We hate to break it to you, but if you’re wondering if your content management system (CMS) is being targeted by malicious hackers, you should know it probably is.
In studies of online security breaches, it’s been discovered that the time to detect a breach within an organization is usually over 200 days. And when these breaches are detected? It’s usually by an external party, not the organization itself.
If you run a website, ecommerce site, or marketing department you likely know what a Content Management Systems (CMS) is. CMSs are applications that help manage content by allowing multiple users to create, edit and publish web content. Love/hate or indifferent about it, they are the Operating Systems for your website, and just like the operating system on your laptop or phone, they need constant care, like patching, security updates, and upgrades. I want to talk specifically about the security part today.
Where to Start
Don’t know if your customers’ data is secure? Are you panicking that your website could be defaced, leading to reputation damage? We all worry about the risks that we face as website ‘owners’. That said, most attacks and incidents are well known and can be easily protected against.
The move to cloud by business is nothing new and seems to be an inevitability. A recent survey of I.T. professionals showed 94 percent use cloud, and public cloud (AWS, Azure) adoption is 91 percent. Two things the recent pandemic has accelerated are:
You’ve painstakingly architected your Sitecore 9 installation on PaaS. You’ve gone to all the trouble to think about scalability, usability, portability… all the -ITYs. But what about securITY?
Imagine you’ve been tasked with riding a unicycle across a tightrope. It sounds difficult, right?
In Tech, we are constantly in a game of ‘catch-up’. Rapidly developing technologies seem to pop up out of the ether whenever you’re not looking. In addition, startups keep moving the goalposts on what it means to be agile so it’s very easy to feel as if you will never catch up. Advancements in cloud services (AWS, Azure, Firebase), CMS (Drupal, Wordpress, Joomla), and low-code solutions (Squarespace, Retool, Zapier) have redefined the landscape.
You’ve likely considered hosting your website in the cloud, on a platform like Amazon Web Services (AWS). AWS has a shared responsibility model, which means you’re still responsible for securing your website. AWS handles the security of the hardware and data centers, but you’re responsible for securing your code and user data.
In today's environment, secure development is a must. Secure SDLC practices do exist. However, some are more geared toward a waterfall style development process.
Paste your code here, then highlight it and select "Pre" from the dropdown