Chris joins CTI from Oliver Agency where he most recently held the position of UK Group COO. Previously he was the UK Group MD of Oliver and MD of Dare, the digital arm within the Oliver network. He is also one of Campaign Magazine’s 40 over 40 top UK marketing professionals.

Effective 2 October, this strategic appointment marks a pivotal moment for CTI as it prepares for an exciting phase of growth. As part of the leadership transition, Chris will succeed Nick Rhind, who will assume the role of ‘Founder.’ In his new capacity, Nick will focus on mentoring the board and driving forward the extensive M&A initiatives scheduled for the group in 2024.

These changes come as part of a strategy to bolster the CTI leadership team as the business gears up for growth. This follows a multi-million pound investment from private equity firm LDC in March 2022.

Commenting on the appointment, Nick said: “CTI has grown substantially over the last 5 years and is now poised to expand further with the backing we have secured from LDC. It is therefore the right time to grow the strength and depth of our leadership team and I am delighted that Chris is joining us. His track record at Oliver speaks for itself and his softer skills as a leader are also second to none. Having Chris as part of the team will allow me to concentrate on our M&A activity that has become a significant focus for us as we grow capability to address broader client needs. Our goal is to consolidate our position as one of the UK’s leading and fastest growing end-to-end digital agencies.”

Chris adds: “I have loved my four years at Oliver. To have played a key role in an agency that routinely sees year-on-year organic growth of +25% is an incredible roller coaster ride. But now felt like the right time to take that experience and apply it in a different setting. The combination of working with private equity firm LDC and the CTI team was too good to miss. Six specialist businesses have already joined the group and further acquisitions will now follow. CTI is becoming a hive of creativity, expertly placed to support brands across the full breadth of their digital growth. We engineer rock-solid digital foundations, create effective campaign content and significantly optimise conversion at the other end. Too often agencies can only partially help brands in this space and the fact that we have strength in all areas under one roof is highly compelling, and can provide significant commercial advantage to our clients.”

Cloudflare Enterprise takes the core features present in their lower Pro and Business offerings and adds Enterprise-level features. In this article, I will explore some of the most interesting Cloudflare Enterprise features, valued by our Enterprise clients.

Cloudflare Enterprise Log Management

Cloudflare Enterprise offers log management functionality allowing users to collect, store, and analyse logs generated by their websites or applications. This feature is called Cloudflare Logs.

Cloudflare Logs works by ingesting logs generated by various Cloudflare services, including CDN, WAF, and Workers. These logs are then stored in a centralised location, where customers can access them for analysis and troubleshooting purposes. Logpush v2, part of Cloudflare Logs was released in mid-2020 and is capable of delivering logs in less than one minute with batches of up to 100,000 records per file, a larger dataset than previously. Enterprise clients can then use log ingestion software such as Dataset (formerly Scalyr) or Taegis XDR to monitor and report on security events relevant to their service.

The log ingestion process in Cloudflare Enterprise is highly customisable, allowing customers to configure which logs are collected, how frequently they are collected, and where they are stored. Customers can also use Cloudflare’s API to send logs to external storage services or log management platforms, such as Amazon S3, Google Cloud Storage, or Elasticsearch for ingestion.

One of the key benefits of Cloudflare Logs is that it provides real-time visibility into website and application traffic, security threats, and performance metrics. This allows customers to identify and respond to issues quickly, optimise their website or application for better performance, and gain insights into user behaviour.

Cloudflare Logs also provides several security features, such as access controls, encryption, and retention policies, to ensure that log data is secure and compliant with industry regulations.
Overall, Cloudflare Enterprise’s log management feature is a powerful tool for businesses looking to gain insights into their website or application traffic, troubleshoot issues, and improve performance and security.

Bot Analytics

Bots perform a necessary function for the major search engines crawling and detecting changes in your website so that search listings are relevant. However, there are many Bots out there for many different platforms and some Bots can have serious impacts on your website performance, particularly if you have a high traffic volume. Some Bots are also malicious, scraping web content, DDoS attacking sites or attempting to exploit known vulnerabilities.

Cloudflare Bot Analytics as part of Cloudflare Enterprise gives visibility of Bots accessing your website or application. Bots are automatically categorised and Cloudflare employs machine learning to distinguish between legitimate users and bots. Bot analytics gives proper insights into identified bots such as their country of origin, frequency of access and specific actions they attempt on your website.

With the full picture of the inbound Bot traffic to your website Cloudflare’s highly granular rules and policies can be implemented to block, or challenge suspicious bot activities as well as rate limit legitimate but overly aggressive bots.

With Cloudflare Enterprise, we can better understand the bot landscape for your application, identify potential threats, and proactively implement security measures to safeguard your online assets.

Bots can consume server resources, bandwidth, and impact website performance for legitimate visitors. Cloudflare Bot Analytics provides insights into the impact of bots on your infrastructure, allowing us to optimise resource allocation and improve overall performance. Using Cloudflare to identify and mitigate bot traffic, our team ensures a better user experience for your legitimate visitors.

