Atlantic Business Technologies, Inc.

Category: Managed Services

  • How Much Does it Cost to Build & Maintain a Web Application?

    How much does a custom web application cost to build and host? If you are reading this article you are probably trying to figure out if the application you need can be built at an affordable cost. Use this guide as a web application cost calculator. While there are many variables that can impact cost, the key factors generally fall into three categories: 1) size and complexity, 2) refinements and constraints, and 3) hosting and maintenance. 

    Start with the basics: how to determine size and complexity.

    To determine the size and complexity of your application we need to first define what it’s going to do. The specifications for modern software are often defined by ‘user stories’. These user stories are a simple way to describe discrete functionalities your application should provide, from an end-user perspective, and are often used by developers to define and estimate the effort required to build an application. 

    Let’s use Facebook as an example of a web-based application that most people are familiar with. While Facebook may seem relatively simple to use, it is actually a massive web application with many different functionalities for different users. Describing it in user stories would take a very long time, however, if we stick to its most basic functionality we can use it as a good example. Here are some examples of web-based user stories:

    • As a user, I need to register and create a profile
    • As a user, I need to verify my email address to complete my registration
    • As a user, I need to find friends to connect with
    • As a user, I need to request to connect with friends I find
    • As a user, I need to add pictures to my timeline
    • As a user, I need to post status updates to my timeline
    • As a user, I need to browse my feed from other friends
    • As a user, I need to be able to react (like, love, hate, cry, etc) to posts on my feed
    • As a user, I need to be able to comment on posts on my feed
    • As an advertiser, I need to compare the performance of my campaigns
    • As an organizational social media manager, I need to manage roles for my page

    I think you get the idea. Defining this application in user stories would take a very long time, and producing each piece of application functionality takes a lot longer! With the table below we will try to ballpark the relative size of your application using the number of user stories. When you are thinking of your user stories also think of the relative complexity of each user story. For example: ‘As an advertiser, I need to compare the performance of my campaigns.’ is not the same level of effort as ‘As a user, I need to be able to react to posts on my feed.’ 

    We normally apply a ‘level of effort’ attribute to each user story to help scope the application. In development ‘low’ might mean 5-10 hours, ‘medium’ 10 to 20, and ‘hard’ 50 to 100. Any user story more complex than that should be broken down into smaller stories. For example ‘As a user, I need to manage my profile’ is not an acceptable user story and should be broken down into even smaller pieces.

    Micro (< $50,000) Small($50,000-$200,000) Medium($200,000-$1M) Large($1M+)
    10-15 “low effort” user stories 25-50 “low effort” user stories 50-100 “low effort” user stories 200+ “low effort” user stories
    5-10 “medium effort” user stories 10-25 “medium effort” user stories 25-50 “medium effort” user stories 50+ “medium effort” user stories
    1-2 “large effort” user stories 2-5 “large effort” user stories 10-20 “large effort” user stories 25+ “large effort” user stories

    What’s next? Identify application refinements and constraints.

    With any web application development, you must not only consider what your basic functional requirements are, but also include user expectations and behaviors, i.e. usability, and other constraints such as mission criticality and regulatory requirements in your industry.

    Gain a competitive edge by considering user delight.

    With any application you build, you are most likely facing competition in one form or another – in many cases direct competition, but even if not that, you are competing with your users’ expectations of what an efficient and pleasant web interaction feels like. That being the case, you want to refine your application to not only beat the competition but to also be a joy to use. Therefore, you will probably want to pay attention to usability in the design of your application. Software developers often have a basic idea of usability when developing software, but there’s a big difference between a software interface that basically functions and an efficient experience developed by a UI/UX professional. Here are a few classic UX design failures to illustrate the point.

    Good usability is best built into the design and informed by user research. To add a UX professional or team to your software project might add another DevOps chain5-10% (could be more depending on the nature of the application and how important the experience is). That said, this 5-10% can save you much more down the road in avoided rework and enhanced customer satisfaction and retention.

