Depending on your level of knowledge about the specifics of website development, the process can seem like a black box. Having a good working knowledge of the parts involved can save your company from ending up in a situation, months or years down the road, where you find out you don’t have access to or even ownership of certain parts of your website or data.
In this edition of Plain Talk, we’ll discuss the most important facets of website ownership. We’ll outline the items you absolutely must control to ensure your company’s website is completely under your control.
- 1. Domain Name Ownership
- 2. Hosting
- 3. Programming Code
- 4. Access
- 5. Security Controls
- 6. Analytics
- Get Expert Help With Website Ownership
1. Domain Name Ownership
Domain ownership is the process of acquiring a domain name for a website. The domain name is the address of a website on the internet (for example, priceweber.com). You purchase domains from a domain registrar. The registrar is the entity that sells internet domains and registers them in an appropriate second-level domain name registry.
When someone purchases a domain, they decide who the actual owner is, who the contacts for the domain are, how long it’s registered for and whether it automatically renews itself at the end of the paid registration period.
This process not only allows the purchase of the domain name but also provides the necessary network connections to associate the name with network addresses. These are similar to the phone numbers of the servers responsible for hosting the website, e-mail servers, and more.
Nothing else matters as much as ownership of this initial property. If a person, agency, or online service offers to register your domain for you, then THEY might actually own the domain or have sole access to its details. A member of your organization you trust should always register your domain in your company name.
2. Hosting
A host is a website’s home on the internet. It is where all the web pages, data and other content are stored. Hosting a website is on a physical server inside your company’s office network or some other facility that houses the server and provides connectivity to and from it to the internet. Depending on your company’s IT infrastructure, hosting can also be provided on a virtual server that exists in the cloud. In recent years it has become far more cost-effective for most companies to choose cloud hosting. This is due to the flexibility in scaling the computing resources and low upfront investment.
With all that said, your company may have neither of the above options in place. When you hire someone to build your website, they may offer to host the website “for you” on their server or cloud environment. The thing to watch out for here is to make the choice where your company has control at the account ownership level.
A little information about cloud hosts
There are different types of hosting accounts: most notably shared and dedicated. Shared hosting accounts are cheaper, but they don’t offer as much control over your website. This means you might not be able to make changes to it or upload new content as quickly. A shared hosting account is also, as the name implies, shared with companies on the same server. This can lead to problems if one or more of the sites sharing the host’s resources is very busy or has an issue that can affect the performance of the other sites on the server. Dedicated hosting accounts are more expensive. However, they give you more control over your website and speed up access to it. Some of the main factors in choosing a cloud hosting provider are security, reliability, pricing and performance.
3. The Programming Code
Code can be delivered in two main ways: non-proprietary (uncompiled) and proprietary (compiled). Both will run your website, but only uncompiled code is completely editable if you need to change something about it later.
Non-proprietary code is a set of instructions that can be executed on any similar type of computer, regardless of the specific setup of the hardware or operating system. The two most common types of operating system stacks are the Microsoft OS and the Linux OS. Most website programming code runs on one or the other of those two stacks. In the general sense, all you should need to know about your website code compatibility is which of these two stacks it runs on. Then, you can choose from a myriad of places to host it. Non-proprietary code provided to your company for either scenario ensures your website is portable to another host should the need arise.
In contrast, there is proprietary “compiled code.” This refers to a computer program that has been translated from its original human-readable programming language into a machine-specific language—think zeros and ones. This translation process, called compilation, produces an executable program that runs on the intended host but cannot be changed easily or even at all in some cases.
The main disadvantage of compiled code is that it cannot be changed once it has been compiled into machine-specific instructions. Uncompiled code can be changed because there are no limitations on what can be done with it as long as the programmer knows how to do so. You should always make sure that the company or individual programming your website contractually agrees to provide you with the full uncompiled code should you ask for it.
4. Access
Even if you own the hosting contract for your web server, you will most likely appoint individuals who are building your website with the ability to create and adjust access methods to the host server. The ssh and sftp protocols are two of the most popular protocols for remote logins. They often connect to a server or a remote computer system. They are used for file transfer and can be used for other purposes as well. Similar protocols are used for database access and, in some enterprise cases, for access to a network security device in front of the web host.
If possible, you want your company to own and control the highest level of access to your server, database and security devices. These are set up when you acquire the contract for a host or virtual server. The highest level of access is often referred to as “root” access. An administrator with root access can do anything and everything to a server. Share it only with employees and partners you trust. The best practice is to use the root account to create other user accounts for ssh, sftp, etc. These have the needed level of access to be given to the people or company working on your website, but don’t have the power to remove your root access to the server.
