Pantheon's platform was built for agencies and organizations who don't compromise on website security. We protect your Drupal and WordPress sites with secure infrastructure, carefully configured access to resources, and best practices around data safety and retention.
The platform provides:
- Container-based infrastructure
- One-click core updates
- Denial of service protection
- Automated security monitoring
- Network intrusion protection
- HTTPS with custom certificate
- End-to-end encryption
- Role-based change management
- Automated backup and retention
- Secure code and database access
- Secure integration to resources
- Secure datacenters
Pantheon runs their website infrastructure as if no single aspect of the web can be trusted. This approach helps ensure that all of their servers and services have the highest degree of isolation. —Luke Probasco, Drupal General Manager, Townsend Security
Pantheon is built on a container-based cloud architecture. Unlike deployment of clusters or virtual private servers, containers allow lightweight partitioning of an operating system into isolated spaces where applications can safely run. Similar to what’s used by Google App Engine or Heroku and optimized to run Drupal and WordPress, our infrastructure can isolate resources while making it easy to scale and deploy fixes across the entire infrastructure. A single website vulnerability poses no risk to other sites on the platform—or even to the customer’s other sites.
Pantheon uses control groups, a kernel-level facility for resource isolation for memory, disk, cpu, and other server resources. This means that process and memory-level isolation are effective for all customer processes, from PHP to MySQL. Pantheon’s distributed file system, Valhalla, is accessed over encrypted channels using client-server authentication. Once mounted, customer account files are protected through standard Linux permission controls. System level logs are isolated from customers on external logging systems while customers own logs are isolated with strict file permissions.
Automated Site Monitoring
Pantheon runs over a million checks a day to proactively monitor network, server, and application resources. Our status page shows a transparent, aggregated report of current and historical uptime across all Pantheon sites.
One-Click Core Updates
Update Drupal and WordPress core with a single click. Pantheon’s built-in dev, test, and live environments allow developers to push updates to production safely and quickly.
Network Intrusion Protection
Pantheon’s intrusion prevention system (IPS) provides an additional layer of protection against vulnerabilities by using a x.509-based public key infrastructure to add authentication and encryption to Rackspace’s own trusted network. Our edge routers tunnel traffic to origin servers, preventing circumvention of request validation, filtering, and caching.
IPS runs for any services with user-chosen passwords, including the dashboard, SFTP, Git, and Drush, detecting failed logins via multiple ingress points. At the server layer, IPS detects and prevents unauthorized host access. Our logging infrastructure records the identity of blocked accounts for later investigation. Security logs from the servers are centrally collected, processed and stored for a year.
Denial of Service Protection
Pantheon works with Rackspace and CloudFlare to provide management of denial-of-service attacks, filtering ongoing attacks and isolating traffic streams through Riverbed load balancers for each site and environment.
SAML and Two-Factor Authentication
Pantheon supports SAML integration, enabling additional security features like two-factor authentication and single sign-on. Customers can also enforce settings like minimum password strengths or authentication audit logs.
Role-Based Access to Site Resources
Pantheon’s Change Management feature allows site owners to manage organization-wide settings and selectively grant or deny developer access to deploy to production. Role-based access lets team members work on what they need to without introducing risk to other sites or infrastructure components.
Pantheon servers run on a Linux OS, which is far less susceptible to compromise by malware. We use only trusted vendor repositories for software, verify package signatures, perform cryptographic validation of platform code, and maintain auditable change management.
The platform runs user-published site software in containers with multiple layers of isolation. We run configurations that prevent direct execution, even within the containers, of files uploaded through the website.
Antivirus protection is bundled into the platform to ensure our system's integrity and to prevent malware from spreading through customer websites. Pantheon provides the ClamAV antivirus engine with up-to-date databases for use by our customers.
Pantheon Employee Administrative Access
Pantheon grants access according to least privilege. Employees can interact with servers via a secure API without actual server access—when they do need it, SSH-key based authentication is used and activity is recorded in a central log.
Releasing Patches and Updates
Pantheon continually deploys new container host instances with the latest supported kernel, OS and packages. Containers are migrated to the updated instances automatically and the older systems are retired. Core CMS application updates and security patches are tested internally before being deployed to our customer base through our one-click update workflow.
Vulnerabilities and Incident Response
Security issues identified by Pantheon are immediately communicated to affected parties. Details of any significant disruption are posted status.getpantheon.com and tweeted by @pantheonstatus. We always conduct a post-incident review of security events to improve the effectiveness of our response to future incidents.
Pantheon’s primary datacenter is managed by Rackspace. Rackspace provides 24/7 direct support access on any hardware issue. Access to data centers is granted though both keycard and biometric scanning protocols and protected by round-the-clock surveillance monitoring. Every Rackspace data center employee undergoes thorough background security checks before hiring.
Many of Pantheon’s core components are fully redundant and highly available with no single point of failure: the internal Pantheon API, the edge routing layer, DNS, and files directory storage. Where redundancy is not feasible, we maintain automated tools to facilitate recovery. Pantheon’s internal services are designed to tolerate process and server-level failure. We maintain a minimal server footprint in multiple datacenters to facilitate restoration in the event of a datacenter-level failure. When possible, we use redundant providers for upstream services like DNS.
Customer Content Durability
Pantheon uses industry-standard practices for on-disk storage, including writing to multiple physical disks with hardware-level RAID. For further protection, customers can make automated backups on the platform. Backups have over 99.99% durability and availability, are stored in multiple datacenters, and are encrypted at-rest.
Backups can be automated or triggered manually. Each backup, containing all site-related customer data, is shipped to Amazon S3 as a compressed archive. Backups are encrypted during transfer and at-rest with 256-bit Advanced Encryption Standard ciphers, storing private keys and encrypted backup data on separate servers. Users have the ability to test restoration via the dashboard for any site for any manual or scheduled backup. They also have the ability to restore from a backup to a new site, on Pantheon or elsewhere.
Pantheon was designed to be highly-available, resilient to single component failures, recoverable in the unlikely event of data center failure, not reliant on the services of any single employee, and manageable remotely in case of the loss of Pantheon offices. Our technology is built upon best-in-class infrastructure providers, including Rackspace and Amazon Web Services, chosen for their outstanding track-record and reputation. All Drupal and WordPress code, files, and database content can be scheduled for daily backup and stored with Amazon's multi-datacenter Simple Storage Solution service.
If the web site's primary data center should become inaccessible, service will be restored from the most recent backups using an alternate data center. Users have full access to critical components so they can create backups to setup their own disaster recovery infrastructure.
The Family Educational Rights and Privacy Act (FERPA) Compliance
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. Pantheon's security policies and infrastructure allow clients to be FERPA compliant.
SOC 2 Type II and SOC 3 and ISO 27001
Pantheon's underlying infrastructure provider, Rackspace, has received global security certifications and compliance verifications for Service Organization Controls SOC 2 Type II and SOC 3, in addition to complying with the ISO 27001 standard. Rackspace security attestations and certifications provide assurance of the security of the infrastructure and network layers of Pantheon.
US-EU Safe Harbor
Pantheon complies with the requirements of the US-EU Safe Harbor Framework on data privacy. To learn more about the Safe Harbor program, and to view Pantheon’s certification, please visit export.gov/safeharbor.