    Criticality, security, and regulatory requirements directly impact application cost.

    Is your application critical to the daily operation and success of your business, or that of others? Does it deal with health and safety or finance? Does it deal with an industry with regulatory requirements, such as PCI or HIPAA? Do federal accessibility requirements apply? If you answer yes to any of these questions, your application needs to be developed with special requirements in mind.

    All of these considerations will increase your budget significantly; not only through the additional requirements, but also due to the need for testing. All well-developed software is tested continually through the development process with both automated testing and human testing and peer review. Software that is extremely sensitive or critical would have additional layers of testing and security added throughout the process. Normal software development would include a 20% cost for testing and security but on critical or extremely critical software that might grow as high as 40% of the total cost.

    Ensure a smooth run with ongoing application support.

    Designing and developing the application is just the start. Once it is built, it must be operated from somewhere by someone (hosting), and all software needs periodic maintenance such as security updates. 

    What about hosting?

    Hosting alone could be an entirely separate article but we’ll take a quick swag at it based on what you found above. For most web applications we recommend a cloud environment for scale and redundancy. Amazon Web Services, Google Cloud Platform, Microsoft Azure to name a few. Processing cycles, storage, bandwidth, backup, disaster recovery, and other details all add to the cost. With a disclaimer on accuracy for your particular application, here are some ballparks below. 

    Micro  Small Medium Large
    < $100 / month $100-$500 / month $1,000-$5,000 / month $5,000-$100,000+ /month

    Don’t forget application management.

    Applications have an ongoing cost of ownership — all software, especially critical applications, need security updates, periodic maintenance, updates to supporting software and technology, and perhaps testing of backup and disaster recovery. To keep your application secure and performing well, these need to be performed as preventive maintenance, not as an emergency response after problems occur.

    To make sure all these happen, you will want some level of application management, whether that’s internal or through a managed service provider like Atlantic BT. Because you have a custom application your best bet in choosing a managed service provider will be a company that can both manage the hosting of your application and the ongoing application development and support. It’s very rare that you “finish” developing your application. Normally, you continue to evolve and improve your application over the course of the time it is in production. Choosing a managed service provider that has a continuous DevOps chain from development through hosting will ensure efficient, continuous operation.

    The costs of managed services around a custom application could range from 5%-20% depending on how well it was built originally and how many features and requests you want to continue to add as the application is used. 

    Are the numbers starting to make sense?

    This web application cost calculator will help guide you in the right direction for a ballpark estimate. More importantly, it tells you how to approach estimation in general for software development and lifecycle maintenance. If you want a more refined estimate, contact us for a free consultation. We can help you with everything from a quick idea over a phone call to structured requirements-gathering and a detailed estimate process. 

  • Atlantic BT Becomes SOC 2 Type I Certified. What’s Next?

    Services Organization Control 2 (SOC 2ÂŽ) is a thorough technical audit that requires companies to follow strict security procedures. Attaining a SOC 2ÂŽ report ensures that Atlantic BT is providing safe cloud environments for our clients, both protecting their private data and having a plan of action for detected threats.

    While Atlantic BT completed a SOC 2Ž Type I Audit examination on April 1st 2019, we are currently pursuing SOC 2Ž Type II. Our goal is to give clients peace of mind with our cloud solutions, educate on security measures, and continue to stay up-to-date with industry standards to prevent future threats.

    Type I vs. Type II: What’s the Difference?

    SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide. The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design of its internal controls.

    Type I and Type II both involve reporting controls and processes related to five principles: Privacy, Security, Availability, Processing Integrity, and Confidentiality. Atlantic BT is focusing on Security, Availability, and Confidentiality.

    The primary difference is that Type I confirms our security controls at a single point of time, assuring that all of the proper policies and procedures are in place. On the other hand, Type II spans over six months, assuring that these processes are effectively working.

