top of page
Writer's pictureCraft Compliance

7 Steps To Website Security Worth Bragging About



Customers are increasingly concerned about the security of the products they use. In a 2018 survey, Pew Research reported that 79% of consumers were concerned with how their data was being used and 81% of consumers indicated that the potential risks of bad privacy practices outweighed the benefits of the relevant service/product.


That means, if you aren’t planning good security from the very start, you are likely losing

customers… and money.


Here is one step you can take toward build security that will attract more customers:


Secure the Architecture


Modern applications often utilize many components. There is the traditional web server and database, of course. But, sometimes, there are also backend servers, file storage systems, API endpoints, web application firewalls, load balancers, and administrative interfaces.


Organizing these many components in a secure way takes planning and foresight. Some things to keep in mind are:


Limit exposure to the Internet.


Ideally, you only want your website itself open to the Internet. All other

components should only be accessible by administrators on a secure connection.


Plan to expand.


It can be tempting to take quick shortcuts to simply make everything work, but

shortcuts often come at the cost of long-term growth. Do a favor to your future

self and always keep the long-term architecture in mind.


Plan for redundancy and failover.


Depending on your size, you might not be ready for a completely redundant site

just to save fifteen minutes of downtime. However, like with planning to expand,

you want to at least consider how you could failover in the event of a future

problem in order to keep your website online.


Implement Least Access.


Your server needs to communicate with your database to retrieve data, but your

firewall should only be communicating with your web server. Use network rules

and internal firewalls to limit access from different systems to the bare minimum.

That way, if there is a security problem in one system, it limits the potential

exposure of your overall architecture.


Looking for more ways to step up your security?


27 views0 comments

Comments


bottom of page