What Does It Mean to Be Optimized for Drupal? Part 2: Security

Why Acquia is the best choice for maintaining a secure platform for all of your Drupal websites.

Earlier, we dove into the details of what Acquia really means when we say we’re “optimized for Drupal” and powered by the world’s top Drupal experts. That post showcased our multi-layered, purpose-driven layers of caching and lightning-fast performance capabilities. Now, we’re getting into another reason why Acquia is truly the optimal site for Drupal hosting: stronger security. 

It never hurts to start a discussion about infrastructure security by reminding our customers that Acquia complies with more security standards than any of our competitors, including:

  • SOC-1, SOC-2, and ISO-27001, all by default
  • PCI, HIPAA, and FedRAMP, all available as add-ons

You can read about what these specific acronyms refer to here

Some other related regulations that Acquia supports are GDPR and FERPA (Family Educational Rights and Privacy Act). 

Acquia also perpetually updates our Linux instances and all associated software packages to make sure that any critical vulnerabilities are addressed in accordance with our service level agreements.

All of these things are absolutely essential to maintaining a secure platform, and while not Drupal-specific at face value, they demonstrate our foundational commitment to being the most secure Drupal hosting platform in the market today.

It is on top of those foundations that Acquia implements additional Drupal optimizations for enhanced security. One example is our intrinsic platform awareness of Drupal’s public and private file systems. Since Drupal lets users upload some files for everyone to access and others that are restricted, Acquia Cloud is configured to automatically store those files appropriately, rather than forcing the customer to manually configure and update directories and permissions.

We have also built extensive automations for performing Drupal Core and Drupal Module security updates as a part of our Remote Administration service. Rather than asking customers to perform their own updates, we go in and provide a patched version of our customer’s code for them once security patches are available on All they have to do is verify the patch looks good, and then we’ll go ahead and deploy it to Production for them.

And, since six Acquia employees are assigned to the 33-person Drupal Security Team, plus two provisional members and five former Acquians, we have deep experience with Drupal security issues. 

Finally, Acquia’s Professional Services team is staffed with Drupal and IT security experts who are able to provide a wide variety of security audits, from penetration tests to comprehensive code and architectural reviews -- all so customers can maximize the security of their custom builds and external integrations. 

Acquia Security Audits are typically one-week engagements where we work directly with a customer’s development team to ensure all potential risks and mitigations can be identified and documented. And while various security firms offer penetration testing and code review services, only Acquia has the Drupal expertise required to identify and remediate even the most obscure security risks related to custom builds and integrations with Drupal.

Learn more about what makes Acquia the leader in Drupal experiences in our next installment covering Acquia’s best-in-class Drupal performance capabilities.

Featured Resources

View More Resources