China Network Access

Any organisation that has attempted to or researched launching and maintaining a web presence in China will know that the process is highly bureaucratic and time-consuming with many logistical considerations around website speed and hosting location. Cloudflare Enterprise allows organisations to utilise China Network Access (CNA) to have a web presence hosted inside China with much less consideration to the obstacles previously mentioned.

Cloudflare has partnered with native Chinese data centres to allow Cloudflare Enterprise clients to deliver their content to this high-growth market without having to work with multiple third parties and the Chinese authorities. Because Cloudflare CNA content is served from within China, Chinese users experience a low latency version of your website and performance is excellent.

China has strict internet censorship and external javascript and other restricted content is filtered by the country’s Great Firewall. As a result, most Western sites cannot be simply launched in China without significant code changes. China Network Access provides tools allowing websites to be optimised for accessibility in China to ensure your web presence is delivered correctly to Chinese audiences without disruption.

CNA also benefits from Cloudflare Enterprise DDoS protection capabilities to protect organisations from attacks which originate in China. As a leader in the 2021 Forrester Wave DDoS Mitigation Solutions report, Cloudflare DDoS protection is mature and has a strong reputation giving organisations peace of mind that their assets are protected from attack and the resulting consequences.

Compliance with Chinese Regulations is required for all websites servicing Chinese users. CNA is designed to meet these Compliance requirements by providing localised network infrastructure, data storage and adherence to Chinese internet regulations. Using the service will ensure that your application or website is aligned with China’s legal framework.

Hosting outside of China (for example in Australia) can still result in latency and poor performance when serving Chinese users. Organisations will be aware that reduced latency and improved performance lead to enhanced user satisfaction, increased engagement, and higher conversion rates. For any organisation serious about targeting Chinese customers the performance of CNA is a valuable part of your China strategy.

Data Processing & Compliance

In order to maintain compliance many organisations control where their data is stored and processed. This can pose issues when using global CDN platforms as many process information outside of the EU for example. In order to prevent this scenario we utilise Cloudflare Enterprise’s Data Localization suite for many of our European clients which facilitates control over where web data is stored and processed. It is possible to choose data residency locations from over 200 cities worldwide ensuring that data remains in specific regions in order to ensure compliance objectives are successfully met.

Traffic Steering is another feature which is part of Cloudflare’s Data Localization suite and compliments Data Residency preferences previously mentioned. Utilising this feature we can ensure that user requests are routed to datacentres in our preferred data processing locations. This gives control over where data is accessed and processed by end-users.

Cloudflare maintains a strong focus on compliance with various data protection regulations, such as the General Data Protection Regulation (GDPR). By adhering to these standards, utilising Cloudflare ensures that your data is processed in a manner that meets the relevant compliance requirements.

It is of course important for any specific feature and capabilities to be reviewed and understood as part of a data localisation strategy and we work closely with clients to advise and help them understand the specific features and capabilities offered by Cloudflare so that they can be implemented in line with legal and regulatory requirements.

Summary

Above are just some of the Enterprise level features that Cloudflare provides. Cloudflare Enterprise has a higher level of customisation and performance and as a Cloudflare partner, our team is experienced in onboarding clients onto this excellent web security platform. We can tailor a solution that meets your organisation’s specific security & compliance requirements, ensuring you have the peace of mind that critical web assets are protected and compliant. Contact us today to discuss your requirements.

With this extension, the Drupal Security Team will be making some adjustments to the level of support provided. It’s important to note that this will be the final extension, so it’s crucial to plan your migration strategy accordingly.

Changes to Drupal services for Drupal 7

As of 1 August 2023, Drupal.org will no longer package Drupal 7 distributions with Drush make files. However, you can still build distributions locally using Drush make.

Important Points to Consider Regarding the End of Life Extension for Drupal 7

To ensure a smooth transition, we want to highlight a few key points regarding the end of life extension for Drupal 7:

– Moderately critical Drupal 7 issues will receive reduced support, starting from 1 August 2023. The Drupal Security Team may publicly post such issues, as long as they are not mass-exploitable. This will not affect Drupal 9 or newer versions. If a security issue affects both Drupal 7 and a newer version, the Drupal 7 issue may be made public without a corresponding fix.

– After 1 August 2023, unsupported Drupal 7 module branches will no longer be eligible for new maintainership. If you rely on Drupal 7 modules, we strongly encourage you to adopt and support them proactively to ensure they’re doing well. The Drupal Security Team will not issue security advisories for any unsupported libraries that Drupal 7 contributed modules depend on, including CKEditor 4.

– Starting from 1 August 2023, Drupal 7 will no longer support PHP versions lower than 5.6. Drupal may provide further updates regarding the minimum PHP requirement before Drupal 7’s end of life.

