Posted in Approval Process, Cloud, Workflows

[Gartner] Digital has moved to center stage. Have you?

Digitalization is no longer a sideshow – it has moved to center stage and is changing the whole game.

So says Gartner in a report called “Flipping to Digital Leadership: The 2015 CIO Agenda,” that analyzed data from 2,810 CIO respondents in 84 countries and all major industries, representing $397 billion in IT spending.

Third Era of enterprise IT
Source: Flipping to Digital Leadership: The 2015 CIO Agenda. Gartner

Gartner goes on to claim that existing business processes suffer from legacy inertia and “bad complexity.” IT simplification to enable digital business needs to extend to the entire business stack: business processes, business models and the business ecosystem.

We couldn’t agree more. It’s 2015 !! Cloud is here to stay. Mobile is everywhere. Green is on everyone’s mind. The question of “why digital processes” has already been answered. There is simply no reason for inefficient, complex legacy processes anymore. Yet, we see it everyday – companies that still use paper or email Excel spreadsheets around for the most common yet business-critical tasks like taking a Sales Order, approving a Purchase Requisition or processing a Leave Request.

To paraphrase Gartner again: we’ve moved into a third era of enterprise IT, where digitalization is transforming business models and determining who will win. For those who succeed, the prize could not be bigger.

Want help seizing the digital opportunity? Contact us today.

Posted in Approval Process, Cloud

eBook: Using frevvo’s Cloud for Secure Approval Workflows

girl-cloud2Approval workflows are the lifeblood of your business. Purchase Requisitions, Sales Orders, Leave Approvals, Expense Reports, Employee On-boarding are just some of the routine day-to-day activities that business rely on to function.

[Download eBook]

These approval workflows are typically a bunch of forms that are filled out by customers, employees or partners and routed around the organization for comments and signatures. You’re probably doing it every single day.

So, why are you still sending PDF or Excel documents around by email? Why search through email to find that pending approval? Why print, sign and scan if a signature is required?

Digitize these approvals in frevvo’s Secure Cloud today. Your employees can stop chasing down approvals by email. I’m sure they all have smart phones. With frevvo, they can sign anytime, anywhere and from any device. It’s fast, it’s easy and it’s amazingly affordable.

Download this new eBook and learn how frevvo’s Cloud can help you securely digitize these routine approvals.

Posted in Forms

frevvo 6 – Creating Accessible Forms

Accessibility-cartoonThis article discusses features added to frevvo 6 that enable creation of accessible forms and workflows.

What does accessibility mean?

Accessibility is the ability for users with visual and/or motor impairments to interact with an application. More and more organizations require this and it is a must for any public facing application. Most importantly, it’s just the right thing to do.

For those with visual impairments, applications need to verbally communicate the content being displayed. At a high level this can be broken down into 2 requirements. First is providing a way for visually impaired users to quickly discover the general structure of what is displayed and navigate. In the web space, pages must be constructed in a manner that enables assistive technologies to present this overview and allow users to drill into areas as needed. Second is providing the right auditory cues when users interact with an application so they can grasp context (where they are) and how their actions have altered what is displayed. For example, if a user has changed a form field value to something invalid, visual cues are insufficient.

Accessibility is also about serving people with motor skill issues. For applications used on a laptop or desktop, this requirement distills down to supporting keyboard only interactions. These keyboard interactions should be standard and intuitive or clearly described if a more complex interaction is necessary.

Implementing Accessible Web Applications

Implementing accessible web applications typically requires pages to comply with Web Content Accessibility Guidelines (WCAG). Document structure is key because screen readers like JAWS or Apple’s VoiceOver will rely on the markup to announce content as well as navigate. Javascript behaviors are needed to support standard keyboard shortcuts (e.g. pressing space to click a button that has focus) or announcing content changes triggered by a user action (like flagging an email field when an invalid address is entered). WCAG is large with multiple levels of compliance and various solutions. If you are using a custom application (or planning to build one) for your forms and workflows, your developers may have A LOT of extra work to make the interfaces accessible. With frevvo 6, that burden is removed.

Creating Accessible Forms with frevvo

The first order of business is to open the form or flow in the frevvo designer and check off the Accessible property:

Screen Shot 2015-03-06 at 4.39.41 PM

Some existing user interface behaviors in frevvo needed to change to support accessibility. One example is the signature control. Accessible forms must not require mouse interaction so a signature control now includes a way for users to type their name in addition to writing with a trackpad, stylus or mouse. Rather than just globally change the signature control to include the typing option, we wanted to protect existing behavior and allow designers to explicitly enable accessibility.

Checking off the accessible property will accomplish most of the heavy lifting needed to make your forms accessible however the designer still must play a role in creating a fully accessible form. For example, WCAG requires images and videos to have an alternate text description that can be read to users with visual impairments. In frevvo, these controls have an Alt Text property that the designer can use for this purpose. Another example is specifying values for a table’s summary property and a link’s title property. Using the existing hint and help properties can also go a long way to making your form accessible.  Forms with lots of nested controls (like a table within a section within a tab) while WCAG compliant will create a more challenging experience for impaired users. Keep things simple and consider using workflows to break up one very large form into multiple steps. These are just some examples of what form designers must consider.


