Optimizely Content Management System (CMS) provides access for multiple editors to work with content across sites in a collaborative manner, using devices of their choice. This may, in some instances, raise concerns about unauthorized access to the editing and administration interfaces of CMS.
Security and privacy are built into both the CMS platform, and the Azure cloud services upon which the Optimizely Digital Experience Platform (DXP) is based. Any feature that CMS develops must meet the highest quality standards, including [Security](🔗) measures.
Consider the following additional precautions to prevent unauthorized access:
Ensure that the **connection is secure**, use a SSL server test tool to verify.
Use **federated authorization** to a trusted authority to secure editor identities.
Use a **Web Application Firewall (WAF)** to protect against threats such as DDOS.
Run **penetration tests** regularly, use a web security scanning tool.
See [Decoupled setup](🔗) if you are running a solution with physical separation of servers.