1. What Acquia Secures for You
- Hosting & Network
- Server patching and hardening
- WAF, CDN, and DDoS protection (Akamai)
- Daily backups and disaster recovery
- Compliance
- SOC 2, ISO 27001, HIPAA (Shield), FedRAMP
- Drupal Tools
- Acquia Security Scanner (misconfiguration checks)
- Acquia Insight (health and update status)
Acquia handles the platform. Our team focuses on the application.
2. What a Great Dev Team Delivers
Security
- Dependency Checks: Snyk, Dependabot, drupal-check
- Code Quality: PHPStan (with Drupal extensions)
- Dynamic Testing: OWASP ZAP (staging), Burp Suite (manual pen testing)
- Hardening: Role/permission audits, MFA/SSO enforcement, Security Review module
Maintenance
- Patch Management:
- Weekly review of core & contrib updates
- Apply security updates within 24–48 hours
- Configuration Management:
- Use Config Split/Ignore for environment safety
- Performance Care:
- Database optimization, caching checks, frontend audits
Ongoing Monitoring
- New Relic APM – runtime performance & anomaly tracking
- Acquia Cloud Hooks – automated checks post-deploy
- Quarterly Audits – scans with ZAP & Security Scanner
- Annual Pen Test – third-party validation
Reporting & Governance
- Monthly Reports: Security updates, uptime, incidents
- Quarterly Reviews: Performance, SEO impact, security posture
- Training & Policies: Keep internal teams up-to-date
The Workflow
Code → Build → Deploy → Monitor
- Code: Snyk, Dependabot, PHPStan, drupal-check
- Build: Automated ZAP scans in staging
- Deploy: Acquia Security Scanner, Cloud Hooks
- Monitor: New Relic, quarterly audits, annual pen tests
Summary
On Acquia, infrastructure security is handled.
Our dev team adds value by:
- Staying on top of Drupal updates & patches
- Running continuous code and config security checks
- Providing clear reporting & proactive maintenance