There are lots of tools for inspecting html and producing suggestions on what your markup should look like. But the only way to truly test is to get comfortable with assistive technology, close your eyes and test out your forms. frevvo forms were beta tested by users with visual impairments and their input was invaluable. It is very important that you test your forms for accessibility especially since the form designer must play a role.


Accessibility is a key requirement for modern web applications that is sometimes overlooked and can be difficult for organizations to achieve. With frevvo 6, forms and workflows can be designed to satisfy this important requirement.

Posted in Cloud

5 Cloud Computing myths that just won’t go away

At frevvo, we’ve been offering cloud-based solutions5 Cloud Myths for years. IT Departments are obviously getting better and better about understanding Cloud but some misconceptions keep showing up. Here are some that simply refuse to die:

1. Cloud is less secure than on-premise
This is primarily a perception issue. Most security breaches including many recent high-profile ones have taken place in traditional corporate data centers. That’s because most of them have limited security expertise and have difficulty performing regular security audits and assessments. In contrast, security is critical for any public cloud vendor and they implement multi-layered approaches to security taking into account data centers, storage, networks, backups, audits and policies.

Still, it’s important to carefully review and examine your cloud providers’ security protocols and potential risks.

2. The biggest benefit of cloud is low costs
You can obviously reduce certain costs but it’s not the case that cloud apps are always cheaper. It’s almost never just about saving money. Often, the biggest benefit is that it’s easy to try new ways to do things. That’s because you can easily add or reduce temporary resources (costs) without big capital costs and deploy solutions fast. Want to try out a new automated workflow? It takes days to build/deploy and it’s super inexpensive to give it a shot. If it doesn’t work, un-deploy, stop paying and try a different approach. Of course, you have to make sure your cloud provider isn’t locking you into long-term contracts and their associated costs.

3. Public cloud is the only cloud
Private cloud refers to a cloud computing platform/application that is deployed behind a corporate firewall under IT Department control. The main goal is to get past that security perception from #1 above but there can be legitimate reasons e.g. regulations. Private cloud platforms and applications can offer many of the same benefits as public cloud including self-service, resource sharing etc. There is no one-size-fits all when it comes to Cloud.

4. We must have ONE cloud vendor
Cloud is not one thing: there are different deployment models (public, private), service models (IaaS, SaaS) and applications. Business goals come in all shapes and sizes and aligning them with the benefits of a particular cloud solution should be the deciding factor rather than any attempt to standardize on a single vendor’s offerings.

5. If it’s cloud, it must be better
It’s unfortunate that so many vendors engage in cloud-washing – dressing up their old technology as cloud. Cloud applications can offer huge benefits but you still have to design and build your application sensibly, perform the required testing, setup environments, train users etc. You can’t take shortcuts in those areas or you’ll end up with a poorly-performing cloud application.

Cloud computing is obviously growing rapidly. But there are still plenty of distortions floating around about the cloud. It’s important to do the legwork, understand the choices out there and how they can align with your business goals. By making informed decisions, your organization can reap real benefits from cloud computing.

Posted in Approval Process, Cloud, Forms, Misc, Workflows

How SECURE is frevvo’s cloud?

We understand that your data is essentSecure Cloudial to your business operations and to our own success. We use a multi-layered approach to secure your information, constantly monitoring and improving our processes, services and systems.

Secure Data Centers

Our cloud services are deployed on Amazon Web Services (AWS) infrastructure. AWS provides us first class data centers that are designed and managed in alignment with security best practices and a variety of IT security standards, including SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, FISMA, DIACAP, FedRAMP, DOD CSM Levels 1-5, PCI DSS Level 1, ISO 27001, ITAR, FIPS 140-2, and MTCS Level 3.

All of our servers reside in a number of availability zones in AWS’s Northern Virginia region (us-east-1). All customer data, including backups and redundant servers, are located only in the Northern Virginia region. We do not replicate our servers across to other regions either within the United States or internationally. At this point, we do not operate in AWS’s GovCloud region.

Secure Data Storage

All our data at rest, including our databases, backups, read replicas and snapshots, are encrypted before stored.Since we leverage Amazon’s Relational Database Service (RDS), our employees have no direct access to the actual database servers, which is fully managed by AWS.

Secure Data Transfers

Connection to our environment is done via TLS cryptographic protocols, ensuring that our users have a secure connection from their browsers to our services.

Individual user sessions are properly identified and verified on each transaction using a unique token created at login.

Secure Network

Our servers are deployed in a secure Virtual Private Cloud (VPC) network divided in a public and a private subnet. All server processing and data storage takes place in private subnets with no direct access to the Internet. We also have strict firewall policies between the public and private subnets, making sure that traffic can flow only in specific directions, to and from specific ports, including strict firewall policies between the application application and database tiers.

All traffic flowing out from our VPC goes through NAT instances which protects internal IP addresses from external hosts.

We also make sure only a single bastion host can access our internal servers for management purposes. This bastion host has a completely different IP address than our public IP addresses.

Our servers receive daily security patches to make sure they remain secure from new exploits. Password access to our servers and remote root logins are both disabled.

All AWS API access is audited to a secure write-only storage.


Backups are encrypted and performed daily remaining available for up to 35 days.

Security Policies

We centralize all our EC2 security across accounts using standard IAM policies. We implement fine-grained security controls and follow the principle of least privilege. Multi-factor authentication enabled on our master AWS accounts and master credentials are locked away and are not used for routine operational tasks.