Acquia was founded by the inventor of Drupal, Dries Buytaert, and our business model is similar to other open source companies where we provide enterprise support and additional products, said Acquia’s Federal Solutions Manager, Rohan Oswal.

Acquia Offers Security Products

Security is a critical component of our cloud product. The Acquia cloud is a Platform as a Service (PaaS), and was designed for delivering and managing Drupal applications. Some of the world’s largest and best-known websites run on Drupal, and they have very high security requirements, especially because they are public facing and have high visibility.

Security spans a number of areas with regards to Drupal applications. One is application security, which is specifically for Drupal itself, to ensure that Drupal is secure and following best practices. The other side is the actual platform itself, and the questions here include whether the platform meets federal requirements, and whether it meets compliance objectives such as FISMA, FedRAMP, and the rest.

Application vs. Platform

The application runs on the platform, so when we think about the three different cloud computing models, we have Software as a Service (SaaS), PaaS, and Infrastructure as a Service (IaaS). Acquia fits right in the middle at the PaaS tier. We allow organizations to run any Drupal application they like in our cloud environment.

With regards to security, especially on the product side, we are really focused on cloud security. Acquia cloud is a FedRAMP-compliant cloud platform. We have multiple ATOs in place with several federal agencies.

Drupal Security Application

We have a number of tools to help customers with Drupal security. One is a tool called Acquia Insight, which periodically scans customers’ websites, analyzes the configuration, and assigns an overall health score. That score is based on security, best practices and performance.

What we are doing is checking to make sure that all the configurations and things customers have set up on their Drupal sites are safe, and they haven’t overlooked any critical security features.

Drupal lends itself very well to being an omni-channel application, as such, Drupal applications can be delivered through mobile and web. We have people using Drupal to power billboards and other channels. Drupal provides a web services layer, so when you think of content management – we’re truly managing content within Drupal.

With the latest release of Drupal, it is very easy to expose content as an open web service that can be consumed by a native mobile application.

Our cloud platform powers some of the largest government Drupal websites. Today, there are many organizations that use our cloud, including the Department of Treasury, Department of Energy, Department of Health and Human Services, and other agencies.

Drupal has also taken hold within the Federal Government – today, more than 35 percent of government agencies are using Drupal. The White House also uses Drupal, which kind of opened the stage for other users to start using the software.

We are trying to talk with the leaders in the government around cloud, which has seen rapid adoption recently. Now, it’s really at its turning point, with an acceleration in its adoption within government, largely due to standards such as FedRAMP and FISMA.

As more vendors get certified, it really makes the transition much easier for government organizations to move applications to the cloud.

Internet of Things

Since Drupal is open source, it lends itself very well for integration with any type of open standard. Drupal also integrates well with the Internet of Things. Web services are basically the universal language through which different platforms or frameworks are able to talk to each other. We did a demo recently were you can actually interact with a Drupal website through Amazon Echo.

It is because of those open standards which are available that it is so easy to integrate open source applications. With the Internet of Things, the devices that are consuming content now may not be the traditional laptop screen anymore. Content may be delivered through your smart watch, which needs to be adapted to fit the device. Content may even be delivered through a billboard, or a kiosk at a mall, and all of these things are powered through the web.

Drupal has over one million users in the Drupal community – all of whom are registered on and contributing to the community. That is really big in terms of development, since you have over a million people working on Drupal.

Drupal — Amazon

We are actually built on top of Amazon Cloud, and we use their underlying infrastructure to build our platform controls. With regards to security, since ours is a Managed-Platform-as-a-Service, we are actually taking on a lot of responsibility for how our platform is configured and secured.

One of the biggest benefits of Acquia is that our entire platform follows the same standards and compliance. When we harden the server, upgrade a version of Linux, or make database changes – those changes are being rolled out across the platform. It is a managed cloud service that follows the PaaS model.

When there was an issue with the Heartbleed vulnerability last year, we were able to patch that issue at the platform layer, and when we issued an update, it was updated for all of our customers.

Security is a shared responsibility. At Acquia, we are responsible for the platform and underlying infrastructure. The customers can create their Drupal sites, which still needs to be secured.

We offer different services such as security audits, and enterprise support advisory to make sure Drupal applications coming into our cloud are secure and following best practices. When bringing clients onto our cloud, we do an onboarding session, and will flag any item that needs to be addressed by the development team or customer before we move forward.

The Future of Content Management Systems

Personalization is the big thing right now. This is when visitors who come to your website are shown personalized content. This may be based on your actions or the user profile you fall into. We are definitely seeing the web becoming more dynamic and personalized. Users expect to get the information they want ever faster these days, and the challenge for marketers is how to get the right content to the right people, at the right time.



Speaker: Rohan Oswal

Rohan Oswal is the Federal Solutions Manager at Acquia and is responsible for growing Acquia’s business within the US Federal Government. Rohan is also Account Executive for several key cabinet-level agencies. 

acquiaAbout Acquia

Acquia provides the leading cloud platform for building, delivering, and optimizing digital experiences. Global organizations use the Acquia Platform to create a single, powerful digital foundation for delivering world-class customer experiences. With the Acquia Platform, organizations can realize the vision of personalized, contextual, and real-time customer engagement for the right person, at the right time, on the right device. These experiences can be easily deployed and managed at scale, for one to thousands of sites, driving transformative business results at breakthrough speed.