icon of a shield with a check mark and a cog

Digital Security and Governance

The best digital experiences begin with customer trust.

Keep your content and customer data secure with a platform that knows good digital experiences are safe ones.

image of a person on a computer masked by an acquia droplet
blue acquia droplets behind screenshots from Acquia Cloud Platform

Minimize Security Risks

The Safest Platform for Drupal

Minimize the risk of security incidents with a fully managed platform with built in security to protect your Drupal applications from malicious attacks. Acquia provides robust security features, an extensive industry compliance portfolio, and advanced security offerings (WAF, bot management, etc.) to help you secure your content from day one.

 

Learn More   Try Acquia Cloud Platform

blue icon of computer with lock and mobile device
Enabled Security Features

Secure out-of-the-box with security features like IPv6 Support, SSH Shell Access, and Customer WAF Support

icon of a Folder with a shield icon in front of it
Managed Security Services

Get Automated Drupal Security Updates, Vulnerability Scans, and Platform security audits and updates all personally managed by Acquia

gavel in front of an approved document icon
Compliance Standards

Meet standards across a variety of industries with FedRAMP Authorization, PCI, HIPAA, GDPR, SOC Type 1 and SOC Type 2, and more

blue acquia droplets behind screenshots from Acquia Site Factory

Multisite Management

Security & Governance at Scale

When you have hundreds or thousands of sites, ensuring site governance and access control is critical. With Acquia Site Factory, you can easily scale, manage, and enforce code governance for thousands of sites.

 

Learn More   Try Acquia Site Factory

icon of 3 people connected to the same box
Enforce Roles & Permissions

Give users partitioned access and permissions to job-specific parts of the platform

icon of a shield with a cog wheel
Multisite Governance

Define, group, and manage content and website functionality, policies, and standards

approved document icon
Automated Global Updates

Enforce and automate global updates for all your sites, leaving no site vulnerable

blue acquia droplets behind the drupal logo surrounded by various feature icons

Drupal

Secure by Design

Designed to be highly secure, with a 30+ person security team, Drupal is trusted by the most mission critical websites in the world. 10K contributors means that bugs can’t hide and makes the platform one of the most secure and stable platforms on the market.

 

Learn More   The Drupal Steward Program

blue icon of bricks with a lock in the corner
Drupal Steward Program

Acquia is a committed member of the Drupal Steward Program, a web application firewall that bridges the gap between security release announcements and site updates with security patches

icon of a credentials badge
Expert Security Team

The Drupal project has a 30+ person security team who handles confidential reports of security problems and reviews covered modules

icon of a shield with a lock in the middle
Advanced Security Features

Get an adaptable system designed to meet your needs. Offering password policy and reset rules, IP whitelisting for access, audit log settings, and more.

Enterprise Security
Use Acquia to shield you from attacks and keep your customers safe.
Learn More
blue acquia droplets behind lock graphics in front of a graphic web browser

Advanced Security Solutions

Enhance Your Security

Unleash enterprise-grade security. Get complete coverage with Web Application, API Protection (WAAP), and DDoS mitigation to secure your applications from malicious attacks and protect your digital experiences.

 

Learn More   Request a Demo

cloud with a lock in front of it icon
Edge Security

Thwart DDoS attacks before they reach your site, preempt threats in under 10 seconds, Web Application Firewall protects your site from threats, and beyond

Blue icon of cloud with a settings wheel connected to a server
CDN

Speed up app delivery and ensure availability with 200+ PoPs, cut load times by up to 50% for static and dynamic content, and block DDoS attacks

bot wearing a headset icon
Bot Manager

Detect unknown bots and compile real-time and historical reporting on your site bot traffic

Security Features

Features
Role-based access controls
Secure file permissions
Key-based SSH authentication
Encrypted volumes by default
SAML and two-factor authentication support
Automated backups and disaster recovery
Automated platform monitoring
Anti-malware software support
DDOS protection*
Virtual private cloud*
HIPAA-compliant environment*
PCI-DSS-compliant environment*

* Available as add-ons

Security Features
Role-based access controls
Secure file permissions
Key-based SSH authentication
Encrypted volumes by default
SAML and two-factor authentication support
Automated backups and disaster recovery
Automated platform monitoring
Anti-malware software support
DDOS protection*
Virtual private cloud*
HIPAA-compliant environment*
PCI-DSS-compliant environment*

* Available as add-ons
Acquia Compliance
SSAE18/ISAE 3402: Service Organization Control (SOC 1) Type II
Statement on Standards for Attestation Engagement (SSAE) No. 18 is an attestation standard used to evaluate the design and operating effectiveness of Acquia’s information technology controls that impact our customers’ own internal controls over financial reporting. SSAE 18 is an American auditing standard issued by the American Institute of Certified Public Accountants (AIPCA). In order to meet the requirements of international accounting standards, Acquia receives a “SSAE 18/ISAE 3402 Combo Report.” The ISAE 3402 report provides coverage to support the financial reporting requirements of International organizations.
Service Organization Control (SOC 2) Type II
Acquia’s SOC 2 Report includes an assessment against the Common Criteria principles of Security, Availability, and Confidentiality.
Payment Card Industry - Data Security Standard (PCI-DSS)
For customers that process, store, or transmit cardholder data Acquia provides a PCI-DSS compliant hosting platform to ensure the protection of your customer's cardholder data in accordance with PCI-DSS version 3.2.
Health Insurance Portability and Accountability Act (HIPAA)
The Acquia Cloud Platform meets the requirements of the HIPAA Security Rule and HITECH for electronic Protected Health Information (ePHI).
Federal Education Records Privacy Act (FERPA)
The Federal Education Records Privacy Act (FERPA) mandates that institutions protect their students’ educational records and personal data. For Acquia’s higher education customers, they rest easy knowing that Acquia Cloud’s security and compliance controls provide FERPA-compliant digital experiences. Multi-layered cloud security controls, configurable user permissions, and built-in backups and disaster recovery make it easy to achieve FERPA compliance requirements and additionally, all Acquia Cloud services are monitored by a dedicated incident response team. FERPA. Check!
ISO 27001
Acquia is ISO 27001 certified. ISO/IEC 27001:2013 (ISO 27001) is a globally recognized security standard driven by the implementation of an information security management system (ISMS). You can see our certification mark here: https://www.schellman.com/certificate-directory
FedRAMP
The Acquia Cloud Platform is FedRAMP compliant, and detail on authorizing agencies can be viewed in the FedRAMP Marketplace: https://marketplace.fedramp.gov/#/product/acquia-cloud?sort=productName

Customer Focused Security & Performance

Avoid data breaches, protect your customers, and give them a great digital experience and you’ll win their trust.
Get Access Now