This topic describes security considerations related to unauthorized access to the editing and administration user interfaces of Optimizely CMS, when running the Optimizely Digital Experience Platform (DXP).
Optimizely CMS provides access for multiple editors to work with content across sites in a collaborative manner, using devices of their choice. This may, in some instances, raise concerns about unauthorized access to the editing and administration interfaces of Optimizely CMS.
Security and privacy are built into both the Optimizely platform, and the Azure cloud services upon which the Optimizely DXP is based. Any feature that Optimizely develops must meet the highest quality standards, including Security measures.
Consider the following additional precautions to prevent unauthorized access:
- Ensure that the connection is secure, use a SSL server test tool to verify.
- Use federated authorization to a trusted authority to secure editor identities.
- Use a Web Application Firewall (WAF) to protect against threats such as DDOS.
- Run penetration tests regularly, use a Web security scanning tool.
See Decoupled setup if you are running a solution with physical separation of servers.
Last updated: Nov 01, 2017