We protect your Drupal and WordPress sites with secure infrastructure, carefully configured access to resources, and best practices around data safety and retention.
Website Security & Features
Pantheon's unique infrastructure and security capabilities give our customers the peace of mind they need to deliver awesome online experiences.
Pantheon is built on a container-based cloud architecture . Unlike deployment of clusters or virtual private servers, containers allow lightweight partitioning of an operating system into isolated spaces where applications can safely run.
Automated, one-click core updates
Update Drupal and WordPress core with a single click. Pantheon’s built-in dev, test, and live environments allow developers to push updates to production safely and quickly.
Denial of service protection
Pantheon’s Global CDN provides industry-leading WAF-style rules and DDoS Protection filtering for management of denial-of-service attacks. By filtering ongoing attacks and isolating traffic streams for each site and environment, Pantheon provides dedicated resources in times of need and prevents impact between customer websites.
Drupal and WordPress core—as well as module and plugin code—are write-protected in Test and Live environments. This feature guards against unauthorized updates that can result in compromise.
Automated site monitoring
Pantheon runs over a million checks a day to proactively monitor network, server, and application resources. Our status page shows a transparent, aggregated report of current and historical uptime across all Pantheon sites.
Keep your site and your visitors secure with TLS certificates. Certs are managed and renewed automatically.
Pantheon supports SAML integration, enabling additional security features like multi-factor authentication and single sign-on. Customers who enforce SAML authentication can also enforce settings like minimum password strengths or authentication audit logs.
Pantheon’s change management feature allows site owners to manage organization-wide settings and selectively grant or deny developer access to deploy to production. Role-based access lets team members work on what they need to without introducing risk to other sites or infrastructure components.
Automated backup and retention
Backups can be automated or triggered manually. Each backup, containing all site-related customer data, is shipped to cloud storage as a compressed archive. Backups are encrypted during transfer and at-rest with appropriate corresponding 256-bit Advanced Encryption Standard cipher modes, storing private keys and encrypted backup data on separate servers. Users have the ability to test restoration via the dashboard for any site for any manual or scheduled backup. They also have the ability to restore from a backup to a new site, on Pantheon or elsewhere.
OUR WEBSITE OPERATIONS EXPERTS ARE HERE TO HELP
Compliance & Information Security
Pantheon is regularly reviewed by third parties to verify platform security, privacy, and compliance—and we are constantly working to widen this coverage. Learn more about Pantheon’s conformity with the following information security policies and certifications:
SOC 2 compliance provides third party assurance to our customers about the adequacy of Pantheon’s information security system. Our SOC 2 compliance covers the Security and Availability Trust Services Criteria.
The General Data Protection Regulation (GDPR) is a data privacy law that defines a framework for how companies use and protect personal information about European Union citizens. Pantheon complies with all applicable data privacy laws including GDPR.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. Pantheon's security policies and infrastructure allow customers to be FERPA compliant.
EU-US & US-Swiss Privacy Shield
Pantheon complies with the requirements of the EU-US & US-Swiss Privacy Shield frameworks on data privacy. We recently expanded our Privacy Shield coverage to accommodate the United Kingdom’s withdrawl from the European Union. To learn more about these programs and to view Pantheon’s Privacy Shield registration, please visit privacyshield.gov.
Our stack is secure by design—engineered and maintained using rigorous security best practices.
Pantheon uses control groups, a kernel-level facility for resource isolation for memory, disk, cpu, and other server resources. This means that process and memory-level isolation are effective for all customer processes, from PHP to MySQL. Pantheon’s distributed file system, Valhalla, is accessed over encrypted channels using client-server authentication. Once mounted, customer account files are protected through standard Linux permission controls. System level logs are isolated from customers on external logging systems while customers own logs are isolated with strict file permissions.
Many of Pantheon’s core components are fully redundant and highly available with no single point of failure: the internal Pantheon API, the edge routing layer, DNS, and files directory storage. Where redundancy is not feasible, we maintain automated tools to facilitate recovery. Pantheon’s internal services are designed to tolerate process and server-level failure. We maintain a minimal server footprint in multiple datacenters to facilitate restoration in the event of a datacenter-level failure. When possible, we use redundant providers for upstream services like DNS.
Pantheon servers run on a Linux OS. We use only trusted vendor repositories for software, verify package signatures, perform cryptographic validation of platform code, and maintain auditable change management. The platform runs user-published site software in containers with multiple layers of isolation. We run configurations that prevent direct execution, even within the containers, of files uploaded through the website. Pantheon provides the ClamAV antivirus engine with up-to-date databases for use by our customers.
Pantheon’s primary datacenters are managed by Google. Google data centers feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection.
Employee Administrative Access
Pantheon grants access according to least privilege. Employees can interact with servers via a secure API without actual server access—when they do need it, SSH-key based authentication is used and activity is recorded in a central log.
Patches and Updates
Pantheon periodically deploys new container host instances with the latest supported kernel, OS, and packages. Containers are automatically migrated to the updated instances with zero down time, before the older systems are retired. Core CMS application updates and security patches are tested internally before being deployed to our customer base through our one-click update workflow.
From Heartbleed to Shellshock to Drupalgeddon to GHOST, we’ve conquered them all. Pantheon’s unique infrastructural agility allows us to respond to breaking vulnerability announcements with unprecedented speed. We keep every layer in our system fresh, shutting down most issues before a single customer is exposed.. Details of any significant disruption are posted at https://status.pantheon.io/and tweeted by @pantheonstatus . We always conduct a post-incident review of security events to improve the effectiveness of our response to future incidents. See how we dealt with Drupalgeddon>
Customer Content Durability
Pantheon uses industry-standard practices for on-disk storage, including writing to multiple physical disks with hardware-level RAID. For further protection, customers can make automated backups on the platform. Backups have over 99.99% durability and availability, are stored in multiple datacenters, and are encrypted at-rest.
Network Security / Intrusion Prevention
Pantheon guards against network intrusion by using a x.509-based public key infrastructure to add authentication and encryption to communication sessions. Our edge routers tunnel traffic to origin servers, preventing circumvention of request validation, filtering, and caching. Host intrusion prevention runs for any services with user-chosen passwords, including the dashboard, SFTP, Git, and Drush, detecting failed logins via multiple ingress points. At the server layer, host intrusion prevention detects and prevents unauthorized host access. Our logging infrastructure records the identity of blocked access attempt for later investigation. Security logs from the servers are centrally collected, processed and retained for a year.