Information security is based on three key principles, known as the "CIA triad" - Confidentiality, Integrity and Availability. There are all kinds of ways these three vectors could affect your Drupal website.
A critical zero day exploit such as Drupageddon could result in someone gaining access to your website and exposing private data, a database server crash could destroy valuable records, a simple Distributed Denial of Service (DDoS) attack could take your site offline. There are three common scenarios, all have happened to Drupal websites in the past.
That's why you need experts who know information security and know Drupal. Experts like us.
We don't just talk about security. We do it, seriously, maintaining a fully comprehensive Information Security Management System, certified to meet ISO 27001:2013 and audited annually by BSI Group, to ensure we continue to be at the cutting edge of best practice, ensuring your secure Drupal hosting is as secure as it can be. We also partner carefully, typically platforming our customers on Amazon Web Services, who are themselves ISO 27001 certified, in either London or Dublin, so our security management goes through the line.
Our security measures include:
- Full Drupal security patching;
- Routine Linux server patching;
- Proven excellence in rapid response to emergency security incidents;
- Strict physical (AWS Security Groups) and virtual (Linux iptables) firewalling, both inbound and outbound;
- Secure, certificate-based VPN for passwordless authentication and verification;
- Real time intrusion monitoring systems;
- Real time service monitoring systems;
- Forensic capability for examining past system activity;
- Strict adherence to Two Factor Authentication on all critical systems;
- Full disk encryption on all staff computers, to ensure they cannot be a route for compromise;
- Multi-level back-up strategy;
- ISO 27001 certified partners and processes.