– From 1 August 2023, security fixes for Drupal 7 Windows-only issues will no longer be provided. If you are running a Drupal 7 site on Windows, we recommend considering migrating to another operating system or hosting provider.

– Effective 1 August 2023, Drupal.org will no longer package Drupal 7 distributions with Drush make files. You can still build distributions locally using Drush make.

As we near the end of Drupal 7’s life cycle, it’s crucial to grasp the potential impact on your website.

Here’s what you need to know:

• The Drupal Security Team will no longer offer support or Security Advisories for Drupal 7 core and modules, which could lead to the public disclosure of security issues and zero-day vulnerabilities.
• Drupal.org will no longer provide assistance for Drupal 7-related tasks, including documentation navigation, automated testing, and packaging.
• Drupal 7-compatible releases on project pages will be labelled as unsupported.
• Due to changes in the Drupal.org infrastructure, certain Drush functionalities for Drupal 7 will no longer function.
• Drupal.org will discontinue file archive packaging (tar and zip files) for Drupal 7, with archives possibly being removed over time.
• No additional core commits will be made to Drupal core 7x, and downloadable package tarballs may no longer be available.
• External vulnerability scans will flag Drupal 7 as insecure.

If you’re currently maintaining a Drupal 7 site, we strongly advise initiating a migration to Drupal 10 before the end of life date. Our team of experts is available to assist you throughout the migration process, ensuring a smooth transition.

As a website owner, you must protect your site from potential threats and vulnerabilities.

One of the most common ways hackers gain access to a website is through poorly maintained or malicious plugins.

WordPress, being one of the most popular content management systems, has a vast repository of plugins that can help boost the functionality of your website. However, not all plugins are created equal, and some may contain malicious code that can compromise your site’s security.

This guide will walk you through ways to identify safe WordPress plugins that keep your website secure and performing well.

So, let’s dive in and learn how to safeguard your website with safe WordPress plugins.

Introduction to WordPress Plugins

WordPress plugins extend the functionality of your website.

Plugins are created by developers and can be downloaded and installed on your website. Developers from all over the world contribute to WordPress, mostly by creating plugins. With over 50,000 plugins available in the WordPress repository, you can easily find a plugin for almost any function you need on your website.

However, not all plugins are created equal. Some plugins can slow down your website, while others can even compromise your website’s security. Developers of all skills and experiences can create plugins and, without the right knowledge behind them, can inadvertently create poor plugins.

While we’d like to give everyone the benefit of the doubt, a small minority of creators are intentionally creating malicious plugins too. With that in mind, choosing safe and effective plugins is essential to ensure your website runs smoothly and remains secure.

Importance of Choosing Safe and Effective Plugins

While plugins can be beneficial to your website, choosing safe and effective plugins is crucial for maintaining your website’s security and performance.

Using unreliable plugins can lead to several issues for your website. For instance, a poorly coded plugin can cause your website to crash, leading to a loss of traffic and revenue.

Additionally, plugins with security vulnerabilities can be exploited by hackers, leading to data breaches and other cybersecurity threats. Hackers can use this access to steal sensitive information, inject malware, or even take control of your website. It’s essential, therefore, to choose reputable plugins that are regularly updated to address any security concerns and mitigate these risks.

The Impact of Plugins on Website Performance

The performance of your website is crucial to its success. Slow loading times and other performance issues can cause visitors to leave your website, leading to a loss of traffic and revenue.

Plugins can have a significant part to play in performance, with some poorly coded plugins slowing down your website. Here are a few ways plugins can affect website performance:

• Increased Page Load Times – Each plugin adds extra code to your website, which can increase the size of your pages and slow down the loading times. This can negatively impact user experience and SEO.

• Server Resource Usage – Some plugins may require more server resources to run, which can slow down your website or cause it to crash. This can be a problem, especially for websites with high traffic.

• Plugin Conflicts – In some cases, two or more plugins may conflict with each other, causing your website to crash or perform poorly. This can be challenging to troubleshoot and fix.

The Role of Plugin Updates in Website Security

Using outdated plugins can expose your website to security threats, making it essential to update them regularly.

Plugin updates often include security patches that address known vulnerabilities. If plugins aren’t updated, your website can be at risk of cyber attacks. Hackers can exploit these vulnerabilities to access your website, steal sensitive data, or inject malicious code.

Updates can also improve plugin compatibility with your website’s theme and other plugins. This can prevent conflicts that can cause errors or even crashes, which can negatively affect user experience and SEO.

Your website can be kept up-to-date with the latest web standards and technologies from plugin updates. This can improve website performance, speed, and user experience.

Updates may also include new features or functionality that can improve your website’s functionality, user experience, or SEO.

To ensure website security, it’s essential to update your plugins regularly. You should also ensure that you only use plugins from reputable developers who update their plugins regularly and frequently monitor your website’s security for any signs of malicious activity. Additionally, it’s recommended to back up your website regularly to minimise the impact of any security breaches.

