Corporate website that meets the highest security standards

Organisation
Netvlies
The case
Category
Corporate
Client
NautaDutilh
Summary
NautaDutilh is one of the largest international law firms in the Benelux and wanted user-friendly, modern and appealing corporate and career websites in several languages. Since NautaDutilh is committed to maintaining the highest security standards, this was a more challenging project than a 'normal' corporate website.
Project description
With over 400 lawyers, civil-law notaries and tax consultants, NautaDutilh is one of the largest international law firms in the Benelux. Naturally, good corporate and career websites are always important, also for a leading law firm. They are an online business card that create an impression of NautaDutilh as a law firm and employer. NautaDutilh wanted to give the websites a more modern and appealing design that is just a touch more refreshing and colourful than that of most offices.

The user-friendliness on both front and back end was an important concern when choosing the CMS and during the development of the websites. The corporate and career websites must be available in Dutch, English and French, visitors must be able to easily navigate the websites and the 'our people' and vacancies pages must be conveniently arranged and up to date. Furthermore, the user-friendliness of the CMS must be of such a level that in theory, any employee of NautaDutilh is able to manage the content. For this reason, Drupal was chosen.

To ensure that the 'our people' and vacancy pages are up to date, we created links to internal systems. As a result, the list of vacancies is automatically updated on a daily basis and vacancies are placed directly in the Applicant Tracking System Connexys. Moreover, the 'our people' page of the corporate website is automatically updated when someone joins or leaves the firm. This way, the information is always up to date, without anyone having to do this in the CMS every day.

NautaDutilh works with confidential documents and absolute secrecy. This applies to personal and company data, for instance in relation to a possible take-over that cannot be made public yet. Furthermore, law firms are the most targeted sector for cyber-attacks after government and finance. From this point of view, everything that goes on within NautaDutilh must meet the highest security standards. One could argue that given that all publications on the websites are public, the security of the websites is less important than that of the internal system. Nevertheless, the websites must also meet the highest security standards. It must be possible to log on safely and securely in the CMS and potential employees must also be able to apply for a job safely and securely. Furthermore, the links with the internal systems must comply with the highest security standards. If this were not the case, in theory hackers could take advantage of the links to gain access to a lower layer in the security of NautaDutilh. That is why the websites have been designed according to the latest ISO standards and are subjected to pen tests, security audits and intensive monitoring. This ensures that the highest security standards are met.
Challenges
Challenge 1 - Multiple sites and multiple languages
In a short period of time, we had to deliver two websites, available in three languages. That is why we reused the corporate website modules for the career website. The multiple sites and multiple languages in itself were no challenge, but because we had to import from an out-of-date database in different languages, the whole process became much more of a challenge. In the end, we created a once-only import script to link the data from the tables of the old database to the new fields in Drupal.

Challenge 2 - Link with Connexys ATS
Within Drupal 8, there was a Connexys ATS module. For that reason, we created a custom module with which we verify ourselves with Connexys with a verification code of a JWT token.

Challenge 3 - Data 'our people' page
The corporate website includes a list of employees. It is important to NautaDutilh that this list, including contact details and position, is up to date. It is automatically updated every night. The client runs an automatic functionality that uploads an XML file and images to a folder on our server. A custom Drupal module ensures that the nodes are created or updated, if they were already added in the past through a queue worker.

Challenge 4 - Highest security standards
Everything that goes on within NautaDutilh must meet the highest security standards. These standards are stricter and more comprehensive that those that apply to most corporate websites. That is why we are not only a partner for the creation of the websites, but also for the hosting, monitoring and security audits. This means that apart from the 'standard' security measures during creation and maintenance, we perform regular pen tests and scans on the systems, both at the client and at Netvlies. We are continuously in contact with the security department of NautaDutilh on security patching and optimisation. Furthermore, we have developed a fully dedicated hosting environment: protected where possible and accessible where necessary.
Community contributions
For this project, we created two specific modules that we shared with the Drupal community. These modules are an extension of the features module and have been downloaded hundreds of times since the end of 2018.

1. Environment Dependencies
This module makes it possible to enable development modules or uninstall them in production by a single Drush command. - https://www.drupal.org/project/env_dependencies

2. Features config importer
This module copies all the features config/install files to the sync directory and uses the Drupal configuration importer to import the files. - https://www.drupal.org/project/features_config_import
Screenshot