear - but he was not happy and definately the candiate for “worst telephone manner during a cold call.” He was aggressive, rude and disrespectful - all in the space of 3 minutes - to a company he was trying to win as a customer.

And this is where the question of branding comes in. This experience with this individual reflects directly on the brand that the SEO company is trying to build. In the past when they had called I had a mental note that, maybe, I might use them in the future for a client project if that client fitted the profile of their company’s SEO offering. However, this representative has completely undone any goodwill and completely undermined the brand experience to the point that I will actively avoid them.

A brand is much more than a logo, a picture or a design. It’s a whole company philosophy that appears at every touch point for that company. I wonder what his briefing was like? Maybe something like:

“Get as many free reports out as you can. Don’t take no for an answer. Use any method in the book, as well as some that aren’t, but get the free reports out. We’ll worry about converting them later.”

If that’s how they plan their own sales process, what does this say about how they plan their SEO campaigns? Could it be inferred that it is by the same scatter-gun approach and they’re only interested in the numbers rather than the results? That may be a leap of faith to some, but in my mind this is how the company’s brand is now perceived (remember too that his sales pitch was more concerned about visitor numbers instead of targeted visitor numbers?)

A brand is a sensitive object and all representatives - even call centre operators - must be aware of the core principles in order to communicate the brand effectively, even if they don’t make a sale.

As an aside, there is a good tool from Market Leap (not the people who called) to check your website’s visibility for different search terms. You can find the “keyword verification tool” here. They also have a good incoming link checker.

Contents

Smaller businesses often think about maintenance after the site is built. However, it should be considered before the site is built so that there are no surprises later on. There are 2 options when it comes to maintenance - do it yourself, or outsource it. So, which is best?

Outsourcing

Some businesses shy away from outsourcing maintenance because it can be an unknown cost, plus there can be issues with availability of the web agency to make the changes. Often, the availability issue is due to the client’s fear of a proper support agreement and the client deliberately avoids having one. Without a support agreement, there is no guaranteed resource when the client requires it (see Why do I need a support contract?).

Do it yourself

The other option is to do it yourself. Unless you are a developer, wish to train as one or employ somebody in this capacity we would recommend that you look at the option of content management systems (CMS). These may cost slightly more in the build phase of the project, but a CMS will save you many headaches during the live phase of the project. The main reasons for this are:

• A CMS separates your content (words and pictures) from the coding of the site
• A good CMS allows you to add and delete sections and sub-sections
• A good CMS maintains the integrity of the site

Without a good CMS, you are required to edit the whole page, which allows you access to the code and structure of that page. If you make a mistake you risk breaking your site, for which you will need to call on your web company to fix it. While systems such as Adobe Contribute offer inexpensive alternatives for CMS, they should be used in conjunction with your web company because you will need some support if you need to add/change the structure.

See also Clients, Content Management & Brand.

So which is best?

Unfortunately, there is no answer to this one - your situation will dictate which works best for you. Some people find outsourcing through a support agreement works best, while others like the immediate control a CMS offers. The choice will also be affected by the way your web company works. For example, we are moving towards fully content managed sites by default, with less emphasis on support agreements for general content maintenance.

The bottom line is to make sure you think about maintenance before you build the site - if your web company doesn’t raise the issue, make sure you add it to your list of things to discuss!

My background in the Internet stretches back to 1996, and since then I have observed many trends start, develop, and come to an end. Looking at the evolution of an organisation and its web presence (in a similar sense to the SW-CMM - software capability maturity model), we can abstract a generic model for the “maturity” or evolution of a company’s web presence. This model can be mapped onto a simple graph which can be used as an indicator to highlight the level of complexity (and thus cost) of the required web solution. I call it the Internet Maturity Model and it looks like this:

Level 1: Organisations generally start with email as their first involvement with the Internet. It is a business critical system and relatively straightforward to set up.

Level 2: The next step is usually to create a marketing website - an on-line brochure - advertising the companies services and providing a means to contact them.

Level 3: Some companies need to trade on-line, providing catalogues of items which visitors can purchase with their credit cards. Trading can take a number of forms, but on-line shops are the most common.

Level 4: The fourth step is to start to automate some of the company’s processes and translate them to the web. These can range from accounting processes, to recruitment, to property management, in fact almost anything that can be done in a series of steps. There are many challenges here - including the nebulous change management - which is why it appears as almost the most complex step on the chart.

Level 5: Business transformation - or finding new ways to solve old problems - is the most complex step on the chart because it can often require the use of new methods, technologies or techniques that may not be fully proven.

A third dimension to the Internet Maturity Model

The above presents a very black and white view of where an Internet solution sits along the spectrum of maturity or complexity, but there is a third dimension (or vector) which needs to be considered when designing a solution - the people who are going to use it.

The technical ingenuity that can been built in by the creators or developers of the system quite often baffles the person who is going to be using the system which creates negative results. You only have to ask these same users about blogs, podcasting, RSS feeds, wireless systems, blue tooth and edge devices and you can watch their eyes glaze over in terror!

This “People Maturity” (their awareness of and comfort with technology) needs to be taken into account before designing a solution. If their “maturity” cannot be accommodated in the desired level of application, it may be better to reduce the desired level until the users are ready for the next step.
(This article was originally published around the turn of the century on our main website and has been moved to the blog for posterity).

