Security

The modern enterprise needs defensive foundations. Acquia’s platform security leaves no stone unturned — bugs can't hide.

Download the Datasheet

Security

Security Highlights

A quick overview

Layered firewalls
Multiple layers of firewalls ensure that only trusted network traffic is permitted to and from your Acquia environment.

Computer and Phone Muliti factor authentication

Multi-factor authentication
Strong authentication methods are critical to a secure cloud. Acquia provides multifactor authentication support to prevent unauthorized access to your Acquia Cloud environment.

Vulnerability management
A fundamental value proposition of the Acquia Cloud Platform is the timely identification, triage, and resolution of security vulnerabilities.

Security event monitoring
Acquia uses a security event log storage and monitoring platform. Security alerts are constantly monitored and tuned by skilled analysts to ensure the integrity of the systems your site is running on.

Secure file permissions
The majority of attacks against sites attempt to take control of the web service. The Acquia Platform has restricted file permissions by default. This prevents any unauthorized changes to your site code and any malicious file uploads from executing.

Disaster recovery and site backups
Acquia maintains a comprehensive backup solution for disaster recovery. The Acquia Cloud provides customers with easy to access code, file, and database backups of their site.

Security Through Standards

Acquia has a comprehensive compliance portfolio that validates the security of our platform. This compliance portfolio includes a variety of industry specific audits and certifications performed by independent third parties. These independent evaluations rate the design and operational effectiveness of Acquia’s security controls.

Security Through Innovation

For customers on the Acquia Platform, we offer additional layers of security on top of our built-in protection. The Acquia Cloud Edge family of products includes Acquia Cloud Edge Protect and Acquia Cloud Edge CDN. We also offer Acquia Cloud Shield, an isolated section of Acquia Cloud.

Learn More

Acquia Compliance

SSAE18/ISAE 3402: Service Organization Control (SOC 1) Type II
Statement on Standards for Attestation Engagement (SSAE) No. 18 is an attestation standard used to evaluate the design and operating effectiveness of Acquia’s information technology controls that impact our customers’ own internal controls over financial reporting. SSAE 18 is an American auditing standard issued by the American Institute of Certified Public Accountants (AIPCA). In order to meet the requirements of international accounting standards, Acquia receives a “SSAE 18/ISAE 3402 Combo Report.” The ISAE 3402 report provides coverage to support the financial reporting requirements of International organizations.

Statement on Standards for Attestation Engagement (SSAE) No. 18 is an attestation standard used to evaluate the design and operating effectiveness of Acquia’s information technology controls that impact our customers’ own internal controls over financial reporting. SSAE 18 is an American auditing standard issued by the American Institute of Certified Public Accountants (AIPCA). In order to meet the requirements of international accounting standards, Acquia receives a “SSAE 18/ISAE 3402 Combo Report.” The ISAE 3402 report provides coverage to support the financial reporting requirements of International organizations.

Service Organization Control (SOC 2) Type II
Acquia’s SOC 2 Report includes an assessment against the Common Criteria principles of Security, Availability, and Confidentiality.

Payment Card Industry - Data Security Standard (PCI-DSS)
For customers that process, store, or transmit cardholder data Acquia provides a PCI-DSS compliant hosting platform to ensure the protection of your customer's cardholder data in accordance with PCI-DSS version 3.2.

Health Insurance Portability and Accountability Act (HIPAA)
The Acquia Cloud Platform meets the requirements of the HIPAA Security Rule and HITECH for electronic Protected Health Information (ePHI).

Federal Education Records Privacy Act (FERPA)
The Federal Education Records Privacy Act (FERPA) mandates that institutions protect their students’ educational records and personal data. For Acquia’s higher education customers, they rest easy knowing that Acquia Cloud’s security and compliance controls provide FERPA-compliant digital experiences. Multi-layered cloud security controls, configurable user permissions, and built-in backups and disaster recovery make it easy to achieve FERPA compliance requirements and additionally, all Acquia Cloud services are monitored by a dedicated incident response team. FERPA. Check!

The Federal Education Records Privacy Act (FERPA) mandates that institutions protect their students’ educational records and personal data. For Acquia’s higher education customers, they rest easy knowing that Acquia Cloud’s security and compliance controls provide FERPA-compliant digital experiences. Multi-layered cloud security controls, configurable user permissions, and built-in backups and disaster recovery make it easy to achieve FERPA compliance requirements and additionally, all Acquia Cloud services are monitored by a dedicated incident response team. FERPA. Check!

ISO 27001
Acquia is ISO 27001 certified. ISO/IEC 27001:2013 (ISO 27001) is a globally recognized security standard driven by the implementation of an information security management system (ISMS). You can see our certification mark here: https://www.schellman.com/certificate-directory

FedRAMP
The Acquia Cloud Platform is FedRAMP compliant, and detail on authorizing agencies can be viewed in the FedRAMP Marketplace: https://marketplace.fedramp.gov/#/product/acquia-cloud?sort=productName

Acquia Security Products

Acquia Cloud Edge Protect
Acquia Cloud Edge Protect mitigates the effects of DDoS and application level attacks for our Acquia Cloud Enterprise (ACE) and Acquia Cloud Site Factory (ACSF) customers.

Acquia Cloud Edge CDN
Acquia Cloud Edge CDN provides a global content delivery network (CDN) that accelerates the delivery of your site to visitors, wherever they may be.

Acquia Cloud Shield
Acquia Cloud Shield is a dedicated, logically isolated environment within Acquia Cloud that has a customizable network configuration.

Acquia Cloud VPC Family
Data is the lifeblood of your organization, and at Acquia, we recognize the importance of the proper classification of information and handling of data. Our ‘Acquia Cloud VPC Family’ is a suite of virtual private cloud (VPC) products designed to provide elevated and compliant protection for sensitive data.

Acquia security investments female engineer photo

Security Threat Landscape

It’s a frame of mind, a culture, a commitment. The security threat landscape is constantly evolving in this digital age. Meeting the challenges of these threats requires expertise, technology, financial resources and collaboration.

Security Investments

At Acquia, we have made the security investments required to provide our customers a robust and secure platform – with the required people, process and technology. This includes securing our platform by design, offering complementary security products and services, and a portfolio of independent third party compliance audits to validate the robustness of our security program.

Download the Datasheet

Security Features

Features	Acquia
Role-based access controls	√
Secure file permissions	√
Key-based SSH authentication	√
Encrypted volumes by default	√
SAML and two-factor authentication support	√
Automated backups and disaster recovery	√
Automated platform monitoring	√
Anti-malware software support	√
DDOS protection*	√
Virtual private cloud*	√
HIPAA-compliant environment*	√
PCI-DSS-compliant environment*	√
* Available as add-ons ‎	‎