A major concern for any website is its vulnerability to external attacks. While these security concerns are not unique to CMS-driven sites, they are especially important to consider in organizations that are using a content management system. The presence of a CMS introduces special considerations for security – for example, having many users inside the organization who are able to update the site. This series of blog posts is meant to guide the reader through a variety of security considerations related to CMS-driven websites, some of which will be specific to Sitecore. The good news is that all of these concerns can be addressed and overcome through careful planning.
Sitecore Security - Key Considerations:
- Sitecore Setup and Infrastructure
Was Sitecore installed correctly, with the recommended configuration? Did you take the necessary precautions to protect IIS and the Windows server? - Danger from within: Consideration of content authors, validation and governance
Now that many people can update site content, what processes do you need to put in place to ensure that content authors do not accidently create a security vulnerability? - Findability of private information
When a CMS runs multiple sites or a public and private version of a site, does the implementation correctly protect access to content, particularly from the very thorough and efficient search engine crawlers? - External Hackers
Injection, Cross Site Script and Other Forms of Attack. While not specific to Sitecore or any CMS, there are certain techniques and approaches provided by the Sitecore backend that allow CMS developers to create even more secure and robust sites. - Sleeping (peacefully) at night
You have done your best during implementation, now what? Some final thoughts on tools to help you prevent problems so you can stop worrying about being hacked.
Starting in the next post, I will delve into each of these topics. If you would like to see other areas covered in this discussion you can always reach me at glen {at} nonlinear.ca.