Acquia announced that it is renewing its founding partnership support of the Drupal Steward Program, a web application firewall introduced by the Drupal Association and operated jointly with the Drupal Security team.
Acquia implemented Drupal Steward protection across its entire Drupal Cloud platform, protecting thousands of the world’s largest sites with the most up-to-date security and vulnerability fixes.
Acquia’s participation in this program affords seamless, immediate protection to customers by routing their websites’ domains to Drupal Steward, which automatically filters requests through the firewall. Malicious requests are blocked, giving IT teams the time they need to test and implement security updates on their own timelines. For instance, in November 2020, Drupal Steward implemented protection against a critical remote code execution vulnerability, immediately protecting Acquia’s customers.
“We’re pleased to be a part of this novel program to address always-evolving security risks,” said Robert Former, Chief Information Security Officer at Acquia.
“Our customers understand that if there’s a critical security vulnerability, they’ll be the first to benefit from enterprise-level support working with Acquia through Drupal Steward. Participation in Drupal Steward is a core part of Acquia’s overarching commitment to deliver the most secure solution for hosting enterprise Drupal applications.”
Acquia’s continued commitment to Drupal Steward also provides resources that enable the Drupal Association to open the program to users of open source Drupal at affordable prices.
“Without the support of a founding partner like Acquia, we would never have been able to expand the program to our new community tier, which makes Drupal Steward accessible to every site, big or small,” said Drupal Association CTO Tim Lehnen.
“I am especially grateful that Acquia goes above and beyond, sponsoring several members of the Drupal security team who collectively keep our project safe. Drupal Steward customers can rest easy, knowing they no longer have to be on red alert or pay staff overtime to be on call. Instead, they can schedule testing and implementation of security updates on their own timelines.”