Icon's security team have recently developed a custom solution for the secure transmission of website form data, plus a secure CMS solution that locks down admin access to a private server.
The ‘SecureForm’ and ‘SecureCMS’ solutions address the need for a more secure and robust method to encrypt Drupal-based website forms and protect content management systems from being breached.
Key features of SecureForm:
All information entered by a user is encrypted before it leaves the user’s browser to protect their data and privacy
Each submission is encrypted by a unique encryption key making it impossible to crack
Only the user themselves and the receiving end (the private database) can see the decrypted information
The receiving end resides on a server with the Australian Government’s PROTECTED certification
All email communications are processed on the receiving end through SSL security protocol
Reporting is managed by the receiving end with strict access control, including IP whitelisting and multi-factor authentication
The forms are easily customisable enabled by powerful logic and validation rules
The public-facing webform component is compatible with any webform created using the Webform module in Drupal 8 or higher, and compatible with GovCMS 8 or higher.
Key features of SecureCMS:
Compatible with Drupal 8, 9 and 10
Compatible with most major cloud platforms such as AWS and Azure
Public/private dual-site set up to eliminate unauthorised access to the CMS backend
All content changes are made to the private site and can be readily reviewed/approved by supervisors or your team
Changes are only pushed to the public site by users with publishing permission after changes reviewed/approved
Multi-site redundancy allows for rapid disaster recovery (a matter of minutes)
Splitting the public and private (edit) functions of the CMS ensures editing activities and public viewings do not interfere with or contend for server resources
The public site, with all login/write/edit functions disabled, is far less prone to hacking