Earlier, we dove into the details of what Acquia really means when we say we’re “optimized for Drupal” and powered by the world’s top Drupal experts. That post showcased our multi-layered, purpose-driven layers of caching and lightning-fast performance capabilities. Now, we’re getting into another reason why Acquia is truly the optimal site for Drupal hosting: stronger security.
It never hurts to start a discussion about infrastructure security by reminding our customers that Acquia complies with more security standards than any of our competitors, including:
- SOC-1, SOC-2, and ISO-27001, all by default
- PCI, HIPAA, and FedRAMP, all available as add-ons
You can read about what these specific acronyms refer to here:
Some other related regulations that Acquia supports are GDPR and FERPA (Family Educational Rights and Privacy Act).
Acquia also perpetually updates our Linux instances and all associated software packages to make sure that any critical vulnerabilities are addressed in accordance with our service level agreements.
All of these things are absolutely essential to maintaining a secure platform, and while not Drupal-specific at face value, they demonstrate our foundational commitment to being the most secure Drupal hosting platform in the market today.
It is on top of those foundations that Acquia implements additional Drupal optimizations for enhanced security. One example is our intrinsic platform awareness of Drupal’s public and private file systems. Since Drupal lets users upload some files for everyone to access and others that are restricted, Acquia Cloud is configured to automatically store those files appropriately, rather than forcing the customer to manually configure and update directories and permissions.
We have also built extensive automations for performing Drupal Core and Drupal Module security updates as a part of our Remote Administration service. Rather than asking customers to perform their own updates, we go in and provide a patched version of our customer’s code for them once security patches are available on Drupal.org. All they have to do is verify the patch looks good, and then we’ll go ahead and deploy it to Production for them.