We are moving all our servers to hosting companies and geographical locations under Dutch law. At Firmhouse we’ve always felt very responsible about protecting our customer’s data and that of their customers. This is why for the past two years, we’ve chosen to host our own apps on premise or on virtual servers that we control and configure. As opposed to hosting our apps “the easy way” in the cloud on a public Platform as a Service.
But it’s not enough. Over the past few years, we’ve seen the world changing even more. Our clients and local laws have become more privacy aware. They demand extra care in storing and handling (personal) data. Next year, our local privacy laws will add even more checks & balances. Our personal motivation to take extra care has increased since the revelation of various intelligence agencies and governments having unlimited access to people’s private. We still had some services running under US service providers and hosting platforms, but since the most recent election result over there, we decided: we’ve just got to move.
Moving our full infrastructure isn’t easy, and we’re taking the migration as an opportunity to double down even more on building protected and secure hosting environments. We used to use Heroku and other cloud services for hosting. And while these Platform as a Services are really nice to get up and running quickly, they are also very expensive, and there is no way to be sure about what happens with your data. Especially if you need to enable plugins that are created by and hosted at third-party vendors.
Over time we have been building a set of tools that allows us to extremely easily host and deploy our apps on our own servers or on-premise on our client’s infrastructure. Our open source server management dashboard Intercity is at the core of this. It enables us to host our apps as easy as in any Platform as a Service, without hitting barriers like time consuming manual configuration or the learning curve and maintenance burden of configuring Puppet or Chef. We want to keep things simple and standardized for our team. This also decreases human error and allows us to enforce a hosting setup that uses the most common and also more specialized security features.
Over the next few weeks and months, me and my team will start documenting and sharing our experiences, best practices, tools, and legal frameworks which focus on data protection and compliance to privacy laws. We want to share, because we know that it takes time to double down on privacy and compliance and that it’s a reason why smaller companies are not doing it enough or are not supplying to certain enterprise-level customers. So if you are a smaller/medium-sized business that shares our vision on data protection, privacy, and compliance and you need some pointers and help to implement best practices in your team and tech stack: please follow me and my team. Let’s keep data protected.