    How Atlantic BT Became SOC 2ÂŽ Type I Certified

    SOC 2ÂŽ Type I is a starting point that paves the way for Type II. Some examples of the measures we took to achieve our Type I certification include:

    • Use of encryption protocols to protect customer data
    • Designing with tiered access for client accounts
    • Ongoing management of capacity demand
    • Required internal training courses to help employees spot suspicious activity

    Skoda Minotti, an international business advisory firm, was selected to conduct the final audit. Atlantic BT received its SOC 2ÂŽ Type I certification after thorough testing and review.

    [pull_quote]We were excited to work with Atlantic Business Technologies from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.[/pull_quote]

    Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group

    What This Means For Partners

    It is a requirement for many companies to work with SOC 2ÂŽ compliant software partners. Businesses handling sensitive data or working in highly regulated industries, for example being subjected to HIPAA compliance regulations, are required to work with SOC 2ÂŽ compliant providers.

    In general, any security-conscious business can count on the rigorous auditing process to hold companies to a high standard.

    What’s Next for ABT?

    Atlantic BT will undergo audits on an annual basis to maintain their SOC 2ÂŽ report and continue to apply best practices by maintaining logs of their application of these SOC 2ÂŽ controls, policies, and procedures to ultimately achieve SOC 2ÂŽ Type II. Committed to quality, we will continue this voluntary process to provide top-notch service and expand our capabilities.

    [pull_quote]The successful completion of our SOC 2ÂŽ Type I examination audit provides Atlantic BT’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line industry standards and best practices.[/pull_quote]    – Matt Lemke, President of Atlantic BT

    We are happy to further discuss our SOC 2ÂŽ certification or help you plan for any of your security needs. If you are interested in learning more about our cloud and cybersecurity solutions, reach out to schedule a free consultation.

  • How to Innovate in a Highly-Regulated Environment

    ABT helped Mutual Drug navigate a highly-regulated environment to provide a modern, user-friendly application which met and exceeded industry standards. Here’s how we modernized this healthcare website.

    Needed: A Secure and Streamlined Ordering System

    Pharmacists and pharmacy managers must maintain an inventory and order replenishment stock, just as any business selling physical products. However, pharmacies have the additional challenge of meeting the regulatory requirements of dealing with controlled substances (drugs that require a doctor’s permission to use). Specifically, any electronic ordering system they build or use must be compliant with the Controlled Substances Ordering System (CSOS) requirements of the Drug Enforcement Administration (DEA). This basically requires pharmacists to digitally sign orders for controlled substances in order to verify the authenticity of the order.

    Atlantic BT’s client, NC Mutual Drug, is a pharmaceutical distributor with $1.2B+ in B2B volume. Their existing system, while CSOS-compliant, was cumbersome to use and required logging in and navigating two different systems. The client tasked us with designing and building a new system that was secure, highly available, fault tolerant, fully compliant with CSOS requirements and, most importantly, simpler and faster to use than their previous system. Achieving these objectives made it easier for the client’s customers to place small orders more frequently, thus reducing the need for bulk orders and product stockpiling.  

    Performing 11 Validations without Losing Your Mind

    Conceptually, the technical challenge was straightforward: enable the standard required use of Public Key Infrastructure (PKI) to manage a system of digital signatures which could then be used to encrypt and ensure the authenticity and security of orders for controlled substances. This kind of technology is often integrated with web applications to facilitate the secure electronic transfer of information for a range of activities such as e-commerce, internet banking and confidential email.

    Straightforward, however, did not mean simple—we had to design, build, and test a robust, scalable, secure system that would perform eleven validations for each transaction, yet be simple and efficient for the user. After working closely with the client to understand all the usability and functional requirements, we proposed a design to meet their needs.

    Following the Rules, Even When They’re Old

    The real challenge was to implement this standard in a way that was efficient and intuitive yet compliant with standards written over a decade ago (and hence technologically outdated).

