Acquia, the lead commercial sponsor behind the open-source Drupal content management system (CMS) is rolling out a new service to help secure Drupal sites.
Drupal is a popular open-source CMS and is used to power many of the world’s leading sites including the WhiteHouse and weather.com. The Acquia Cloud service provides a hosted, commercially supported Drupal CMS to its customers.
“Acquia Shield enables our customers that have sensitive data that is on-premises, to move data back and forth to cloud with a secure mechanism,” Christopher Stone, SVP of Products and Development at Acquia, told eWEEK.
In terms of access, the Acquia Shield leverages Amazon’s Virtual Private Cloud (VPC) Virtual Private Network (VPN) services.
“It (VPN) integrates with a long list of consumer and enterprise-grade VPN devices on the back end,”Andrew Kenney -VP, Platform Engineering at Acquia, explained to eWEEK. “We’ve added extra capabilities including automated configuration and we monitor the VPN the connection for support.”
The Acquia Shield provides both remote access security components as well as cloud isolation elements. While the new capability provides additional security,Stone emphasized that Acquia is already providing enhanced security for its users. As an example, with the recent Shellshock vulnerability in the BASH (Bourne Again SHell), Acquia was able to pro-active patch its users.
Drupal itself was the subject of high-impact SQL injection vulnerability in October. The open-source Drupal project warned that if users had not patched within seven hours of the initial patch being made available, they likely were hacked. There were a number of different ways that organizations chose to protect themselves from Drupal vulnerability, including the use of a Web Application Firewall (WAF).
“We chose not to use a WAF, we pro-actively patched all our customers to make sure they were not vulnerable,” Kenney said.
Sean Michael Kerner is a senior editor atInternetNews.com. Follow him on Twitter @TechJournalist