Compliance and security for multi-site digital experiences

Website security is a difficult, constant challenge that requires vigilance and constant oversight. News headlines routinely report data breaches and cyberattacks, which underscores the need for organisations to prioritise risk management and security practices, particularly for digital brand sites and experiences.

Websites are a crucial channel that enable the customer brand experience but, for many organisations, this leads to numerous sites, each with potentially different features, functionality, design and content, often representing different brands, regions or markets. Digital site architecture and governance is now a top priority; all these digital content assets need to be not only secure and stable, but also compliant to wide-ranging brand compliance and market-specific regulations. This is a huge management challenge.

Multiple sites, multiple risks

Most global organisations have many sites and are likely running multiple CMS (content management systems) to support them. Different teams, both in-house and agencies, are also involved in the process. As the sites grow, both in scope and number, organisations often lose the oversight needed to implement change, manage, secure and govern these sites. The more platforms used by an organisation to manage digital platforms, the more resources needed to maintain them. Because each CMS is likely to be different, this can also mean that some of those resources are unnecessarily spent on supporting outdated technology rather than building and deploying new sites.

By using a multi-site platform and a new delivery and governance approach, organisations can consolidate their websites into a common core content system, allowing them to build reusable modules, themes and templates, thus improving consistency and deployment time. A central management platform also puts governance back into the hands of the IT digital platform team, allowing them to set a governance centre to create and manage group-wide workflow, security control and site policy. A governance centre can also become the centre of excellence for how to develop and deliver brand and content experiences.

Security breaches pose reputational risk for organisations and individuals alike. As public facing channels connect to so many systems, such as billing, orders, payments and analytics, websites are exposed to all sorts of attacks. Strong CMS platform security locks down access to other parts of the organisation, as well as securing the platform itself.

IT governance versus digital experience governance

There is often a disconnect between IT governance and digital experience governance. Organisations often find it hard to balance controlling workflow and permissions with spot-on branding, identity, and content. However, having multiple platforms to meet these requires numerous bug fixes, security scans and updates, making these sites vulnerable. Using a multi-site governance platform means that organisations can manage all types of compliance from one common place, yet still meet the specific regulatory requirements of different regions or sectors. Businesses no longer have to choose between the IT governance and digital experience governance; they can achieve both.

The core component of a multi-site delivery and governance platform is a secure and centrally-governed content codebase. This codebase gives the IT department control over the uniformity of the implementations, including the modules and themes, across all sites deployed from the platform. Central management dashboards provide visibility and reporting into each site and its permissions.

Increasingly, large IT digital organisations are adopting a multi-site platform approach to ensure better flexibility, security and governance.

One of the world’s largest biopharmaceutical companies wanted to move its digital properties onto a shared platform, whilst still supporting individual brands or markets. One of its biggest requirements was that it could only deploy content after a rigorous review process, to guarantee it always met all regulatory requirements before going live. This had been complex previously, given the number of sites and CMS in play. A multi-site platform has allowed it to set policy for workflow, create templates and plugins; facilitating security testing across all the sites deployed from the platform.

Warner Music is another great example of this. As a major global record company, it had more than 300 sites across a number of different labels, products, events and locations. Many of these sites had been built on different technologies and platforms. Warner migrated all these sites over to a common platform. Now Warner can personalise, secure, host and manage all their sites using a common, consistent approach.

Trust with creativity

Poor multi-site management can slow down marketers’ ability to respond to external and internal demands to develop new digital experiences. A trusted multi-site platform approach enables brand owners to focus on developing those all-important experiences instead of worrying about sites being secure. The platform makes it trusted. Themes will most likely be developed around brand owners’ specific needs, allowing sites to be built and deployed more quickly. Marketers are then free to focus on critical parts of their role, such as content.

A successful multi-site delivery and governance platform is all about balancing flexibility and scalability with security and compliance. IT teams need to be able to launch new sites quickly without worrying about those sites being vulnerable. By mitigating these security risks, brands can once again focus on the content and experience that keep customers coming back.

Martyn Eley, VP EMEA at Acquia