    Making matters even more complicated, the detailed requirements of implementing a CSOS-compliant system are scattered over 300+ pages of over a half-dozen government documents. On top of that, the final system would have to be certified by a 3rd-party auditor. Given the dispersed requirements and 3rd-party verification, development of a compliant CSOS system could become a very long, expensive process if not managed carefully.

    We needed to design a more modern web application which would perform both the client and server actions on a consolidated platform—while satisfying standards written more than 10 years ago. 

    Solution: Communicate, Iterate, and Evaluate

    To resolve any open questions, early in the process we contracted with an established 3rd party CSOS auditor to evaluate the application. Atlantic BT worked closely with the auditor to share documents and information so they could provide feedback on the development direction. Atlantic BT then performed multiple internal audits and tests to save our client the significant costs of multiple official audits.

    After extensive back-and-forth discussion with the client and the auditor, including a couple of challenges both to the requirements and to the proposed solution, all parties agreed a slight modification to ABT’s original design would meet both the client’s requirements and the standard. We built the system to the agreed-upon design, tested it, and had it evaluated by the auditors, who approved and certified the application as compliant.

    Result: Elegant Compliance Meets Streamlined Usability

    NC Mutual Drug now has a state-of-the-art solution for their customers to easily, securely place orders for their pharmaceuticals, including controlled substances. They can now rest assured they have a much more robust, fault-tolerant, scalable system that can easily grow with them into the future.

    Beyond stability and compliance, a validation process that formerly took 3+ minutes and multiple systems can now be completed in 30 seconds on a single interface. Considering NC Mutual Drug’s  operation runs hundreds of these processes every day, this exceptional boost in efficiency frees up member pharmacists to perform more important tasks to protect customer health.

    Get a more detailed look at the system Atlantic BT delivered by reading our in-depth writeup of Mutual Drug’s new CSOS system.

  • The Top 5 Things You Can Do to Improve Your Website Speed

    A colleague just shared a URL with you, his message reading “you gotta check this out!” The URL promises to lead you to a beautiful new website for a company that created a software tool that could save your life. You eagerly click the link and wait. One, two, three seconds go by as the page struggles to load. Before your frustration gains any more momentum, you close the page. Sound familiar?

    This example illustrates why site speed analysis should be STEP ONE of every conversion optimization project. And as the Internet becomes even more entwined in our work, entertainment, and everything else, your customers will become even less patient for any delay in opening your page.

    Before launching into ways to improve the speed of your website, here’s one key note about website speed: there’s a difference between Page Load Time and Page Interactive Time. Page Load Time means “the length of time until every element on the page is done loading”, while Page Interactive Time means “length of time until the site is usable.” The latter is the more important metric to pay attention to.

    Now, here are the top causes of site-slowing and what you can do to fix them:

    #1: Optimize Your Images

    Large images are the culprit for a lot of the ‘weight’ of many websites. Website weight, for our purposes, is measured in bytes—the fewer bytes the browser has to download, the faster the download can happen and the more quickly your users will see your content. This is a great argument for optimizing how you use images on your site.

    First, it’s important to consider how essential each image is to the success of your website. Well-placed images can communicate loads of information, but make sure every one of them is worth the real estate. Also, if you ever find yourself encoding text in an image asset, stop and reconsider. Text-in-images delivers a poor user experience – the text is not selectable, not searchable, not zoomable, nor accessible. Web fonts are always a better choice for text.

    Once you’ve chosen the most important images for your site, make sure their size isn’t adding a ton of weight for your website to load. There are dozens of tools you can use to adjust image size, but here is a short list:

    • Photoshop – open your image and choose the “Save for Web” option. The program includes an image quality slider so you can see the visual trade-offs.
    • Smush.it – this is a free online uploader that creates a zip archive of your optimized images.
    • Kraken – subscription-based image optimization software.

    #2: Compress Your Website Files

    Compressing your website will increase site speed by reducing the size of the HTTP response. You may need help to address this because both compression and deflation happen on the server side. The most common compression solution is GZIP and fortunately, almost all web servers support it. To see if your website is already GZIPPED, run this simple test: GIDZipTest. If you’re curious about how GZIP works, check out this video by the Google Webmasters themselves.

