Trust at the core: Elevating enterprise security and compliance with Contentful

Published on April 2, 2025

Elevating enterprise security and compliance

As digital landscapes evolve in the age of AI, security and compliance continue to rise in importance for enterprises as new and more sophisticated threats emerge.

At Contentful, we know building and sustaining trustworthy products is critical to our customers’ success. We are continuously and carefully refining our products to support our enterprise customers’ growing concerns and interest in advanced cybersecurity threat mitigation and prevention.

We are committed to securing all customer digital experiences. Through continuous discovery and delivery, we are also building solutions to solve the specific needs of enterprise customers. Our advanced security and compliance features are designed for scale and complex enterprise ecosystems.

This post introduces our latest enterprise-grade security solutions that are specifically designed to safeguard the sophisticated operations of larger enterprises with reliability and user-friendliness.

Security threats and risks on the rise

Minimizing the attack surface reduces vulnerabilities, threats, and risks, enhancing risk prevention, detection, response, and recovery. In 2023, the global average cost of a data breach reached $4.45M, a 15% increase over three years (IBM). This cost again increased by 10% to $4.88M in 2024 (IBM). With a 16% rise in application security attack surfaces, organizations faced 29,000 new vulnerabilities to defend against (Pragmatic Engineer).

Recent releases mitigate security risks

Achieving SOC 2 Type 1 Compliance

Contentful was already compliant with ISO 27001 and PCI DSS. Achieving SOC 2 Type 1 compliance further validates that Contentful has implemented strong security controls designed to protect customer data. But this is just the beginning, we are now actively working toward SOC 2 Type 2 compliance, which we anticipate achieving later this year.

At Contentful, compliance is more than just checking a box — it reflects our commitment to security best practices and maintaining customer trust. By achieving SOC 2 compliance, we provide our customers with the assurances that we continuously meet high standards for security, confidentiality, and availability.

For more details on how Contentful secures customer data, visit our security page. Here, you’ll find information about how we keep our platform reliable, how we protect customer data, how we secure our business and our code, and other security measures taken by Contentful. Customers can also review the Security Addendum for additional information pertaining to our services. 

Audit logs

Customers get better insight into how their platform is used for compliance, troubleshooting, and policy enforcement. With audit logs, organizations meet regulatory requirements and maintain strong governance.

Previously, customers had to rely on webhooks to capture and store audit events. Now, we offer audit logs as a native product functionality that eliminates the need to build and maintain a custom solution.

Admins can now receive audit event logs to see what happened on the platform, who did it, and when. Audit logs are securely transferred to your own Amazon S3 bucket or Azure Blob storage, from where you can import them into your preferred analysis and reporting tool. Read our Developer Documentation and the Changelog post.

Audit logs

Improved token management capabilities

We launched a suite of improvements around our Content Management API (CMA) token management capabilities, designed to empower token issuers and organization admins.

Issuers of tokens can now set expiration dates on their tokens and manage them more effectively. They have access to much more information about the tokens on the web app, which allows them to better manage them. Bulk revocation of tokens allows users to clean up their old and unused tokens with ease, keeping only the relevant tokens alive and in use.

For administrators, we now provide a detailed list of tokens within their organization, including ownership details, creation and expiration dates, and last-used dates. This visibility allows for quick action if a token is compromised, reducing the risk of security breaches. Check out our Changelog post.

Improved token management capabilities

Designated security contacts

To enhance our customers’ organizational readiness and ensure timely communication in the event of a potential security incident, administrators can now add their dedicated points of contact to receive security-related notifications from Contentful. While we will continue to notify organization owners, this feature allows customers to designate the most appropriate individuals to receive critical security updates. See the Changelog post.

Designated security contacts

Webhook request verification

This feature adds another layer of security to the communication between Contentful’s webhooks and customer applications. Request verification ensures that webhook requests are legitimate and not spoofed to protect sensitive information.

In the past, Contentful provided customers with secure webhooks, but has now given more control to customers to validate their secure webhooks connections. This works similarly to the existing app request verification feature.

Webhook request verification A

Customers sign and validate webhook requests with a secret key. We use Hash-based Message Authentication Code (HMAC), which is the most popular webhook authentication and message security method.

Webhook request verification BWebhook request verification C

Contentful also offers examples for how to compute and verify the request verification signatures in 11 programming languages. See an example for Node.js and examples for 10 other languages. Check out the Developer Documentation and the Changelog post.

Looking ahead

These security enhancements — from audit logs to improved token management, designated security contacts, and webhook request verification — reinforce our commitment to protecting your digital experiences with enterprise-grade solutions.

We are continuously innovating to stay ahead of emerging risks, ensuring enterprises can operate with confidence and resilience. In parallel, we remain focused on aligning with key industry standards and compliance frameworks to provide assurance through recognized certifications and attestations.

Stay tuned for more updates on upcoming security and compliance capabilities.

Call for customers: Join our research panel

We’d love your input on our discovery topics. Join the Contentful research panel to take part in our internal product development and research projects. Our Product team invites customers and partners to take part in new research initiatives that are relevant to their experiences. Fill out our short survey to join the panel and start the process.

Subscribe for updates

Build better digital experiences with Contentful updates direct to your inbox.

Meet the authors

Dan Gorman

Dan Gorman

Senior Product Manager

Contentful

Dan is a Senior Product Manager at Contentful, leading product security and internal engineering productivity charters. His teams help customers build trust with their end users through secure and compliant digital experiences. He supports internal Product Academy, inclusion, and climate initiatives. Dan is passionate about learning new things, traveling, and chess.

Malin Sofrone

Malin Sofrone

Product Manager

Contentful

Malin is a Product Manager at Contentful, leading the Platform Insights team in providing customers with greater visibility into their use of the platform. By delivering analytics, reporting, and governance capabilities, he helps organizations make data-driven decisions, optimize their usage, and ensure transparency. With over a decade of experience in B2B SaaS across mobile and web, Malin specializes in building insights-driven solutions that empower customers. Outside work, he enjoys cycling long distances, running, illustrating, and exploring psychology.

Dinesh Pushpavanam

Dinesh Pushpavanam

Senior Product Manager

Contentful

Dinesh Pushpavanam is a Senior Product Manager specializing in Identity and Access Management (IAM) at Contentful. With a strong background in product strategy and development, he brings deep expertise in authentication, security, and user experience to his work. Outside of work, Dinesh enjoys cooking, exploring new technologies, traveling, and reading.

Related articles

Seven ways the interplay between Contentful and Ninetailed can enhance your ability to deliver meaningful, personalized experiences across every touchpoint.
Insights

Better together: 7 benefits of using Contentful and Ninetailed

January 23, 2025

We've compiled some of the latest personalization statistics to help you get the most out of it in 2025 and beyond. Here's a selection of the most useful.
Insights

40 personalization statistics: The state of personalization in 2025 and beyond

January 22, 2025

Insights

7 omnichannel trends to watch in 2024: Boosting profit with seamless shopping experiences

March 14, 2024

Contentful Logo 2.5 Dark

Ready to start building?

Put everything you learned into action. Create and publish your content with Contentful — no credit card required.

Get started