Organizations using Drupal technology are in a sticky situation yet again.
With Drupal 6 already at the end of its life, long-term support (LTS) for Drupal 7 isn’t likely to last beyond Q4 2020. As a result, Drupal is encouraging users to “migrate” to Drupal 8.
But for brands sizing up the task of surviving and thriving in the IoT era — while scrambling to manage data in line with the GDPR and simultaneously protecting it from cyber attack — the arduous digital journey that is Drupal 8 migration couldn’t have come at a worse time.
Unsurprisingly, those same brands are all asking themselves the very same question:
Isn’t there another way?
The Migration Model: A Persistent Dilemma For Drupal Users
The internet is filled with Drupal migration horror stories, and each one follows a similar narrative. An organization gets comfortable with their Drupal-powered web presence — but only until Drupal announces that a new version of their software is available, and that the days of long-term support for previous versions is numbered.
The result is that Drupal users get left to fend for themselves every few years. Sure, there are services and tools that you can use to help ease the burden, but it’s never a smooth or speedy ride task. Unfortunately, Drupal expects its users to bend over backwards in order to keep up with the evolution of its software — whereas the rest of the enterprise WCMS market does the opposite.
In just a few short years, Drupal 8 will also be old news, and the cycle will repeat itself yet again. But until then, here’s why migrating to Drupal 8 will be particularly painful.
Why Migrating To Drupal 8 Is Particularly Difficult
If your organization has been in the Drupal universe for any significant amount of time, you may have migrated from one Drupal version to another before — but this time, you’re in for a real ride.
Firstly, you’re going to have to ask yourself (or your IT department) the following questions:
- How can we migrate to Drupal 8 while preserving our existing data, and whilst remaining GDPR compliant?
- Will migrating to Drupal 8 break any of our website’s existing features?
- Will migrating to Drupal 8 break any of our integrations with third-party software?
- Will our core Drupal modules work as they always have?
- What about our contributed and custom Drupal modules?
- Will our Drupal theme function correctly?
The reality is, there is no cut-and-dry answer for any of the questions laid out above. But we’ve taken a stab at explaining the intricacies for the sake of sizing up the magnitude of the task known as Drupal 8 migration.
Adjusting To The Symfony Framework
Drupal 8 has a brand spanking new Symfony framework, which sounds great at first — until you realize that a new framework entails an even more complex migration process. That’s because the framework between Drupal 8 and both Drupal 6 and 7 is totally different, leading to some daunting questions that we’ve been hearing from brands in sticky Drupal situations, such as:
- Can we migrate Core Drupal modules?
- Can we migrate custom Drupal module?
- Can we migrate our Drupal 6 or 7 theme to Drupal 8?
The following three sections outline the major challenges when migrating core Drupal modules, migrating Custom modules and migrating your Drupal Theme.
Migrating Core Drupal Modules
Core Drupal modules are core functions which come with every default Drupal installation. Every organization that uses Drupal utilizes some (if not all) of its core features.
Even though the major change that was introduced in Drupal 8 is the introduction of the Symfony framework which changes Drupal’s functionality, it does not change the underlying structure of the data to adapt to the new framework.
Migrating to a new framework without changing the underlying data will lead to numerous problems. As a result, the data structure will have to be manually changed to fit in with the new framework. This will be a costly pain if you don’t know how to do this.
In addition, Drupal has now integrated several of its core features that had once required separate modules to its core framework. The new core modules of Drupal include CK Editor, Views and Entity. Drupal 6 or 7 users who have previously never used these modules before and relied on alternative custom modules will no doubt encounter a number of issues, as described in the next section.
Migrating Custom Drupal Modules
For brands using custom Drupal modules, we have some bad news. There are no Drupal 8 versions of custom modules for you to download. Meaning, any custom Drupal 6 or 7 module will be deemed incompatible giving users no choice but to find an alternative module.
Not only is this a huge inconvenience, but the time users spend trying to find a similar module could be wasted if no alternative is available. This could leave brands no choice but to hire a developer to create the custom module that works in Drupal 8.
