Security continues to be an significant topic as security exploits continue to grow and attackers evolve to use more sophisticated methods to breach websites. Don’t wait until your site is hacked to address your site’s security. Learn best practices for keeping your websites and company secure in the modern internet age, and how Pantheon’s newest security features can help.
3. PANTHEON.IO
Websites Are Not Safe
According to the FBI, 35% of data thefts in 2014 came from website breaches.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
7. PANTHEON.IO
The People Problem
● Humans are prone to error and administrative systems
are chaotic and messy.
● Attackers take advantage of the chaos and find ways to
impersonate users.
● Chaos can make managing access and knowing you
has access to the website difficult.
8. PANTHEON.IO
Solving the People Problem
Controlling access & minimizing
administrative chaos:
● Role-based Permissions
● Centralized Account Management
● 2-factor authentication
● IP or Network restrictions
10. PANTHEON.IO
The Technology Problem - Hosting
Where is your
website running?
Is it in your
datacenter?
Corporate
Site
Community
Site
Marketing
Site
Internal Systems
& Data
On Premise Servers
11. PANTHEON.IO
The Technology Problem - Cloud or Managed
Running your
website in the
“cloud”.
This is not a real
cloud!
Corporate
Site
Community
Site
Marketing
Site
Datacenter
Internal Systems
& Data
VPN
13. PANTHEON.IO
Solving the Hosting Problem
With a container-
based cloud, if
your website is
compromised your
sensitive data is
still safe.
Corporate
Site
Community
Site
Marketing
Site
App Containers
Internal Systems
& Data
14. PANTHEON.IO
Solving the Infrastructure Problem
Security as a Service for websites
● DoS protection
● Network intrusion protection
● Encrypted communications available by default
● Systems managed via automation
● Central administration of access, permissions
15. PANTHEON.IO
The Technology Problem - DIY Website Infrastructure
Single instance IP, maybe a CDN PUBLIC FACE
Code sitting on a server APPLICATION
Optional firewall
No encryption by default DATABASE
Sysadmins monitor CVEs, run fire drills, play
whackamole. LINUX
IT or old-school ops
NETWORK &
PHYSICAL SECURITY
No central management or audit trail
Plain old FTP? YOUR DEVELOPERS
16. PANTHEON.IO
The Technology Solution - Modern Website Infrastructure
Highly available and horizontally scalable. Also,
reverse-proxy cache.PUBLIC FACE
Version control & scripted deployment
Clear chain of custody for all changesAPPLICATION
Encrypted connections
Run only over internal networkDATABASE
All systems managed via automation
Treat servers like cattle, not petsLINUX
SOC2 compliant infrastructure vendor
All internal traffic is encrypted
NETWORK &
PHYSICAL SECURITY
Centralized account management
Audit trail
All SSH all the time
YOUR DEVELOPERS
19. PANTHEON.IO
Solving the Website Technology Problem
How are you managing updates? How quickly
can you update?
Can you trust the ones you’re using? They can
often be collections of modules. How are you
managing updates?
Do you have a process for understanding if your
custom code is following security best practices?
Do you know who made changes and what they
changed?
Custom Code
Plugins / Modules
Core CMS
22. PANTHEON.IO
Our Solutions
Pantheon Provides:
● Isolated and secure web infrastructure.
● Role based access and permissions.
● Administrative oversight on your teams.
● NEW: SAML integration for SSO
● NEW: Secure Runtime Access to harden website
security.
23. PANTHEON.IO
Summary
Protect yourself by:
● Managing roles and access with practices like SSO and
2-factor authentication
● Running your website in the cloud–one that gives you
robust security features and protection
● Staying on top of updates