Housekeeping for PaaS Customers

Platform as a Service (PaaS) customers are responsible for managing their own Drupal distribution. This includes updates, security patching, auditing user accounts and ensuring your website is safe and secure.  

 

We understand managing your own website requires a lot of work, so the team here at GovCMS put together a checklist to make it easier. 

1. Security patching: It is essential to protect your website from bugs or flaws. We highly recommend completing regular security patching to keep your website safe and secure. 
2. Update modules: The GovCMS distribution is always being updated and new modules being added. We encourage you to keep your website up to date by monitoring for updates, security advisories and patching. 
3. Other major updates: Being a PaaS customer means you need to complete your own upgrades. There are no automated upgrade paths for PaaS customers. Keeping up to date with the GovCMS distro, core releases, monitoring for regular advice from Drupal (including end of life of some functionality) will keep your website healthy.
4. Auditing user accounts: Maintaining and updating user access is a crucial part of running your website. As part of the GovCMS shared responsibility model, you are required to regularly monitor who has access to build, publish and maintain content on your website. As per the Essential 8, two factor authentication (TFA) should be accepted as being best practice security. You can find out more on our Keep accounts up to date GovCMS BETA page. 

GovCMS will be flagging with PaaS customers any items that may be out of date. An example of this is the end of life of PHP 7.4 and a move to PHP 8.1. If you have not updated PHP and are a GovCMS PaaS customer we will be following up via the GovCMS Service Desk. If you are unsure of how to update your website, please reach out to your Development Partners and if still in doubt, the GovCMS Service Desk.