Welcome back to the second post into the world of Content Management Systems (CMS). In our previous discussion, I talked about some technical features he fundamental aspects that lay the foundation for selecting the perfect CMS and enabling Flexibility, Customization and Multi-language.
Ai generated image
Today, we continue our journey, aiming to unravel additional critical criteria that should be at the forefront of your decision-making process and therefore I want to start touching the security aspect. To do that, I need to introduce two main kind of CMS: open-source and close-source.
The Open Source, means that the code is available for everyone and a community of users can participate in fixing bugs and / or keep it updated. The close type consists on having the programs not visible and “covered” behind companies that will maintain, update and keep improving, without a shared community, in a proprietary way.
I dwell into both advantages and disadvantages:
Open-Source
Popular CMS platforms are often more targeted by attackers because compromising them provides access to a larger number of websites. The source code is available to everyone and if the initial creator of the company goes bankrupt, the code remains available as well as further updates and improvements.
According to a research published last year for the National College of Irland WordPress is the most widely used content management system (CMS), with 455 million websites supported and a 60.3% market share. 92% of the vulnerabilities found in the WordPress-powered websites are due to the third-party plugins and programming errors.
WordPress, being the most widely used CMS, is obviously frequently targeted. However, popular CMSs also benefit from large communities that actively work on security improvements.
To make sure that these continuous improvements actually arrive also to your website, the system uses updates. They can be small or large. WordPress makes updates all the times, especially affecting the functionalities of Plugins. Drupal has updates less frequently but normally larger and more comprehensive. The effectiveness of the update mechanism plays a crucial role in the overall security of a CMS.
CMS platforms with automatic updates or robust update notifications make it easier for users to stay current with security patches. Downsize: each update requires adjustments in the code and in the backend, which requires programming and thus costs. Some of the large update I experienced to be quite costly (in the 5 digits) and they are mandatory and often difficult to predict how expensive they will be.
Proprietary
In the proprietary type it would be much more complicated to access the source software and thus crack it. But the downside for this kind of CMS is surely that the company is fully in charge and you are totally depending to the quality of the programming and the speed of fixing any errors.
Second it could cost much more, as the company provider of the system can decide to increase the prices once you started with them to just perform updates and you have to accept it.
The advantages of a proprietary CMS is the complete control of the source code by the creator. If you don’t want the source code tampered with, this is the alternative to choose.
Another advantage ist that the integration with other platforms and systems is probably more seamless as both working on the latest version and most accurate version of the system. Proprietary CMS platforms often provide integrated solutions that are designed to work seamlessly together. This can lead to a more cohesive and efficient user experience, as the various components are developed and optimized by the same team.
The best example is Adobe, that offers all kind of other Solutions into the Adobe Experience Platform.
Screenshot from Adobe Pitch Presentation
I have never used Adobe in particular, but I did see what is capable of in one company and I was really impressed. They managed a huge integration of different e-commerce and websites, all controlled centrally and accessing the same digital assets. It would be interesting to learn if they also integrated Marketing Engagement and how that worked, especially considering the limitations or absence of GDPR prerogatives in many American Software companies.
My experience in general is that such huge mega platforms are in theory great and surely on the long run very efficient and robust. But it takes much longer to implement everything until it works, align all the data-set, create the right structure and retrieve all the necessary data that it might discourage and / or limit the Realisation after all. Not to mention the time and commitment to train all the people working with it.
Conclusion
if you are not a super digital expert and you don’t want to invest huge amount of time to implement and learn how to manage a complex CMS, go for the Open Source. Also if you are not sure about the partner and you might want to keep the options open and being able to change along the way.
If you are ready to embrace the challenge and really take the most of an integrated platforms and also you have the company back you up, then go for the close-source. Also for a security point of view, if companies treat very sensible and high risk data / products, that would be also advisable.
The Diary of a digital Journey 
Leave a comment