Part of my early career was spent in Quality Assurance (QA) looking after divisional software and hardware procedures and auditing very large private and public sector projects. Before moving on to lead similar software development projects, the time in QA taught me much about the benefits of standards and the importance of appropriate processes. Later in my career - as a business consultant - I was to revisit this when I spent some time as a Software Capability Maturity Model (SW-CMM) assessor.

From an objective viewpoint, the body of knowledge that has been refined in the IT industry is invaluable to how we should build systems for the Web and, although the Web presents us with additional challenges, many of the principles from the body of knowledge are as applicable today as they were 20 years ago - just because the Web appears to be different, it doesn’t mean we have to reinvent the body of knowledge, just refine it further to encompass the additional challenges.

Looking specifically at Web applications (i.e. websites, whether Internet, Extranet or Intranet), the greatest risk for any organisation using them is one of security.

Open Source software is potentially more vulnerable to security attacks than proprietary software because the code is openly available to everyone - including hackers who can find and exploit security weaknesses to their benefit (I think of these people as “test teams gone bad”). However, one of the benefits of Open Source software is that there is a wide community of supporters who find, report and fix any problems that are found, and so resolutions for security problems are usually quickly implemented but require regular upgrades to benefit from them. This is not to say that Open Source is a bad choice - it is often an excellent choice - but clients (and agencies) need to understand and balance the risks before making decisions about which systems to use. Unfortunately, there does not appear to be a uniform standard for assessing the maturity of a web application.

In the SW-CMM there are 6 levels of maturity, from zero (meaning none) through to five (being the highest level). The level of maturity is applied to the organisation that develops the software applications, and is based on the processes that are followed and the systems that are in place. The theory being that the more mature the organisation on the scale, the more robust the application should be. However, this is not a direct relationship, only an implied one.

If we were able to apply the principles of the Capability Maturity Model to software applications (in general) and Open Source Software applications (more specifically) we would be able to develop a solid foundation for assessing the maturity of the software product itself. We could then compare this with our own requirements and so decide if the product is a suitable fit to the overall project aims.

Projects such as Sourceforge.net provide an indication of a product’s development stage (release status) by indicating whether the product is in planning, in development, at alpha release, beta release, etc. To the casual observer, it is unclear exactly how products on SourceForge reach these status levels (I only spent 10 minutes looking for it, but I would have expected to be able to find it quickly). Unfortunately, the release status does not tell us how secure the product is, and since security is the greatest risk on the Internet, it should be embodied in a product’s maturity rating, or be a separate rating in itself.

What I would like to see is some form of Security Maturity for released products - particularly Open Source - but also proprietary (Windows is well known for its vulnerabilities yet the source code is not openly available to the general masses). The question is then one of how to measure it.

Websites such as Security Focus provide long lists of security vulnerabilities of Open Source software produced by a myriad of organisations. However, there is no abstraction of this information into a relative score that can be used as a tool for pre-selection of applications based on project requirements.

In my opinion, the metric does not need to be complex.

The key piece of information is the list of bug reports for an application. These would need to be classified as “security related” and “non-security related”. Security related bugs would then need to be quantified against a standard list of security errors, for example cross-site scripting vulnerability, SQL injection vulnerability, code injection vulnerability, filesystem vulnerability, authentication vulnerability, etc. Each one of these classifications would have a defined impact according to the SMM standard. By counting the number of vulnerabilities of each type we would have an idea of the current security status of an application. However, if there are no current vulnerabilities, this does not mean the application is not vulnerable. It just means we haven’t found the next weakness.

Consequently, we should factor in both time and the number of installed versions of the application into the formula.

When the number of security vulnerabilities increases over time, this suggests that the application is more vulnerable and so the security maturity would decrease. If the number of detected vulnerabilities decreases over time, we would infer that the application is more secure. The reason for this is that if we are detecting less vulnerabilities across the installed user base, we can assume the system is more stable and less open to security vulnerabilities.

When an application is young - ie only recently launched and/or with very few live installations - it would be difficult to assess the security maturity accurately because it would only take a few vulnerabilities to radically alter the security maturity score. For this reason, young applications (defined as, for example, less than 1 year and/or 500 installations) would only warrant a bracketed rating as an indication of the potential security maturity because of the potential fluctuations that a few vulnerabilities would cause in the value.

I think a methodology of this nature would give much greater confidence for teams or organisations looking to select an off the shelf application, but it relies on software producers being open about the security maturity of their application. For professional organisations, this should be a benefit and a unique selling point, and for Open Source organisations it helps people make a decision between the Open Source system and a similar proprietary one.

By creating a level playing field (an equal Security Maturity Model standard) for all applications, Open Source and proprietary alike, we cut through the misinformation that we often find in the Internet. Open Source applications often have much higher numbers of installations compared to proprietary rivals (for example bulletin board software), plus the Open Source versions are discussed at length (both good and bad) in public forums. However, the proprietary products have smaller user bases and often don’t have the public presence. Consequently, searching for information on bulletin board software can easily bias a decision one way or the other because there is no way we can measure either product equally.