Evaluating Plugin Reviews and Ratings

Plugin reviews and ratings are an excellent way to determine the effectiveness of a plugin.
Here are some steps you can take to evaluate WordPress plugins:

Plugin Reviews: You can find reviews and ratings on the WordPress plugin repository or other third-party websites. it’s essential to read both positive and negative reviews to get a complete picture of the plugin’s performance and security.

Identify plugin statistics: Check the plugin’s rating, number of downloads, and user feedback on the WordPress Plugin Directory or other trusted sources. A high rating, a large volume of downloads, and positive feedback indicate a safer plugin that should perform well on your website.

Review the Plugin Update Frequency: Check the frequency of plugin updates. Regular updates are a good sign that the developer is actively maintaining the plugin and addressing any issues or vulnerabilities.

Examine the Developer’s Reputation: Check the developer’s reputation and experience. Look for information about the developer’s security, reliability, and support track record. Check the developer’s website, social media profiles, or other online forums for information about the developer’s experience and reputation.

Test the Plugin on a Staging Site: Before installing a new plugin on your live website, test it on a staging site to check for any compatibility issues or conflicts with other plugins.
While we appreciate that not everyone has access to this, it’s worth asking your technical team or agency to do it on your behalf.

Check the Plugin Code Quality: Check the code quality of the plugin to ensure it’s well-written, optimised, and follows WordPress coding standards. Poorly coded plugins can negatively affect website performance and security. Again, this is probably a task for a technical team.

Evaluate the Plugin’s Features: Evaluate the plugin’s features to ensure they align with your website’s needs. Too many plugins or unnecessary features can slow down your website and negatively impact user experience.

By taking these steps to evaluate WordPress plugins, you can choose secure and performant plugins for your website. If ever in doubt, your technical team or agency will be able to support you.

Checking Plugin Compatibility with Your WordPress Version

WordPress is continuously updated to improve its performance and security. Some plugins may not be compatible with the latest version of WordPress, leading to issues.

Checking plugin compatibility with your WordPress version is essential for several reasons.

New versions of WordPress often introduce changes to the core code, which can affect how plugins work. If a plugin is not compatible with the latest version of WordPress, it can cause conflicts or even crashes, which can negatively affect your website’s performance and user experience.

Using outdated plugins on your website can make it vulnerable to cyber-attacks. Plugin developers regularly update their plugins to ensure they are secure and compatible with the latest version of WordPress. Using an outdated plugin can make it more vulnerable to security breaches.

Plugins that are not optimised for the latest version of WordPress can slow down your website, which can affect SEO and user experience.

Incompatible plugins can also destabilise your website, leading to unexpected behaviour or even crashes. This can negatively affect your website’s reputation and user experience.

By checking plugin compatibility with your WordPress version, you can ensure that the plugins you use are up-to-date, secure, and optimised for performance. This can help you maintain a stable, secure, fast website with a positive user experience.

Safe and effective WordPress plugins are key to success

Plugins are a great way to extend the functionality of a WordPress website, but choosing safe and effective WordPress plugins is crucial to the success of your website. By following the tips outlined in this blog, you can ensure that the plugins you choose are optimised for performance, security, and compatibility.

Remember always to research the plugin developer’s reputation, read reviews and ratings, and opt for a well-used plugin to ensure that the one you choose is safe and effective.

Looking to keep your WordPress site secure and performing well? Read our blog, 7 Ways to Keep Your WordPress Site Performing

Its popularity is attributed to its flexibility, ease of use, and extensive ecosystem of themes and plugins, allowing users to customise their website to their exact specifications and users’ requirements.

However, with great popularity comes great responsibility.

WordPress websites are often targeted by hackers and malicious people looking to exploit vulnerabilities and gain access to sensitive information.

In this blog, we’ll explore the benefits of WordPress from a security and hosting perspective.

Security

One of the biggest concerns with any website is security.

WordPress websites are particularly vulnerable to attacks due to their popularity, and many users don’t take the necessary precautions to secure their website.

However, with the proper security measures in place, WordPress can be just as secure as any other CMS.

Updates

One of the simplest but most effective ways to keep your WordPress website secure is to keep it up to date. WordPress regularly releases updates that address security vulnerabilities and bugs.

Being an open-source CMS, a massive community of developers work together to contribute to the CMS to improve it from a security and performance perspective.

It’s essential to keep your website and all its plugins and themes up to date to protect you against known vulnerabilities.

Important note: always update with caution. Ask your technical team or agency to do the updates, as certain updates can meddle with custom plugins.

Password Management

Another simple but effective security measure is password management.

Password management includes using strong passwords, changing them regularly, and not reusing them across multiple accounts.

WordPress also has built-in password strength tools and two-factor authentication (2FA) options that can help protect your website from unauthorised access.

For more information on 2FA, please read our blog on two-factor authentication vs multi-factor authentication.

User Auditing

It’s good practice for all sites, not just WordPress, to audit your admin users regularly.

