The world is full of trade-offs. You might want a car which is both sporty and fuel efficient, or you might want a website which is both low-cost and fulfils your company's exact needs. There is certainly a wide range of off-the-shelf web products which offer a wealth of features at a low-low price. As the Internet has grown, the number and range of these products has grown, each one created to cater for a wide range of uses and scenarios. You may be lucky enough to find one or more low-cost off-the-shelf web products which suit your current needs. However, in our experience, all but a few of these web products expose their users (ie you) to risks which can jeopardise your company's ongoing online presence.

The mass market effect

Off-the-shelf web products are created for a mass market, much in the same way as Microsoft Office has been created for a mass market. It's unlikely that any one person ever uses more than a handful of the features available within Microsoft Word, but over time we've learned to ignore the superfluous menus, options and wizards which make up the entire package. The same is true of off-the-shelf web products, but your website users are unlikely to have such a solid grasp of even the most widely-used off-the-shelf web product.

We believe that there is a real risk that both your end-users and your administrators will be overwhelmed by the sheer flexbility and range of options available from an off-the-shelf web product. In reality, many of your users and administrators require a much more restricted user interface with simple, appropriate options being presented only when those options help your users in achieving their goal - booking a room, publishing a new web page, etc.

The security angle

Many off-the-shelf web products are available as free downloads from the open source community. While we recognise the huge amounts of time, energy and good will that have gone into developing open source web products, we are also concerned for end-users of such systems. Because these products can be freely downloaded and inspected, malicious computer experts are free to pore over these systems line-by-line and work out ways by which these systems may be compromised. When a vulnerability is found, it is quickly exploited and published over the Internet, and within hours a wide range of ne'er do wells from anywhere in the world may have unwanted access to your website content and data.

While all websites are vulnerable, we believe that off-the-shelf web products are particularly vulnerable to large-scale targetted attacks. The developers of mature off-the-shelf web products are well aware of the inherent risks of such an attack, and develop their products as defensively as possible. However, the reality is that new vulnerabilities are frequently being found and exploited, sometimes with far-reaching consequences. Thirdrock knows how to develop secure sites which are not exposed to such potential large-scale attacks. (We don't want to scare you, but this kind of stuff does happen...)

Custom integration

Off-the-shelf web products necessarily focus on a subset of functionality which is unlikely to cover the entire range of functionality that your company requires from its website. A content management system such as Wordpress, for example, may be great at helping your company manage its website content. However, it is unlikely to provide the best way to display your online product catalogue or guide your end-users through a complex self-service business process. If your website needs to provide any level of custom functionality to your customers or administrators, you need to ensure a smooth application flow between website content and any custom aspect to your site. It is important to maintain a consistency of both look and feel to ensure that your end users don't become confused and leave your website before they have fully engaged with your company's offering. Thirdrock has a great deal of experience in designing and implementing application flow, both at the user interface level and at the system level.


Assuming that your company is financially viable and that you have invested heavily in equipment, personnel and developing your customer base, we'd encourage you to think twice before exposing your company's reputation to the world with a badly-fitting website which fails to impress, retain or maintain the data security of your customers and internal users. With over 20 years' experience, we know what works and what doesn't work, so feel free to get in touch and ask us how we might be able to help you.