    #3: Use a Content Delivery Network

    A Content Delivery Network (CDN) is a distributed system of servers which are deployed over multiple data centers across the Internet. A CDN serves content to users from the most highly available server in order to deliver the best performance. This makes a CDN a great speed improvement if you have a high traffic website. Some of the most popular CDNs include:

    • Amazon CloudFront
    • MaxCDN
    • CacheFly
    • CloudFlare

    In addition to serving content from a CDN, you should also serve your static content (images, javascript, and CSS files) from a cookieless domain, backed by a CDN. Why cookieless domains? Every time a browser sends an HTTP request, it has to send all associated cookies that have been set for that domain and path along with it. Because static files don’t need to be accompanied by cookies, you can decrease latency by serving these static resources from a cloud domain that doesn’t serve cookies. You can accomplish this by using Amazon CloudFront or Rackspace.

    #4: Implement Browser Caching

    The browser cache is a temporary storage location on a user’s computer which stores files downloaded to display your website. The user’s browser can display your website faster by retrieving your site’s images, stylesheets, javascript, or multimedia content from the cache rather than having to download all this content again when they come back to your site.

    To ensure your site uses cached files, you may need your hosting provider to help you install a caching solution. Here are the top three caching programs:

    • Redis
    • CloudFlare
    • Memcached

    While we’re talking about hosting providers, it’s worth noting that not all web hosts are created equal. Indeed, many of the top web hosts include all the server-side speed optimization services you need. If you have a decent amount of traffic, skip the budget web hosts and research which hosting provider best suits your needs.

    #5: Minimize Redirects

    There are several types of redirects, all useful when you want to point a user’s browser to a different URL. The most widely used, a 301 redirect, is the preferred way to change your site structure without losing valuable SEO. The downside is that lots of redirects stacked together will confuse the browser, slowing it down as it wades through the old destinations to get the new ones.


    The Lazy Optimizer’s Guide to Accelerating Your Website

    If these steps seem overwhelming, there is a quick and easy path: Google provides expert advice on exactly what’s slowing your pages down and what you should do to fix the issues using its Page Speed Insights tool. Just type in your URL and the tool will ‘score’ your site speed on mobile and desktop.

    On the Internet, things change all the time, and these best practices are no exception. To get the latest and greatest tips on website speed, check out the Google Developers guide. Happy optimizing!

  • How Businesses Can Solve Their Toughest Digital Problems

    Many businesses today are facing some of the toughest digital problems they have ever encountered. The combination of continuous technology evolution and explosive adoption in business have created remarkable challenges for modern executives and business owners. In addition to moving the organization forward, these challenges are sometimes significant enough to threaten basic business continuity.

    A decade ago technology was often contained to individual business functions and fairly rarely exposed directly to customers. Today, that is no longer the case. As the complexity of the challenges has grown, businesses have added dozens of individual systems to perform specific business functions. Unfortunately, these systems are often disconnected and do not share data directly with the rest of the enterprise. And that creates a new set of problems that further hamper the growth of the business.

    The Pressures That Create Tough Digital Problems

    The key factors that are creating pressure for business leaders to continually solve tougher and tougher digital problems are security, efficiency, and customer/competitive demands. The pressures these key factors generate has never been greater and comes at a time when many enterprises are squeezing their IT budgets.

    So how does a business or enterprise become leaner and more agile so they can solve tough digital problems? Unfortunately, there is no easy answer to this question but there are some specific actions an organization should take to remain competitive and avoid putting the organization in catastrophic risk territory such as what happened to Sony Pictures.