There are several checks you should perform:

• Are your admins using two-factor authentication as a minimum?
• Are their permissions correct for their role? E.g. not giving admin access if not required.
• Is there anyone who has a user who should be removed? E.g. old staff members who no longer work for you.

Security Plugins

WordPress has a vast directory of security plugins that can help protect your website from attacks. Security plugins can scan your website for vulnerabilities, block malicious IPs, and add additional layers of security to your login process. Some we’d recommend looking into include:

WordFence Security

WordFence Security is a highly dependable security plugin for WordPress that offers comprehensive protection. It features an endpoint firewall and malware scanner designed to safeguard WordPress websites. The plugin thoroughly scans your site’s core files, themes, and plugins for any signs of malware, bad URLs, backdoors, SEO spam, malicious redirects, or code injections. Additionally, it provides the option to enable 2-factor authentication and prevent administrators from logging in with compromised passwords.

Inactive Logout

The Inactive Logout plugin safeguards your WordPress users’ sessions from prying eyes and curious onlookers. With it, you can establish a timeframe for automatically closing user sessions following an idle period. Once installed, you can set the timeout idle time, and the plugin will begin functioning.

Disable XML-RPC

The file xmlrpc.php in WordPress has been susceptible to a particular attack, previously referred to as an XML-RPC pingback vulnerability and now recognised as a Brute Force Amplification Attack.

Essentially, XML-RPC permits different internet platforms to communicate with one another, and the file xmlrpc.php in WordPress facilitates the transmission and processing of data by external applications.

While some plugins like Jetpack or the WordPress app for iPhone and Android rely on this file to interact with your site, if you don’t utilise this feature, you can disable this access to protect against brute force attacks using the disable XML-RPC plugin.

While these are five do-it-yourself options for improved security on your WordPress site, if you manage a larger, enterprise-level WordPress site, there are additional actions you can take to secure your site. However, these would need to be performed by an experienced developer as they are individual to your site requirements rather than something a plugin can produce.

Activity Log

While Activity Log doesn’t protect your site directly. It does, however, enable you to monitor and track your WordPress website activity. You can find out exactly who does what on your WordPress website.

Whether you want to find out when a post was published and by whom or if a plugin/theme was activated or deactivated, Activity Log will record the action.

It also goes one step further and can log if someone is trying to hack your site and will log suspicious admin activity.

Hosting

The hosting provider you choose can also significantly impact the security of your WordPress website. The hosting side of WordPress can bring additional security benefits, which we’ve explored below:

Managed Hosting

Managed WordPress hosting is a type of hosting specifically designed for WordPress websites. Managed hosting covers all the technical details, such as updates, backups, and security, so you can focus on running your website. Managed hosting often offers additional security measures such as firewalls, malware scanning, and DDoS protection.

Performance

Hosting performance can also impact the security of your website. Slow loading times can make your website vulnerable to DDoS attacks and other security threats. WordPress hosting providers often optimise their servers for WordPress, resulting in faster load times and better performance.

Cloudflare

Cloudflare, a content delivery network (CDN) and security platform, can help improve the performance and security of a WordPress website through its suite of services. 

By leveraging its global network of data centres, Cloudflare can cache static content, optim

ise resources, and distribute traffic across multiple servers, resulting in faster load times and improved user experience. 

Additionally, Cloudflare offers advanced security features such as DDoS protection, web application firewall, SSL/TLS encryption, and bot protection services that can help protect the WordPress website from malicious traffic and attacks. 

By utilising Cloudflare, WordPress website owners can ensure that their website is fast, reliable, and secure for their users.

Backup and Recovery

Regular backups ensure your website can be quickly restored after a security breach or other disaster. WordPress hosting providers often offer automatic backups and restoration services, so you don’t have to worry about losing your website data.

Scalability

As your website grows, you may need to scale up your hosting to handle increased traffic and demand. WordPress hosting providers often offer scalable solutions that can grow with your website. This can help ensure your website remains secure and stable even as your traffic and user base increase.

With Great Power Comes Great Responsibility

WordPress is a powerful CMS that offers many customisation options and features. However, with great power comes great responsibility. 

To ensure that your WordPress website is secure, it’s essential to take the necessary security measures, such as keeping it up to date, using strong passwords, and installing security plugins. 

Choosing the right hosting provider can also have a significant impact on the security of your website. Managed WordPress hosting providers offer additional security measures and can help ensure your website remains secure and stable even as your traffic and user base increase.

Looking for a WordPress hosting provider to keep your website secure and performing well? Contact our team today to discuss your requirements.

Once the application is created, however, there’s still the issue of providing the application to its intended audience with priority on performance, security and resilience. In many cases, there’s some wrangling with hosting infrastructure to ensure it matches up with the requirements of the application. Once this is resolved, there’s the need to create a code deployment pipeline to the infrastructure, which again can involve complexities.

