Back in the day, open source applications like Drupal were considered the tool of the hobbyist rather than a serious stack ready for enterprise deployment. As brands consolidated their web estates into centralised platforms, large proprietary web content management systems were deployed to bring scalability and security. With them they brought hefty licensing costs, and extensive development and maintenance overheads.
How things have changed. Drupal 8, an open source content management system, boasts over a million websites. Amongst the top 10k most popular sites running a known CMS, 9% run Drupal according to builtwith.com. Visit drupal.com/showcases to see that Drupal is now happily at home in government, education, financial services, FMCG, and life sciences.
So how has Drupal made the journey from bedroom to boardroom? One aspect that has opened the door to enterprise adoption is the approach to security.
Open source applications, like Drupal 8, use core code frameworks that are contributed to by large communities of developers who review, update and share code openly. Drupal Core is the framework underlying all Drupal sites that can be extended by modules and themes, and is used by agencies like Coherence to build sophisticated brand web experiences.
The publicly accessible nature of this code used to make CTOs nervous – surely this delivers access that could be exploited in a way that proprietary code resisted? In fact, this openness has become its strength. The Drupal Security Team is made up of 34 volunteers from around the world, who in turn can draw on the skills of thousands in the wider Drupal development community to identify and resolve issues with agility.
There was no better example of this in action than the recent Remote Code Execution vulnerability Drupal’s security advisers identified a vulnerability that could allow a site visitor to execute their own code. All CMS platforms expose issues like this from time to time, with software vendors in an ongoing arms race with hackers. The Drupal community were rapidly notified of the upcoming patch (a free contribution of code designed to remove the vulnerability) and we accordingly prepared our development team to apply and test the instant the patch was released.
With some late night work, and many hands on deck, we had the vulnerability patched and our clients’ sites tested and deployed within 6 hours of the code release. It’s worth noting that the issue was identified and fixed within the community with speed and without service disruption to our clients.
With security and agility like this, and Drupal 8’s strong support for content APIs, multilingual sites and multi-site platforms, open source now sits happily in the enterprise stack, and delivers productivity advantages that proprietary code struggles to match.
If you would like to know more about how we can help you empower your marketing team while making your CTO happy, why not get in touch?