The same principle applies to a CMS (Content Management System) but with less ability to retain a type of “root” control. State in your agreement with your website builder that he or she gives you a user account within the CMS software. This has the highest level of control over the configuration of the CMS.
5. Security Controls
The security of your website involves certain items you need to understand and take ownership of. In this article, we won’t discuss some of the enterprise-level security options, such as web application firewalls, because they are less common to manage at a granular level. We’ll focus on the common elements that you need to keep your site running securely.
SSL security certificates are one of the most important tools for online security. They encrypt data that a web server and a browser send between each other, ensuring that any third party cannot read it. They also help in verifying the identity of the person on the other end of the connection. Having an SSL certificate that is NOT current and valid causes your site to be flagged by browsers. Search engines and will greatly deter your visitors from being able to access your website. Therefore, it’s important to have ownership of the certificate and the process for deploying it to your web host. Both of these come standard with a good Cloud Hosting Service Provider.
SSL certificate lifespan
An SSL certificate has a lifespan. The lifespan of an SSL certificate depends on various factors, such as:
- How often it is used
- The type of certificate
- The level of security it provides
- Whether it has been revoked or compromised
Other security factors to make sure your company has the highest level of control over are the authentication methods and administrator user account review process.
Many companies use a single-sign-on (SSO) and/or a two-factor authentication process for their websites and apps. SSO means that users can provide the same password they use for another company system to access the website. Two-factor authentication means that users need to provide two separate pieces of information to access their accounts, such as a password and a code that is sent to the user’s phone. Both of these options require the use of third-party software that is important for your company to own the contract for and the highest level of control of. Not having control of either of these could make your website inaccessible until someone can disable these features.
Your company should regularly review who has administrator-level access to the server and to the CMS for your website. They should also review who has access to the website’s code and configuration files. Some of these people may not need this level of access, so they can be removed from the list. Your company must also periodically review all other accounts that have any type of level access to the server, database or CMS. Make sure that they still need it or if their privilege levels can be lowered or removed.
Basic vulnerability scanning
Another aspect of website security that your company should have in place and have ownership of is basic vulnerability scanning to monitor for malware that can damage your site’s reputation or cause a data breach. Malware is a type of software that causes problems with or damage a computer system. Malware can be classified into different categories, such as viruses, worms, trojan horses, ransomware and spyware.
Website malware scanning is the process of scanning websites for malware and other security risks. The purpose of website malware scanning is to identify any potential threats that may exist on the website. Website owners should use this process to make sure their website is safe from malicious attacks and threats.
Availability monitoring is another best practice that identifies an outage of your website caused by hosting issues or code errors. Many website administrators believe that if they don’t see any errors in their logs, then everything is okay. However, this is not the case. Errors can happen without being visible in the logs and without the administrator detecting them.
In order to avoid this problem, it’s important to keep an eye on your server and make sure that there are no issues. One way of doing this is by using a monitoring service.
6. Analytics
Last but not least is analytics. To accomplish this, integrate Google Analytics into your website from an administrator’s Google account. Google Analytics (GA) is a free web analytics service from Google that generates statistics about the visits and traffic to websites in detail. Do this through the Google Control Panel.
The Google Analytics account owner has full control over which data is collected and how it is analyzed. This person also has the ability to grant access to other users who share and configure the analytics data. Your company should own the parent account for Google Analytics. In the event you change developers or move your hosting, there is contiguous information being fed into your analytics master account.
Also, be certain your site has GA4. GA3, commonly referred to as Universal Analytics (UA), will disappear on July 1, 2023, as Google phases out the support of third-party cookies. GA3 uses measurements based on sessions and pageviews, while GA4 instead uses a measurement model based on events and parameters.
Get Expert Help With Your Website Ownership
A website is a complicated orchestration of many dependent elements. It’s very important that your company maintains control over the administration and access to those elements as much as possible. What we’ve covered in this article are the main points to consider, but depending on the application, there can be others. It’s essential to choose a website development partner that works with your company to accomplish the things we’ve discussed here with transparency and a contractual agreement to work on your behalf.
At PriceWeber, we pride ourselves on being a trusted partner who empowers our clients to achieve these goals. If you have any questions regarding anything we’ve covered here, feel free to reach out to us for a consultation at 502-499-4209 or drop us a note here, and we’ll be happy to help.
Our Articles Delivered
Signup to receive our latest articles right in your inbox.
