Defending Drupal from malicious actors is difficult since it requires a deep knowledge of the application, hosting platform, and development cycle, all of which are rapidly evolving with the Cloud Native landscape.
Listed below are 5 key areas where the Skpr platform team is focusing to keep our infrastructure secure.
Look to standards for industry alignment
- Recommend ISO/IEC 27001 for guidance
- Target the most relevant items first instead of all at once
Develop a one-page Incident Response Plan answering these questions
- Who do you contact when an incident occurs?
- Can you restore your site?
- What to do when you have been compromised?
Implement Static Application Security Testing
- Trivy
- Integrate with existing CI/CD pipeline
- Works with more than just container images
- Also consider Snyk or Github Security Scanning
Implement Dynamic Application Security Testing
- StackHawk
- Integrate with existing CI/CD pipeline
- Has a great pricing model (Seats vs Domains)
Implement Threat Detection
- Amazon GuardDuty
- Azure Advanced Threat Protection
- Google Cloud Platform: Security Command Center
The following video provides further detailed technical insights into how Skpr pragmatically keeps its platform and clients secure.