T
The Progress Team
Guest
As a Software-as-a-Service product, available to our customers 24/7/365 while delivering new features frequently, Sitefinity Digital Experience Cloud (DEC) must keep its promises.
In today’s world we are forced to use many, many instruments (software, apps, etc.) to achieve our business goals and achieve them fast, right away. We don’t question our necessities to do so anymore as we know that if we don’t do it, if we are not competitive enough, then our business loses ground exponentially, and we fall behind our competitors before we can even comprehend what happened. So, we don’t question the necessity and rightfully so. But think about that: Does that mean you should automatically trust any given service out there, in the cloud, trust that it will keep you safe, and your website, your data, etc.? Why would you trust a microservices oriented product, hosted in the cloud, operating on your website, handling tons of data on your behalf? What would be your trust criteria?
Well, with Progress Sitefinity DEC we offer you two simple promises to consider.
Availability: We commit to 99.8% availability but we will frequently exceed that. Silently.
Security: We will keep our components free of malicious code while continually delivering you new features. Seamlessly.
Availability
Uptime
Sitefinity DEC components are under constant monitoring from multiple locations around the world to ensure global availability. Those locations are also deployment-region-aware, so as to guarantee that a given component instance is available from the relevant geographical region. Here’s a sample list:
Performance
Performance indicators of Sitefinity DEC components are under constant monitoring too. To ensure our product’s operation is within the desired thresholds, we have a live update on what’s happening at any given DEC component, in any region, as we speak. Furthermore, should an operational threshold break our infrastructure will auto scale due to the relevant performance monitoring alarm that has been triggered.
Functionality
Thorough functional tests are executed regularly towards the production environment in all regions to ensure the system is not only available but also capable of executing all its features.
Security
We follow the best practices in Continuous Delivery (CD), which simultaneously allow us to bring new features into production frequently as well as enforce our high standards on any code changes that qualify for promotion. Furthermore, our CD processes (among others in the company) have been audited according to the rigorous SOC 2 framework.
Automated Tests
We practice test driven development, thus our list of automated tests grows with each new feature.
Automated Security Scanning
Any code changes to Sitefinity DEC components get automatically scanned against a comprehensive database of security flaws, which is maintained by Veracode.
Review Policy
Development of Sitefinity DEC components follows the well-known GitFlow repository branching model, and accepting new features in the production branch ca only happen through a Pull Request which in turn has a mandatory code review policy (among others).
Encryption
Communication with Sitefinity DEC components is only allowed on TLS and all data is stored encrypted.
Conclusion
Application lifecycle management of Sitefinity DEC is performed according to high standards and it is safe to expect that those will only get better, as each year all processes get continually re-audited according to the SOC 2 framework. We know that each of the thousands of customers using Sitefinity is entrusting us with their website and their data, so keeping our promises to you of high availability and robust security is essential to what we do.
I hope this post has given you insight into how we do this. You can learn more about the security features built into Sitefinity here.
Continue reading...
In today’s world we are forced to use many, many instruments (software, apps, etc.) to achieve our business goals and achieve them fast, right away. We don’t question our necessities to do so anymore as we know that if we don’t do it, if we are not competitive enough, then our business loses ground exponentially, and we fall behind our competitors before we can even comprehend what happened. So, we don’t question the necessity and rightfully so. But think about that: Does that mean you should automatically trust any given service out there, in the cloud, trust that it will keep you safe, and your website, your data, etc.? Why would you trust a microservices oriented product, hosted in the cloud, operating on your website, handling tons of data on your behalf? What would be your trust criteria?
Well, with Progress Sitefinity DEC we offer you two simple promises to consider.
Availability: We commit to 99.8% availability but we will frequently exceed that. Silently.
Security: We will keep our components free of malicious code while continually delivering you new features. Seamlessly.
Availability
Uptime
Sitefinity DEC components are under constant monitoring from multiple locations around the world to ensure global availability. Those locations are also deployment-region-aware, so as to guarantee that a given component instance is available from the relevant geographical region. Here’s a sample list:
Performance
Performance indicators of Sitefinity DEC components are under constant monitoring too. To ensure our product’s operation is within the desired thresholds, we have a live update on what’s happening at any given DEC component, in any region, as we speak. Furthermore, should an operational threshold break our infrastructure will auto scale due to the relevant performance monitoring alarm that has been triggered.
Functionality
Thorough functional tests are executed regularly towards the production environment in all regions to ensure the system is not only available but also capable of executing all its features.
Security
We follow the best practices in Continuous Delivery (CD), which simultaneously allow us to bring new features into production frequently as well as enforce our high standards on any code changes that qualify for promotion. Furthermore, our CD processes (among others in the company) have been audited according to the rigorous SOC 2 framework.
Automated Tests
We practice test driven development, thus our list of automated tests grows with each new feature.
Automated Security Scanning
Any code changes to Sitefinity DEC components get automatically scanned against a comprehensive database of security flaws, which is maintained by Veracode.
Review Policy
Development of Sitefinity DEC components follows the well-known GitFlow repository branching model, and accepting new features in the production branch ca only happen through a Pull Request which in turn has a mandatory code review policy (among others).
Encryption
Communication with Sitefinity DEC components is only allowed on TLS and all data is stored encrypted.
Conclusion
Application lifecycle management of Sitefinity DEC is performed according to high standards and it is safe to expect that those will only get better, as each year all processes get continually re-audited according to the SOC 2 framework. We know that each of the thousands of customers using Sitefinity is entrusting us with their website and their data, so keeping our promises to you of high availability and robust security is essential to what we do.
I hope this post has given you insight into how we do this. You can learn more about the security features built into Sitefinity here.
Continue reading...