Skip to main content
Previous post All posts Next post
Banner image

Security and Workflow for Enterprise CMS

min read

Anthony Garone - Director of Technology
Anthony Garone
Enterprise CMS IV

Whoo lard! We are a couple thousand words into this series and it feels like we’re just getting started. Can you believe it’s the fourth part of this thing? You’re doing great and are so much fun to hang with. High five!

New here? No problem. Get up to speed on parts one, two, and three of this series — or jump right into part four now.

Today’s topics are the final two of our six factors for choosing an enterprise web content management system [EWCMS, or for the sake of simplicity, CMS]: security and workflow.

Six Factors enterprise cms IV


One major benefit of enterprise software is the level of investment made by vendors to ensure best practices in security. This is not to say that non-enterprise software is insecure, but when there’s big money from big companies who face big penalties over big security breaches, security is a much higher priority than other features.

WordPress, for example, is absolutely the most popular CMS on the web and is absolutely the biggest target for hackers. I personally have suffered from WordPress hackers/bots wiping out sites and corrupting data in personal and professional contexts. I now regularly recommend third-party WordPress hosting services (e.g. WP Engine) that emphasize security in their sales materials.

And don’t go blaming WordPress for getting hacked (not that you’re the blaming type, of course). All web-connected software is susceptible to hacking. Popular software attracts hackers because exploits have much higher public visibility and can gain hackers some notoriety, or even financial reward via blackmail. For years, Apple has been dealing with “jailbreaking” scripts on their iOS devices and they generally have super-secure software.

Here at meltmedia, we have partnered with Acquia for Drupal hosting because they offer the best and most secure hosting and operational services for Drupal. The guy who invented Drupal is their Chief Technology Officer and they are fully dedicated to offering a whole suite of enterprise-level services around Drupal. 

If you’re looking at Drupal, WordPress, or another CMS, especially with a third-party hosting service, make sure you look closely at  their security practices during your research and buying process. 

If you have anyone in the IT department with “security” in their job title at your company, bring them along to any of these conversations and make sure they have a say in the decision-making around choosing a CMS. If you don’t have a security person, then either hire us (heyo!) or give your most senior developer the time to research security concerns related to the CMS.

Here’s some of the stuff you’ll want to ask about:

  • How are usernames and passwords protected?
  • What database technology is used for the CMS and how is data secured?
  • Has this CMS been related to any recent security breaches? If so, what security gaps have been resolved since then?
  • What are the maintenance practices being followed to ensure firmware, hardware, and software are regularly updated?
  • What compliance practices are followed (if you have concerns about PCI compliance or PII)?.

There are plenty more concerns and questions to ask. has a pretty exhaustive list


The bigger your company, the more hoops you’ve gotta jump through to get content updated on your site. Minor content updates usually require someone authoritative saying, “We need to update the website.” Then a request is made to a copywriter, then someone from marketing needs to review it, then approval is needed from the content requester, then the content is updated on the non-production server, then someone (with proper access!) reviews the content and says there should be an image to accompany the content, then someone is searching for images, then then then... It’s a fact of life that website updates have multiple stakeholders with different responsibilities.

A good CMS allows for sophisticated workflows to be documented, tracked, shifted, branched, chewed, digested, and ridiculed. As painful as workflows can be, they can totally save your butt if something goes sideways. If the wrong thing gets on the website, you need to know exactly how that happened so you can fix the problem and train the right people, especially when it comes to any sort of violation of regulatory compliance. Workflows are lifesavers and have their own lifecycles that need to be designed, managed, and maintained.

Even if you personally aren’t a major part of any website workflows (yes, there can be multiple workflows for different content types or different content areas), you need to be aware that workflows are absolutely critical to the functioning of your CMS. 

Big websites have third-party digital agencies as part of the content and site creation workflows. Big websites have multiple implementations with different environments (dev, QA, integration, pre-production/staging, and production) with different deployment workflows. Big websites have lots of assets (documents, images, media) that change over time. And CMS-based websites are fluid, with lots of people with various levels of access to different parts/functions of the site.

So with all that complexity, you’ve gotta have workflow management. You might even need a full-time content workflow expert on staff just to manage all of it! Workflows can be so critical to the functioning of a CMS implementation that you want to ensure you have the right level of investment in them. Depending on the CMS, there can be multiple ways to implement and manage workflows. As you get to making decisions on workflows, experiment and get some demos whenever you can.

A good workflow can be the difference between your CMS being a gift from the heavens or being a money-sucking pandora’s box sent from the deepest depths of hell.

What’s next?

You’ve read a lot. Hopefully you’ve learned a lot and are now armed with some useful information that will lead to an informed decision about an enterprise web CMS. The thing is, understanding the six factors to this point is just the beginning. Stay tuned for another post that wraps everything up in one handy place.

There’s always more to say about each of the six factors, too. Please don’t hesitate to reach out to us if you have any questions

See you in the next one!