Post Mortem Discussion
Check out photos of this project
Check out architectural diagrams of this project
What was the problem to be solved?
This client was in an industry that involved recruiting employees from other firms.
It was a sensitive process, which required Gunner to sign an strict NDA to tackle the project.
Because of the sensitive nature of the communications, this client wanted to have a way that there would be no trace of the communication and would not require the other party to install an application.
"We're not usually in the business of poaching employees," Gunner Technology CEO, Cody Swann, said. "But it made since. Potential recruits didn't want any trace that they were being recruited or entertaining going elsewhere because they could be terminated and lose their clients. This app would allow our client to confidently tell their targets they were safe."
What was the proposed solution?
Additionally, the initiator of the conversation would choose a secret key which would be used to encrypt the conversation at REST and in transit.
The key would need to be communicated verbally and the other party would have to decrypt the text in the chat.
The messages would be sent - encrypted - over SSL sockets directly to the other recipient.
What challenges arose during the project?
What was the technical approach to the project?
AWS Amplify made managing this setup easy and replicable.
The Lambda function simply passed the message as is to the other client where the message was unencrypted using the shared code word.
The two endpoints didn't even need to be on remote servers.
A local HTML file that included the necessary scripts could be used as a client.
"It was quite clever," Swann said. "I wish I could take credit for it, but this was the brain child of the whole team. In the end, we had a system where messages where so Secure, even we couldn't decrypt them. Even if we were subpoenaed, we couldn't tell what was being sent between the two clients."
What was the project management approach to the project?
The team generally allotes half time for end-user testing and final deployment, so if a project requres two months of development, the team will estimate three months total for development, testing and launch.
What platform was built for this project?
Jest was used in the deployment pipeline to run unit and integration tests against the code base and any failures would halt the deployment process.
What did you learn from working on this project?
The team learned how to affordably implement web sockets without a server, which Gunner has applied to a number of other projects since then.
How did this project benefit the client?
Because of the NDA, Gunner is not allowed to give away specific usage statistics of the app, but the firm continues to use this product today.
Why was Gunner selected for this project?
The firm was attracted to Gunner's experience with HIPAA.
The team had also created a similar encryption scheme for another client, The Red Notebook.
Additionally, the team had enough time to build a prototype to demonstrate our proposed solution.
What tools, techniques and methodologies were used on this project?