You don't need to look beyond the headlines to know that information security is a critical issue on the web. And make no mistake, it's a post-apocalyptic wasteland out there, with thieves, script kiddies, and even state-sponsored cloak-and-dagger outfits all roaming the internet. Not to mention the zombie horde: a million mindless malware-driven bots blindly attempting to hack all things at all times in any way they can.
Individual servers fending for themselves face increasingly dire prospects. There's not enough sysadmin talent in the world to look after the exponentially growing number of instances, droplets, VMs, and VPSs. As they fall, the zombie horde grows.
At the same time, organizations are more and more motivated to get their websites outside the firewall. Not only are within-the-firewall websites anathema to agility and innovation, they are high-visibility, highly-risk targets. A site compromised by a script kiddie can quickly be converted to a beachhead from which further attacks proceed against more juicy internal targets (e.g. mail logs or company databases). In fact, we know that more than a third of major breaches start with the website.
IT professionals face a catch-22: run the website inside the firewall, reducing the attack surface but drastically raising the stakes of a breach (while simultaneously infuriating marketing with barriers to iteration), or run the site on some singleton external infrastructure and hope for the best. Often times, they inherit a grab-bag of singleton instances, each with their own quirks. At times it seems like an impossible situation.
The Perfect Website Launch
Pantheon's mission to be the most stable and robust website management platform means creating an outpost of sanity and security. Rather than defend individual servers, we've built one big platform. That enables us to respond to internet-wide red alert events like Heartbleed with unprecedented agility (and zero downtime). It also means doing everything possible to ensure the safety of every website within our borders.
When it comes to Drupal and WordPress, the first wave of “cloud” providers have mostly been zombie fodder. They made it radically easier to quickly set up singleton instances, trading off long-term maintainability in favor of quick innovation. For organizations who realize the value of these open source CMSs, and want them to power their websites into the future, Pantheon delivers the real business value of the cloud.
We work constantly in service of this mission, and today we are announcing a pair of new features designed to help security conscious organizations work with our platform. These further reduce the attack surface for external threats, as well as reduce the potential for the kinds of human or administrative errors that are the cause of many breaches in security:
SAML Login - For organizations with SAML compatible single-sign-on solutions Pantheon allows authentication of users to the dashboard via your own login system, giving you central administrative control over employee access to the platform.
Secure Runtime Access - Pantheon protects all access to runtime resources including Drush, WP-CLI, or backing services like MySQL, behind the security of an encrypted SSH tunnel. This mode requires developers first establish a secure channel between their workstation and the Pantheon platform for all communication, rather than connecting directly.
To learn more about how Pantheon keeps websites secure and stable, watch our recorded webinar, Preparing for the Internet Zombie Apocalypse.Topics: Drupal, Security, WordPress