    4 Keys to Solving Tough Digital Problems

    1. Commit to making technology a competitive advantage. Technology can either be something an organization deals with because it has to, or something an organization embraces and turns into an advantage. The first step is as simple as announcing the organization’s intention to embrace and drive technology. With clear focus and proper leadership, it will quickly grow from a liability to an asset.
    2. Determine roles and responsibilities. Clearly determine who in your organization is responsible for the overall technology vision. If left to their own devices, individual departments will innovate and solve their own problems. While this is normally a good thing, it can introduce new problems in the areas of  security, consistency and data sharing/integration. These issues are critical to the enterprise and must be managed at the top level.
    3. Take a long-term view.Without clear technology standards and leadership at the top level, each new dollar spent on technology not in line with your long-term vision is unlikely to bring your organization closer to and advantage in technology. It may solve a necessary short-term problem, but it will also push your organization further from any unified technology vision.
    4. Create clear standards and rules for engagement. In the creative world organizations use branding and style guides as a method to create consistency across enterprise marketing and communication functions. Technology standards and rules of engagement, while a bit more complicated, play the same role for technology decisions and implementations. Developing these standards and using them within your organization will bring your technology in line with the vision and reduce the friction associated with technology.

    Once your organization is on the right track, lots of individual digital problems will surface. With the proper organization and framework your business can move confidently forward and each investment in technology is much more likely to create positive ROI. Doing things that are really difficult and getting them right are what lead to enduring competitive advantages. In many cases each successive digital challenge will be made possible by the investment in the underlying framework and the ability to execute and coordinate sometimes complex operations or activities across large swaths of the enterprise.

    Want to Learn More?

    Atlantic BT is trusted to solve the toughest digital challenges for some of the world’s leading companies. Check out our case studies to see some of our recent work and give us a call at (919) 518-0670 or contact us to talk with one of our consultants to see how we can help with the digital challenges you are facing.

  • Set Your User Goals: An Inside Look at User Stories

    Part and parcel to the user experience discipline (and any discipline involved in website creation) is establishing user goals.  If visitors have come to your site then you can be sure that they’re looking to accomplish something, be it gathering information, contributing to a community, or ordering one of your products.

    Clearly defining your user’s goals at the beginning of a project and sticking to them throughout the design and development processes will help ensure that the final product is something your visitors will actually want to use, and hopefully use again and again.

    User Story Examples

    Your goals can be very straight forward, such as “encourage the user become a registered member” or somewhat more abstract like “delight the user so they spread the word about us.”

    In our work here at Atlantic BT we’ve been writing user stories to help guide our project’s along.  User stories are a great tool because our clients, their users, and our team members can easily contribute to them, and they’re written in plain English so everyone can understand them.

    Here’s an example from a recent project:

    “As a potential customer, I’ve been asked to a seminar at the company headquarters. How do I get there, and who do I contact if I need assistance?”

    Seems simple, right?  We’ve gone and defined the user (a potential customer) and their needs (directions and contact information).  Our UX and design team know that including a “Company Locations” page with driving directions on the website is a must.  Our programming team knows that they need to add seminars and events points of contact to emails.

    Here is an example from a new client:

    “I am a doctor and I need to order a prescription and have it shipped to a customer or my clinic”

    This user story helps define what our programming staff has ahead of them, and what sort of user experience interactions will have to be mapped out. This sort of simple story-telling helps prevent patch fixes towards the end of a project.

    User Stories In Practice

    In one of our projects, Johnston Health, we collaboratively defined four important user goals ahead of time. We built the home page navigation around these personas from the start.

    1. “I’m an area resident and I need to find a physician.”
    2. “I’m a medical professional in Johnston County and need to find work.”
    3. “I’m an existing customer and need to pay a bill, and would like to do it online.”
    4. “I’m a friend/family member of someone staying at a Johnston Health facility and would like to send them a card.”

    Of course, the website has other user goals in mind like volunteering, fundraising, and services. By highlighting the most common user tasks and giving them prime real estate space, they are able to immediately address the needs of most users.

    This user satisfaction goes beyond funneling users to information. They are also now left with a good impression of the website and business as a whole.