As a Software-as-a-Service product, available to our customers 24/7/365 while delivering new features frequently, Sitefinity Digital Experience Cloud (DEC) must keep its promises.
In today’s world we are forced to use many, many instruments (software, apps, etc.) to achieve our business goals and achieve them fast, right away. We don’t question our necessities to do so anymore as we know that if we don’t do it, if we are not competitive enough, then our business loses ground exponentially, and we fall behind our competitors before we can even comprehend what happened. So, we don’t question the necessity and rightfully so. But think about that: Does that mean you should automatically trust any given service out there, in the cloud, trust that it will keep you safe, and your website, your data, etc.? Why would you trust a microservices oriented product, hosted in the cloud, operating on your website, handling tons of data on your behalf? What would be your trust criteria?
Well, with Progress Sitefinity DEC we offer you two simple promises to consider.
Availability: We strive for high availability and the best way to prove it is by sharing actual results, The actual measured availability of the DEC services in the last year was as high as 99.98%.
Security: We will keep our components free of malicious code while continually delivering you new features. Seamlessly.
Sitefinity DEC components are under constant monitoring from multiple locations around the world to ensure global availability. Those locations are also deployment-region-aware, so as to guarantee that a given component instance is available from the relevant geographical region. Here’s a sample list:
Performance indicators of Sitefinity DEC components are under constant monitoring too. To ensure our product’s operation is within the desired thresholds, we have a live update on what’s happening at any given DEC component, in any region, as we speak. Furthermore, should an operational threshold break our infrastructure will auto scale due to the relevant performance monitoring alarm that has been triggered.
Thorough functional tests are executed regularly towards the production environment in all regions to ensure the system is not only available but also capable of executing all its features.
We follow the best practices in Continuous Delivery (CD), which simultaneously allow us to bring new features into production frequently as well as enforce our high standards on any code changes that qualify for promotion. Furthermore, our CD processes (among others in the company) have been audited according to the rigorous SOC 2 framework.
We practice test driven development, thus our list of automated tests grows with each new feature.
Any code changes to Sitefinity DEC components get automatically scanned against a comprehensive database of security flaws, which is maintained by Veracode.
Development of Sitefinity DEC components follows the well-known GitFlow repository branching model, and accepting new features in the production branch can only happen through a Pull Request which in turn has a mandatory code review policy (among others).
Communication with Sitefinity DEC components is only allowed on TLS and all data is stored encrypted.
Application lifecycle management of Sitefinity DEC is performed according to high standards and it is safe to expect that those will only get better, as each year all processes get continually re-audited according to the SOC 2 framework. We know that each of the thousands of customers using Sitefinity is entrusting us with their website and their data, so keeping our promises to you of high availability and robust security is essential to what we do.
I hope this post has given you insight into how we do this. You can learn more about the security features built into Sitefinity here.
Ross is a DevOps Transformation Leader at Progress, overseeing Sitefinity cloud offerings. Community speaker and certified trainer. ALM ranger. Strong interests in cutting edge science and technology.
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
Copyright © 2019 Progress Software Corporation and/or its subsidiaries or affiliates.All Rights Reserved.
Progress, Telerik, Ipswitch, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.