Historically Docker hosting solutions required a substantial amount of server management expertise, requiring in-house server administration experience to ensure smooth running, proper patching, provisioning and scaling.

This is where AWS Fargate steps in.

AWS Fargate is a serverless Docker hosting platform which not only substantially simplifies the deployment of Docker images to production infrastructure but also improves performance, enhances security and provides cost-effective enterprise hosting.

We work with UK agencies as an AWS infrastructure specialist, and for many Docker-focused workflows, a managed Fargate solution can be a great fit and substantially reduce the time it takes an application to go from development to staging and onto production. Some of the benefits of a Fargate Docker hosting solution are as follows:

Easy Deployments
There are a variety of ways to deploy your Docker application to AWS Fargate. One method is to use AWS CodeBuild to build a Docker image which is then sent to AWS ECR. Builds can be set to automatically trigger based on event hooks in GitHub. Although this sounds fairly complex, in reality, these are relatively simple steps and once configured the deployment pipeline is in place for the long term making future deployments to staging and production environments as simple as doing a push to your application repository.

Simplified Infrastructure Management
Our systems administrators are able to manage tasks such as server provisioning, patching and scaling by utilising AWS Fargate tools, significantly reducing the server management overhead required to host Docker containers. Agencies no longer need to have production docker hosting expertise in-house to ensure their hosted docker containers perform, scale as required and are properly patched.

The result is a vastly reduced total cost of ownership of developing in and hosting Docker containers.

Improved Performance
AWS Fargate provides improved performance compared to traditional Docker container hosting. Fargate can use the latest Graviton 2 hardware and leading network technology to run containers, providing customers with the fastest and most efficient environment for their Docker containers.

This improved performance can result in faster application response times and improved user experiences.

Enhanced Security
AWS Fargate also provides enhanced security compared to traditional Docker container hosting. It includes all the standard AWS security features our team uses on a daily basis when managing AWS infrastructure.

Services such as VPCs, security groups, and IAM policies can all be used, with Fargate providing excellent AWS security features as standard.

Additionally, Fargate also provides automatic security updates, further enhancing the security of hosted Docker containers.

Cost-Effective
With Fargate, customers only pay for the resources they use, including CPU and memory. Scaling limits can be set as required to control costs and then charges are based on resource utilisation within those limits. This usually means a low-traffic application can be hosted in a very cost-effective way. Additionally, Fargate all but eliminates the need for server management and maintenance, which reduces the overall cost of managed Fargate hosting solutions.

Integration with Other AWS Services
Seamless integration with other AWS services provides customers with a complete solution for their Docker container needs. With Fargate, customers can take advantage of AWS services such as Amazon S3, Amazon RDS, and Amazon SNS, among others. The ability to use services such as Amazon’s Relational Database Service with the clustering and scalability features of AWS Fargate Docker hosting means the potential and scale of the platform are virtually limitless, determined by client requirements, not infrastructure limits.

AWS Fargate is undoubtedly a powerful and versatile solution for hosting Docker containers. With its simplified Docker application deployments, infrastructure management, improved performance, enhanced security, cost-effectiveness and integration with other AWS services. Fargate’s ability to automate much of the infrastructure management, along with its flexibility and scalability, makes it a popular choice for many organisations looking to deploy container-based applications in the cloud. No matter the size of your agency, AWS Fargate provides the necessary tools and capabilities to help you manage and scale your container-based workloads with ease.

Our managed AWS Fargate hosting is the ideal solution for Docker-focused agencies looking to work with an AWS infrastructure specialist so that they can focus on their applications. Get in touch with your Docker hosting requirements to learn more about what we can offer.

Drupal 10, slated to release in December 2022, comes loaded with exciting new features. Notable changes include implementing an automated update system, replacing some jQuery uses with vanilla JavaScript in core, upgrading third-party dependencies (CKEditor 5, Symphony version 6, PHP 8.1), and removing some core modules like HAL, QuickEdit, Aggregator, RDF, and Activity Tracker. These upgrades will improve website performance and provide a strong user experience.

Improved Back-end Performance

One of the biggest changes in Drupal 10, from Drupal 9, is the upgrade of the Symfony PHP framework. Symfony 6, the new framework on the block, removes a lot of old deprecated code. Whilst that means there’s a need to update modules and temes that use dated Symfony APIs, it also means that websites will be able to take advantage of the latest framework improvements. Coupled with the newest release of PHP, PHP 8.2, back-end performance should create a much speedier user experience for all the content creators, website managers and admins.

In addition to PHP and Symfony, class autoloading has been included in Drupal 10. Autoloading is how PHP finds classes within the code and their corresponding files automatically with no manual intervention. This will improve performance by loading less files and classes as it only loads what you need.

A further performance related benefit of Drupal 10 is increased caching. Caching allows you to reuse previously retrieved or computed data as it holds on to this information rather than finding and loading it each time it’s needed. Caching helps to improve content availability and page loading speeds for website visitors by reducing network congestion.

