CiviCRM Security for the Long-Term September 1, 2022 by admin Thinking in: CRM/AMS Your technology systems are comprised of many different software components, each with their own expected upgrade cadence. These updates can be about adding new features or functionality, but often it’s more straightforward than that: Updates are released to address serious security risks! That means falling behind on updates is a risky proposition; even if things continue to function well on the surface, the likelihood of your server being attacked, hacked, and compromised will be substantially elevated as time passes. Whether you do them yourself or you have a consultant who manages them for your organization, it’s important to plan for these regular updates, or “security releases,” in CiviCRM. When you think through how your organization will manage its security updates, consideration for the long-term is the key. Set yourself up for success by answering the following questions now, so you can plan for ongoing protection of your CiviCRM system. What is the capacity for you/your staff to manage this process? And/or what’s your budget with a consulting partner?How long does it take to implement the security release?How often do you want to be doing a security release?What will your capacity be as you grow? Why the ESR? We at BackOffice have been at the forefront of advocating for CiviCRM Extended Security Releases (ESR) vs. the standard monthly releases. When we talk to nonprofits about the questions above, their answers clearly point to needing updates that provide top level security with minimal disruption to their website and calendars (This is especially true for those CiviCRM setups with multiple integrations and larger databases.) A lot of our Proactive Support clients have found the ESR process to be very manageable, and so do we. It keeps costs down because we don’t have to be in your Civi account as often, and the time between updates also allows for more stability. If you’ve ever done a security update on a more complicated CiviCRM, you’ve probably come up against some compatibility issue or other problem that needed to be fixed along the way — on the ESR plan, you apply updates less frequently, and you run less risk of instability. Does ESR work with Drupal 9 and WordPress? Yes! In managing our clients’ websites, we have found the ESRs work well with both Drupal and WordPress installations. Even upgrading to Drupal 9, which is a pretty big version change for your website (and might make you think the ESR would be more complicated), has proceeded without a hitch — the ESR works great with Drupal 9 just as it does with previous versions. Security releases are a requirement for a healthy CiviCRM. If you think in terms of what’s most manageable for the long-term, we think you’ll see the ESR is the best solution for maintaining the health of your system. We strive to make sure nonprofits don’t have to do more work than necessary and get the full protection of security updates. That’s why we always recommend the ESR to our clients. As always, we are happy to manage security updates for your organization, if we aren’t already. You are welcome to send an email to support or contact us to learn more. Share via: Facebook Twitter LinkedIn
