Security by Design

As a part of Acquia’s commitment to delivering a secure environment for our customers, we offer Security by Design. This means the Acquia Platform is architected with an array of strong access and authentication controls, as well as different firewall controls, providing best-in-class defensive security capabilities. These control technologies allow our platform to be secure, by design.

Multiple Layers of Firewall

Each of these security controls is built into our platform to help ensure your sites are resilient and secure from day one. With these platform-level security controls, we’re able to minimize risks to the security of your site. Below are the benefits these features will provide for your organization.

Multi-factor Authentication

Strong authentication methods are critical to a cloud security implementation. At Acquia, we utilize multi-factor authentication to help ensure the security of the Acquia Cloud Platform.

Vulnerability Management

A fundamental value proposition of the Acquia Cloud Platform is the timely identification, triage, and resolution of security vulnerabilities.

Security Event Logging and Monitoring

The security paradigm has shifted from prevention alone to a focus on security event detection and response.

Security Incident Response

Security incident response is a crucial part of our security function. In the current technical threat landscape, security incidents will happen no matter what safeguards you put in place.

Backup

Acquia maintains a comprehensive backup solution for website code, static files, and databases. Integrated backup facilities use Amazon’s Elastic Block Store (EBS) and Simple Storage Service (S3).

Security Through Standards - Acquia Compliance

Acquia has a comprehensive compliance portfolio that validates the security of our platform. This compliance portfolio includes a variety of industry-wide audits and certifications that are performed by independent third party auditors. These audits allow for Acquia’s security controls to be independently evaluated on their design and operating effectiveness. The internal controls Acquia has in place to mitigate risks are a testament to our commitment to a high level of security.

SSAE16/ISAE 3402: Service Organization Control (SOC 1) Type II

Statement on Standards for Attestation Engagement (SSAE) No. 16 is an attestation standard used to evaluate the design and operating effectiveness of Acquia’s information technology controls that impact our customers’ own internal controls over financial reporting.

SSAE 16 is an American auditing standard issued by the American Institute of Certified Public Accountants (AIPCA). In order to meet the requirements of international accounting standards, Acquia receives a “SSAE 16/ISAE 3402 Combo Report.” The ISAE 3402 report provides coverage to support the financial reporting requirements of International organizations.

Service Organization Control (SOC 2) Type II

Acquia’s SOC 2 Report includes an assessment against the Common Criteria principles of Security, Availability, and Confidentiality.

Payment Card Industry - Data Security Standard (PCI-DSS)

For customers that process, store, or transmit cardholder data Acquia provides a PCI-DSS compliant hosting platform to ensure the protection of your customer's cardholder data in accordance with PCI-DSS version 3.2.

Health Insurance Portability and Accountability Act (HIPAA)

The Acquia Cloud Platform meets the requirements of the HIPAA Security Rule and HITECH for electronic Protected Health Information (ePHI).

FERPA

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records.

ISO 27001

Acquia is ISO 27001 certified. You can see our certification mark here. ISO/IEC 27001:2013 (ISO 27001) is a globally recognized security standard driven by the implementation of an information security management system (ISMS).

FedRAMP

The Acquia Cloud Platform is FedRAMP compliant, and detail on authorizing agencies can be viewed in the FedRAMP Marketplace.

Security Through Innovation - Acquia Security Products

For customers on the Acquia Platform, we offer additional layers of security on top of our built-in protection. The Acquia Cloud Edge family of products includes Acquia Cloud Edge Protect and Acquia Cloud Edge CDN. We also offer Acquia Cloud Shield, an isolated section of Acquia Cloud. 

Acquia Cloud Edge Protect

Acquia Cloud Edge Protect mitigates the effects of DDoS and application level attacks for our Acquia Cloud Enterprise (ACE) and Acquia Cloud Site Factory (ACSF) customers.

Acquia Cloud Edge CDN

Acquia Cloud Edge CDN provides a global content delivery network (CDN) that accelerates the delivery of your site to visitors, wherever they may be.

Acquia Cloud Shield

Acquia Cloud Shield is a dedicated, logically isolated environment within Acquia Cloud that has a customizable network configuration.

Acquia Cloud VPC Family

Data is the lifeblood of your organization, and at Acquia, we recognize the importance of the proper classification of information and handling of data. Our ‘Acquia Cloud VPC Family’ is a suite of virtual private cloud (VPC) products designed to provide elevated and compliant protection for sensitive data.

Security Feature Comparison

 

It’s a frame of mind, a culture, a commitment. The security threat landscape is constantly evolving in this digital age. Meeting the challenges of these threats requires expertise, technology, financial resources and collaboration. At Acquia, we have made the security investments required to provide our customers a robust and secure platform – with the required people, process and technology. This includes securing our platform by design, offering complementary security products and services, and a portfolio of independent third party compliance audits to validate the robustness of our security program.

 

Security Feature Compliance