Like a burglar alarm, proper security is often only considered after it’s too late. Enterprise Class systems consider both infrastructure and application security
as an integral part of design. In general, all communication on the infrastructure side, no matter how small, must be made over secure connections; SSL/TLS. Furthermore, it is essential that all data/content be encrypted not only when in transit but also while at rest using strong encryption algorithms; AES-256.
From an application perspective and especially for SaaS based applications, it is important to ensure there are options for strong password validation, as well as two factor authentication. Beyond application access, Enterprise Class CMS systems employ sophisticated Roles Based Security allowing administrators to create complex roles that permit or restrict access to every feature or functions available in the system. Those features or functions are not simply “greyed out”. They are entirely invisible to the restricted user.
Finally, it is important to consider that Enterprise Class CMS systems will likely be managed by many individuals, including some that may not have management privileges. Certain users may only be permitted to upload content to the media library, while publishing that content for playback on a specific display may require approval by an administrator or senior manager. Furthermore, individual content templates may follow strict branding guidelines which are “locked down” after final approval, yet they may permit for a specific region of the template to be managed by a local manager without the risk of affecting any other content already assigned or the template itself.
A well designed Enterprise Class CMS handles both workflow security, as well as the security associated with content design easily.