Why maintaining a secure CMS is important for data handling, and how Sitecore can help
Security matters. Alongside cyber security, data security is one of the hottest topics in the digital industry right now. With the recent introduction of the GDPR law, as well as multiple high-profile data breaches taking place across the globe, it seems as though everyone wants to know the secret to security. In this article, we’ll show you how it can all start with Sitecore.
Why does data security matter?
Data can be anything, and although we tend to think firstly of intercepted customer data and stolen bank account details, data security can cover a wealth of different areas. It can mean something as simple as disclosing sensitive information on a blog post, giving unauthorised access to a certain team member, or simply not having the correct processes in place.
Luckily, these sort of security issues can be easily avoided with proper configuration in Sitecore, and who wants a data breach anyway? Besides the obvious business negatives, it results in bad publicity, as well as loss of trust with your customers and suppliers. That’s not even mentioning the fines, charges and potential lawsuits that can come as a result of a data breach.
From GDPR to publishing rights, read on to find out more about the importance of data security and how Sitecore can help.
Sitecore and GDPR
If you’ve read our article on how to make your website GDPR compliant with Sitecore, you’ll know that the platform can play an integral part in data security, keeping your organisation’s digital presence fully-complaint with the recent law.
We have created bespoke data security solutions for a number of customers across a range of different industries. These security solutions have enabled businesses to comply with GDPR’s ‘right to be forgotten’, or ‘right to erasure’, as it is also known.
From this perspective, it’s easy to see that the importance of data security lies not only in the interest of the individual, but also the law. Failure to comply with the GDPR law has serious consequences and potentially huge fines, read more GDPR & Sitecore here.
Control users’ permissions for an all-round secure CMS
If you want total control over your Sitecore CMS, then assigning different users varying levels of access is a sure way to increase security amongst your internal teams. Put short, you’ll be in no doubt whether or not certain users are accessing sensitive areas of the website, or whether they’re able to publish certain items.
Also, do you have a loan in place for when an employee leaves? With access granted, ex-employees-to-be could use their publishing and access permissions maliciously. It’s always best to suspect and prepare for the worse.
Workflow – Sitecore’s secure publishing feature
Usually utilised by developers, Sitecore’s workflow allows content editors to make use of different ‘states’. States include ‘Draft’, ‘Awaiting Approval’ and ‘Approved’. When a piece of content is any other state than ‘Approved’, it cannot be published.
Locking down state changes, or certain state changes, to full-permission users is a secure way to make sure that no sensitive data is published before a strict review process. This is something you don’t necessarily get out of the box with other CMS platforms.
Find more ways to stay secure with Sitecore – get in touch today
Our experience as a Sitecore agency in both building new projects and working on audit and adoption projects, has enabled us to become well-equipped at working across a wide range of industries. From automotive to manufacturing, and football clubs to finance, we can help make your Sitecore solution secure. We’ll also teach you how to implement Sitecore best practises internally.
Have you got your system access locked down to certain IP addresses? What about backing up data? Got a solid disaster recovery plan? All of this matters and securing your business is a multipronged approach. If you want to make sure your Sitecore CMS is as secure and safe as possible, get in touch today for a specialist data security audit, we’ll be happy to speak to you.