Secure Form and CMS solution


Icon's security team have recently developed a custom solution for the secure transmission of website form data, plus a secure CMS solution that locks down admin access to a private server.

The ‘SecureForm’ and ‘SecureCMS’ solutions address the need for a more secure and robust method to encrypt Drupal-based website forms and protect content management systems from being breached.

secure form diagram

Key features of SecureForm:

  • All information entered by a user is encrypted before it leaves the user’s browser to protect their data and privacy

  • Each submission is encrypted by a unique encryption key making it impossible to crack

  • Only the user themselves and the receiving end (the private database) can see the decrypted information

  • The receiving end resides on a server with the Australian Government’s PROTECTED certification

  • All email communications are processed on the receiving end through SSL security protocol

  • Reporting is managed by the receiving end with strict access control, including IP whitelisting and multi-factor authentication

  • The forms are easily customisable enabled by powerful logic and validation rules

  • The public-facing webform component is compatible with any webform created using the Webform module in Drupal 8 or higher, and compatible with GovCMS 8 or higher.

secure cms diagram

Key features of SecureCMS:

  • Compatible with Drupal 8, 9 and 10

  • Compatible with most major cloud platforms such as AWS and Azure

  • Public/private dual-site set up to eliminate unauthorised access to the CMS backend

  • All content changes are made to the private site and can be readily reviewed/approved by supervisors or your team

  • Changes are only pushed to the public site by users with publishing permission after changes reviewed/approved

  • Multi-site redundancy allows for rapid disaster recovery (a matter of minutes)

  • Splitting the public and private (edit) functions of the CMS ensures editing activities and public viewings do not interfere with or contend for server resources

  • The public site, with all login/write/edit functions disabled, is far less prone to hacking

For a product demonstration please contact Jason Guo, Icon’s Solution Architect and Technical Lead in Canberra.
Phone 0402 569 666