/Security

Security: Responsibility is shared

Security isn’t just about preventing attacks—it’s about building trust,  protecting revenue,

and  strengthening your brand. 

Clients who are security-aware want to work with agencies that

take security seriously and demonstrate a commitment to keeping their websites safe

And, for those clients who are less security-aware: you can help them understand why they should care about security, educate them on what they can do to protect themselves, and build trust along the way.

Duda has your back

To that end, consider your choice to use Duda as part of the value you’re bringing to your clients. 


Neither you nor your client have to worry about constantly updating 3rd-party themes or plugins to protect yourself — Duda’s comprehensive approach ensures the integrity of the platform and verifies the security of apps within our app store to give you peace of mind.


That said, like we mentioned in the beginning, security requires awareness and action from many sources to be truly effective. 

Shared Security Model

You can think of these relationships like layers: each layer involves different people or technology that all need to be operating with security in mind to minimize risk and prevent cyber threats.

  • Duda's core infrastructure

    Duda is responsible for the overall security of the platform. We use security frameworks, processes and tools to achieve a high-level of security. 


    Processes include: 

    • employee security-awareness through regular training
    • SDLC (Secure software Development Lifetime Cycle) - segregation of duties, patch management, etc.
    • Tools to establish strict access control, monitor platform's health, and to identify intrusion attempts and/or abusive behavior

  • 3rd-party software providers

    Like most SaaS providers, Duda uses other SaaS vendors to support the platform's development and extend site capabilities.


     It is Duda's responsibility to verify and monitor the overall security and organizational maturity of those vendors.


    Duda's app partners — like the apps found in Duda's app store — are reviewed to ensure they, too, are meeting security standards. 


    This 3rd-party group also includes other vendors that are not found in the app store like Zapier, form providers, map providers, etc.



  • Site builders (i.e., YOU)

    Here we're referring to you! Duda's users who build and maintain a portfolio of websites for clients.


    • You are responsible for securing your own accounts, managing users' access, and to managing permissions. 

    • You also have a responsibility to ensure that sensitive features—such as custom code-blocks—are implemented securely. 

    More on your responsibilities later...

  • Site owners (i.e. your clients)

    Here we're referring to the business that owns the website. They, too, have a responsibility to ensure their people are security-aware, and their processes were built with security in mind.


    This is especially important for business that engage with customer data via ecommerce transations. Data like this is considered Personally Identifiable Information (PII) and requires special protection.

In the next several lessons, we'll take a look at each of these levels. We’ll start from the inside, taking a look at the measures Duda has in place, then work our way outwards to highlight good security practices for everyone.