Front-end Performance Enhancements

Talking about the old kid’s on the block, Drupal is working towards removing jQuery – something frontend developers have embraced since the late 2000s. jQuery enabled many to tackle javascript without feeling intimidated and did more with fewer lines of code.

After nearly 2 decades, Javascript has caught up and incorporates most of jQuery’s features within itself. Removing jQuery means that a lot of the hard work jQuery was once doing, is now being done within Javascript but with much more efficiency.

jQuery hasn’t fully been removed from Drupal 10, this is still in progress. Drupal’s core team is working towards the removal of easy-to-remove jQuery plugins as a priority before having a complete clear out of jQuery code.

The use of native Javascript over jQuery will mean we’ll start to see some improvements to front-end performance.

Safe and Secure

With every upgrade comes an improvement to security and Drupal 10 is no exception. One of the most significant changes is the addition of a new security report which identifies potential security vulnerabilities on your website to help you prioritise fixes on weak spots.

Other security enhancements include password salting and hashing for more secure password storage and a new setting that works to protect against clickjacking attacks.

As part of the CTI Group here at Nublue, we know that your website is critical, and we take the responsibility of hosting it seriously. Together with our Drupal partner agency, cti digital, we pride ourselves in offering high-quality Drupal web solutions, including development, hosting, and proactive support management for your Drupal CMS website. We are trusted by ambitious brands and businesses across the UK – Get in touch to learn more about our Drupal services.

While two-factor authentication (2FA) is becoming increasingly popular, some may not feel this is enough to protect their business or their customers’ data. That’s where multi-factor authentication (MFA) comes in, but what is the difference between them?

We’ll explore what 2FA and MFA is and their differences to enable you to make an informed decision about what’s right for your organisation.

What is two-factor authentication (2FA)?

2FA, which is sometimes referred to as 2-step verification, requires 1 additional authentication of your identity. In most cases, this extra layer is in the form of a unique code you must submit which is sent via SMS, a push notification to your phone or from a relevant authentication app.

What is multi-factor authentication (MFA)?

MFA goes beyond 2FA. It requires a user to present 2 or more pieces of evidence to verify their identity. It doesn’t remove the age old practice of a username and password instead, it builds upon this.

There are 3 common types of authentication which are used to verify users:

1. Knowledge (Something you know) – a password or an answer to a question which is personal to you.
2. Possession (Something you have) – a security key, a token or unique code.
3. Inherence (Something you are) – Most commonly, this is a unique biometric identifier such as a fingerprint, voice recognition or facial recognition. An alternative, more complex version of this, is behavioural characteristics. How we hold and use things varies significantly from person to person and can be a telltale sign of who’s using the phone, tablet or computer. Behavioural patterns can be found in how we type (keystrokes), how we use a mouse or how we hold and interact with a phone or tablet.

According to Microsoft, MFA blocks 99.9% of attacks on user accounts making it a remarkably effective way to stay safe.

What are the costs of multi-factor authentication (MFA)?

While we can’t give precise costs for MFA as each set of factors and technologies will vary for each organisation and therefore so will cost. What we can give is an indication of where costs may be incurred for MFA. The essential areas are:

• Implementation: These costs include the purchase and implementation/adoption of the technology. This will include any configuration costs and fees for cloud based identity and access management systems that are required. Some set-ups will use tokens or USB keys which have additional costs attached to them along with complexity of distributing said token or keys; however, this practice is less common nowadays.

• Maintenance: As with any system or platform, they will require updates, patches, configuration management services and monitoring for security and compliance issues. This cost can be either internal resource costs or support from a third party provider.

• Training and Onboarding: New systems require training, onboarding and integration. Users will need their identity connecting to the new authentication system and formal training and documentation created on how to use it.

Another consideration is whether you require an on-site solution or whether it’s purely digital for cloud based services. For the latter, your investment will be dramatically reduced in comparison to that of an on-site system.

Multi-factor authentication (MFA) in the workplace

In a post-Covid world, the workplace is constantly evolving and adapting. Organisations need advanced security solutions to manage complex access needs with remote and flexible working. Enter Adaptive MFA.

Adaptive MFA, as the name suggests, adapts to the user’s current situation. It evaluates the risk of a user when they request access by looking at information such as their device and location for context.

For example, if a team member logs on to a business system from within the office, on the office network, they are in a trusted location and may not require additional authentication. However, the same team member then requests access while walking around town on his mobile, or is on an unsecured wifi network, they would need additional levels of authentication to verify themselves because they’re using an untrusted location, device or connection.

Adaptive MFA doesn’t just apply to whether a user is utilising a trusted device or connection. It can also be used to limit the information an employee can gain access to. Some organisations need different levels of security clearance for access to certain data. Adaptive MFA would allow different levels of authentication for different grades of sensitive data.

Is multi-factor authentication (MFA) worth it?

