Adobe Business Catalyst Security
As an Adobe Business Catalyst partner, we get asked about the security of both e-commerce and non-ecommerce websites using this cloud web content management system (WCMS). To provide the highest level of security, and to avoid things like the Heartbleed security bug, Adobe leverages the Tier 1 data center security of Amazon and attest to PCI DSS compliance – i.e. does not store sensitive credit card information. Read more below about the security of Adobe Business Catalyst.
Amazon Data Center
All Adobe Business Catalyst websites are hosted by Amazon Web Services (AWS). AWS’s world-class, highly secure data centers utilize state-of-the art
electronic surveillance and multi-factor access control systems. Data
centers are staffed 24×7 by trained security guards, and access is
authorized strictly on a least privileged basis. Environmental systems
are designed to minimize the impact of disruptions to operations. And
multiple geographic regions and Availability Zones allow you to remain
resilient in the face of most failure modes, including natural disasters
or system failures. Click here for more on AWS their security.
PCI DSS Compliance
Long story short, Adobe Business Catalyst does not store entire credit card numbers, expiration dates or CVV codes and thus is compliant with
the Payment Card Industry’s Data Security Standard (PCI DSS). They are instead passed directly to the payment gateway, such as Authorize.Net. Business Catalyst does store the last four digits of a credit card, which are are displayed in the admin interface only when you’re connected via a secure https:// connection and you look at the order payment information.
Compliance is self-assessed, so Adobe annually commissions a third-party, Fishnet Security in 2014, to conduct an objective assessment. Contact us if you’d like to see the Adobe Business Catalyst Attestation of Compliance for 2014.
Being a cloud-based web CMS means that security updates are made almost weekly and typically rolled out on a Sunday night so that all Adobe Business Catalyst websites are updated come Monday morning. Any problems that occur are proactively monitored and communicated to developers and users here on their Business Catalyst Status website.