Content Management Systems (CMS) have been a boon to businesses and managing data. However, it is easy to underestimate the security risks that come with CMS.
I spoke with Tony Byrne, founder of CMS Watch, who told me that the dynamic content of CMS adds an extra security burden. When your site begins to accept user-generated content, there is a greater risk of security and privacy being compromised.
The controls you apply to outbound content should be considered for inbound content, Byrne explained to me.
In terms of Web site threats, CMS security is an issue. All software is theoretically vulnerable, Byrne said, but static HTML tends to keep that vulnerability lower. But because most CMS work in a dynamic situation, the site is more exposed to potential dangers.
Byrne's organization advises technology buyers to make sure there are enterprise requirements involving security for the CMS and that patches are downloaded on a regular basis.
He also recommended companies avoid using open source software on the CMS, especially on any user-generated content, when possible. Open source software is downloaded thousands of times a month, meaning more people have access to the code, increasing the risk that hackers will break it. While purchased commercial software can also be hacked, it is available to fewer people and is, on the whole, safer to use.