WCMS Security – How Secure is Your Site?
As more and more enterprises assume responsibility of their own web properties and rely on some kind of WCM solution, security is of course one major concern that is on everyone’s mind. The potential loss from not keeping your software up-to-date with the latest security fixes and updates can be enormous. You need software that has a secure reputation in the market and can give you peace of mind that your most critical online business assets are safe…
Security Beliefs @ DNN
One of the most important aspects of what we do at DNN Corp is make sure we have done everything possible to ensure we are protecting your data and website content to the best of our abilities. With this in mind, I want to surface some interesting data points to iterate the strengths of DNN as a highly secure web platform, and to educate you on how the DNN Product Team safeguards the security of your websites.
DNN has had a formal security policy and related procedures in place since 2005. The policy was created and released with a goal of making our security philosophy and practices publicly known to all of our users and customers.Our colleagues at Microsoft supervised the writing of the policy; making sure it was in line with industry standards and Microsoft's standards as well. (http://www.dnnsoftware.com/Platform/Manage)
With regards to keeping our clients "in-the-know" when it comes to security, we believe in full transparency… any time a security vulnerability is discovered and verified, we will publicize the details of the security risk, its severity, type, etc... We maintain a database of all security vulnerabilities as well as the DNN version(s) that are susceptible, and we make this information available through our Security Center (http://www.dnnsoftware.com/Platform/Manage/Security-Center). The database is integrated with DNN's Update Service so that site administrators are notified immediately of those security risks via the product's user interface so they can take action if need be. In addition to our responsiveness, we take extensive proactive steps to ensure our platform is as secure as possible. Steps like regular security reviews and testing against the platform, staying up-to-date with data from industry-leading security agencies and also by having independent third party agencies running their own security audits against DNN, using both automated tools and other expert security agencies to keep DNN as secure as possible.
In Good Company
One way of understanding how secure a WCM system is, would be to see who is using the product currently, and why they believe it's the best choice. One of the most tell-tale clients DNN Corp has the pleasure of mentioning is the United States Department of Defense. They decided in 2012 to utilize DNN as their WCM solution for their entire portfolio of websites – a decision which was definitely influenced by the secure reputation of our products... This group of highly visible public websites needed to be on a platform that is highly-secure and obviously very security-conscious.
Myths and Reality
One major consideration that decision makers face with the process of choosing an open source solution, is, "how secure is the solution?", and "how much time and manpower will be needed to keep it secure?". Truth be known, the exact same security concerns exist with proprietary WCM solutions as they do with open source WCM solutions. During a recent interview about choosing a CMS, a global pharmaceutical organization's IT manager said that he believed that open source WCM offerings are more secure than proprietary solutions because "Unlike our [previous] proprietary solution, where we'd have to wait a long time for security patches to be released, we now get security patches much faster thanks to the developer network.".1
Because DNN has a network of over a million developers, and a dedicated security team working round the clock to ensure your DNN solution is as secure as possible, you can feel more at ease knowing that choosing DNN as your platform will guarantee success with your projects now and in the future. We are working relentlessly to ensure you have the most secure WCMS on the market today, and we intend to keep it that way in the days and years to come. The US Department of Defense believes in our platform and we know you will to. Please feel free to send us an email, and we'd be happy to discuss the platform and our security practices more extensively with you.
1 Forrester Consulting (Commissioned By Acquia), October 2012:
"Is It Time To Consider Open Source WCM For Digital Experience?" http://www.acquia.com/resources/whitepapers/time-to-consider-open-source-wcm