[KEYNOTE] The future of security in the decoupled CMS landscape

Protecting our users and their data has always been one of the most critical prerogatives for both traditional content management systems (CMS) and their younger counterparts. But now that CMS architectures are evolving rapidly and encompass other open-source projects that have nothing to do with content management, issues of security are coming back to the fore, both from the standpoint of new delivery mechanisms for content and from the perspective of expectations for CMS security.


In decoupled Drupal and headless WordPress implementations, for instance, as well as those in Contentful, Prismic, and others, the CMS becomes yet another point of failure and potential vector for attackers. After all, decoupling your CMS does nothing to alleviate the fact that Drupal and WordPress vulnerabilities continue to surface at an alarming rate due to the penetration of both CMSs in the wider market. Though JavaScript frameworks have seen incredible innovation in terms of how they handle security, the fundamentals of how CMSs handle security have not changed in many years.


As a result, many organizations are seeking alternative ways to secure their content and their user data in decoupled CMS architectures. In this keynote, we'll explore some of these ideas, how they figure in the future of security in an increasingly decoupled world, and how you can leverage these solutions to secure your own stacks. Whether it means firewalling your CMS entirely, leveraging a static site generator such as Gatsby, or simply adhering to a decoupled-ready security policy, how we secure our CMS architectures is changing — both for the better and for the worse.


In this session we'll cover:


  • How web security is evolving in our services-oriented world

  • Implications of security in the decoupled CMS landscape

  • Securing decoupled Drupal and headless WordPress

  • Present day: JavaScript consumers of decoupled CMSs

  • The JAMstack and secure static sites with Gatsby and others

  • Firewalling your CMS: Formerly last resort, now a compelling option

  • Epilogue: How serverless security will change everything