There’s no denying that the more layers of security you have in place the less likely it is that you’ll succumb to an attack. McAfee reported that global cybercrime costs businesses roughly $1 trillion annually, it feels like a no-brainer to work towards MFA.

Really, this question comes down to what kind of data you hold within your organisation and what kind of impact, both long and short term, a cyber attack would have.

What is definitive is that cyber attacks are becoming increasingly common and sophisticated. MFA can mitigate a number of attacks including phishing or database hacks.

While MFA is a significant investment especially in the current economic climate, it quickly provides a solid return by preventing breaches where you have sensitive data to protect or a threat of attack has a huge financial impact.

Security goes beyond your users’ login details, for secure hosting options to keep your site locked down from cybercriminals get in touch with our team.

The Prolific North Tech Awards celebrates the industry’s best and brightest. The live ceremony took place at the iconic Hilton Manchester Deansgate on October 27 2022 alongside the industry’s best innovators and leaders.

Nick Rhind, CEO at CTI Group, said:

“We’re honoured to win two prestigious awards, Medium Tech Company of the Year and Tech Team of the Year, in two highly competitive categories. To win these awards is incredible recognition for our people who go above and beyond empowering clients and increasing their profitability by harnessing innovation.”

“Our people are what set us apart, and by fostering a culture of personal development, we deliver digital excellence, commitment and incredible results for our clients.”

cti digital – Medium Tech Company of the Year 

cti digital was awarded Medium Tech Company of the Year for its people-first approach while showcasing remarkable growth and performance. cti digital delivers real impact for its clients, people and community by providing value beyond services through long-lasting relationships and supporting businesses and in-house tech teams to grow and thrive.

Steve Gale, CCO at cti digital, said:

“We’re delighted to win Medium Tech Company of the Year. To win this award is a true testament to our people’s hard work and commitment to delivering exceptional digital solutions for our clients and their customers.”

Nublue – Tech Team of the Year

Our hosting experts, Nublue, was awarded Tech Team of the Year for the second year in a row. In the last 12 months, the Nublue team has successfully delivered major hosting infrastructure projects for the British Council, the Department of Health & Social Care, and Visit Britain – and commencing an ambitious re-platform to cloud and prioritising sustainable, green hosting for its clients.

Tom Ashworth, Hosting Director at Nublue, said:

“We’re incredibly proud to win this award for the second year running. This award is valuable recognition for our team’s hard work while remaining a pioneer in web hosting and a trusted technology partner to our clients.”

These awards are the latest in a series of award wins from within the CTI Group. Earlier this month, brand and creative powerhouse, Mosquito, won an impressive  five awards at the Digital Impact Awards 2022 for its campaign projects with clients, Astonish, Vileda and Horlicks.
You can find the full list of this year’s winners and category nominees on the Prolific North website.

What is The Green Web Foundation?

The Green Web Foundation started in 2006 as a database about the types of energy that powers the Internet. Now they are a leading way for organisations and businesses to determine how green their hosting infrastructure and provider is and provide proof for their green claims. Their key goal is to drive the transition to a green, fossil-free internet by 2030.

By hosting with a Green Web Foundation member, such as Nublue, clients are reducing the environmental impact of their business. To communicate this to users, clients can display a certified badge as a sign that their website or application is hosted on green hosting.

Additionally, The Green Web Foundation has created a Green Web Check tool, which all Nublue cloud hosted sites will now pass.

What we had to do to become a partner

The Green Web Foundation has a set of guidelines each web hosting company must meet to become a certified partner. First, we provided details of our cloud hosting infrastructure for an independent audit. They then assessed the type of energy our hosting infrastructure use to determine our status.
The majority of our infrastructure was powered by renewable energy already. To ensure fully carbon neutral hosting, we partnered with Ecologi to offset any remaining carbon emissions. These come from a single piece of infrastructure located outside of the UK as this data centre doesn’t offset its own carbon yet.

Nublue’s AWS Cloud hosting services are hosted in London data centres as standard, all of which use renewable energy and also offset carbon. We actively have a preference for data centres in Europe and globally that use renewable energy and offset carbon.

In some very rare scenarios where due to geographic location it isn’t possible to provide infrastructure accounting for fossil energy, we utilise our partner Ecologi to offset carbon emissions at a ratio of 4:1.

We are a proud member of the Green Web Foundation and share their vision for a Fossil Free Internet by 2030.

Tom Ashworth, Hosting Director at Nublue

What this partnership means for our services & product

Most businesses have a set of sustainability objectives in mind, as do we. We want to verify that our own practices are as environmentally friendly as possible while helping our clients reach their goals too.

As an official Green Web Foundation green hosting provider, we hold their independent certification as proof of our status. This not only holds us accountable in the future but also acts as a way of backing up our green claims.

By hosting with Nublue, you’re reducing the carbon footprint of our own and our client’s websites by as much as 88% when compared to traditional enterprise data centres. 

Get in touch with our expert team to speak about our renewable energy-powered hosting services today.