Hand in Hand for Secure Websites – Making the Internet Safer
Open source CMS communities like TYPO3 are working with the eco Association to improve security for commercial and private websites, reports Markus Schaffrin from eco.
If you don’t keep an eye on the security of your websites, you run the risk of opening the door to cyber criminals. They are constantly on the lookout for security vulnerabilities with the aim of getting into the system through the back door. To counteract this, eco – Association of the Internet Industry and the open source CMS communities have been working closely together for years. The TYPO3 Association and the eco Association have enjoyed cross-membership since 2014 and the two associations interact regularly. Building on this, eco and the TYPO3 Association are now intensifying their relationship and collaborating on mutually important topics, such as IT security.
With more than 1,100 member companies, eco is the largest Internet industry association in Europe, and IT security has been a focus of its work since its foundation in 1995. IT security is a basic prerequisite for the further digitalization of our living and working environments, which is why we have been working for more than a decade on improving the security of company websites. This already began in 2010 with our then security initiative, botfrei, which was aimed at pointing out the dangers of poorly protected CMS and at helping to close corresponding vulnerabilities.
A plus for CMS security
In 2013, the eco Association intensified its security efforts and founded the Initiative-S. In this project, eco also developed scan tools that could provide reliable statements about the security of individual websites. Here, we found a process to check the security of websites and, if necessary, to provide tips for more security. As a result, the security of commercial and private sites improved considerably.
With the support of the German Federal Ministry for Economic Affairs and Energy (BMWi), eco developed the free service that scanned company websites for malware. The initiative also provided help with cleanup and protection against new attacks.
In the following years, eco intensified its cooperation with the CMS community. In order to create more security for TYPO3, WordPress, Joomla!, Drupal, and many other Open Source CMS, the people responsible interacted directly. To this end, they met in the Competence Groups Security and Abuse at eco, for example, to take advantage of the opportunities for the direct and informal exchange of experience and ideas.
Working together to strengthen website security
“eco, with its collaborative mindset, has been very helpful in bringing different stakeholders to the table,” says David Jardin of CMS Garden, an association of CMS open source communities. All parties involved benefited from greater know-how and more best practices regarding the best possible configurations. Recommendations were jointly developed, for example, regarding the optimal system management and for different usage scenarios. “Hand in hand with CMS and the eco association, we have helped connect the open source communities with industry partners and advance the issue of security.”
The next big step came in 2017 with SIWECOS, as a successor to Initiative-S. SIWECOS stands for Secure Websites and Content Management Systems. The project was implemented by the eco Association in cooperation with CMS Garden, the Ruhr University Bochum, and other partners, and was funded by the German Federal Ministry for Economic Affairs and Energy (BMWi) as part of the “IT Security in Business” initiative. The basic premise behind the project was that many small and medium-sized enterprises aren’t even aware that the software behind their website has security vulnerabilities. SIWECOS could check the security of a website in just seconds.
SIWECOS provides daily safety reports
After entering a website address on www.siwecos.de, it takes just a few seconds for the scanners to provide results on security aspects – with categories color-coded in green, yellow, and red. Registered users also receive detailed information about their website and are informed immediately in the event of incidents.
If security vulnerabilities are found, then administrators can close them. This is particularly important for online data protection. If websites are insecure, there is a risk that cyber criminals will be able to extract personal data. If companies have demonstrably neglected their online security, authorities can even impose heavy fines.
Today, CMS is safer than ever – a result of the successful cooperation of all parties involved. The collaboration with the open source communities and TYPO3 nicely demonstrates how all parties benefit when they sit down at the table to pursue a common goal. The collaboration of CMS communities under the umbrella of eco and CMS Garden has made the Internet safer.
As Head of Member Services at eco, the largest association of the Internet industry in Europe, Markus Schaffrin is responsible for the care of over 1,100 member companies from 70 different countries. The computer scientist has been a part of the IT world since the very beginning of the Internet, and has more than 20 years’ experience in computer science and project management.
He has worked for the eco Association for more than 15 years, and together with his team he oversees the specialist work of the ten Competence Groups, and the organization of around 100 events per year. Schaffrin is also Head of the eco Cyber Security Services, and as an expert in IT security, is a regular guest on radio and television, as well as at many congresses and conferences.