Even though Acquia and PreviousNext collaborated together to create a module to aide Drupal 8 migration called Drupal Module Upgrader, it is not a one-solution-to-fix-all-problems module. The module may find and attempt to correct outdated code, but that’s not always the case.
If it is not able to fix the outdated code, the module will provide a webpage to resolve the issue. This is not what Drupal users would like to see.
Migrating Your Drupal Theme
If you want to migrate your Drupal 6 or 7 theme to Drupal 8, then the short answer is, you can’t. The introduction of the secure rendering engine, called TWIG, means existing Drupal 6 or 7 themes will not port directly to Drupal 8.
And to make things even worse, there is no module that is available to update existing Drupal 6 or 7 themes to become compatible with Drupal 8. It is a painstaking process to manually upgrade existing themes and may require assistance from an outside developer. The cheaper alternative is to find a theme that is already compatible with Drupal 8, but this could mean redesigning an entire brand to make it consistent with the new theme.
...Wait A Sec, Is Drupal 8 Even Up To Scratch?
Let’s put the troubles of Drupal 8 migration aside for just a moment and examine a more pertinent question: is Drupal 8 even ready for 2018 and beyond?
Aside from the aforementioned migration flaws that have become ingrained into Drupal’s ethos, here are a few reasons why Drupal 8 isn’t the smartest move for any brand looking to safeguard their data, stay GDPR compliant and remain agile enough to succeed in the IoT era.
High Barrier To Entry
Drupal isn’t easy to use, no matter what version you use. It has a steep learning curve and requires special care that involves long-term support and maintenance. And Drupal has it own special hosting requirements.
With Drupal 8, it looks like we are going further in this direction. In fact, maintenance and special hosting requirements have become more complex. In the past, you may have been able to get away without using Redis, SOLR, Varnish and Drupal-optimized hosting in Drupal 6 or 7. But with Drupal 8, brands will need to be a lot more proactive in maintaining the system. That means, you will be spending A significant amount time in making sure your Drupal 8 site is working.
Drupal, like most open source CMSs, has a long history of security blunders. But recently, things have looked pretty insecure indeed.
In March 2018, Drupal released an emergency security patch to address a major vulnerability that it identified in multiple subsystems of its software. Dubbed as “Drupalgeddon 2,” the flaw enabled hackers to attack Drupal-powered websites in numerous ways. The makers of Drupal forewarned their users of this vulnerability and announced the aforementioned patch will be made available to them. Drupal highlighted the importance of implementing this patch and warned failure to do so will lead to hackers accessing their data.
Even though the makers of Drupal did the right thing in warning their users of the potential threat and gave them a heads up to look out for the emergency security patch, this actually backfired. Drupal ended up getting a lot of unwanted attention (memes, social media posts etc.) which overwhelmed their project’s servers and made it harder for Drupal to publish and deploy their patches and provide further information.
Drupal is still reeling from the news that, in May 2018, more than 400 big-name Drupal-powered sites were cryptojacked (hijacked for the sake of cryptocurrency mining). Notable sites were affected, including those belonging to:
- San Diego Zoo
- University of California
- US National Labor Relations Board
- Arizona Board of Behavioral Health Examiners
- Troy Mursch
- The Social Security Institute of State of Mexico and Municipalities
- The Turkish Revenue Administration
But that list is not exhaustive In fact, the implications were global, with the USA having the largest number of hacked sites with at least 123, followed by France (26), Canada (19), Germany (18) and Russia (17).
This cryptojacking campaign is a huge concern for Drupal users, as cyber attackers have proven that they can successfully breach Drupal in order to use the resources of unsuspecting website and application visitors. Cryptojacking can also increase CPU usage for website visitors and can lead to devices being overheated since the processing power is being used in the mining process. Talk about a poor customer experience.
Drupal’s solution comes in the form of emergency security patches once vulnerabilities are found or exploited, but your brand’s reputation hangs in the balance until you can apply that patch.
Updates, Updates and More Updates
Between migrations, you can expect to update your Drupal system regularly. Updating your Drupal system is crucial in ensuring that your system works efficiently and securely. But the main disadvantage is that you have to regularly look out for updates and implement them. This constant checking of updates and implementing them means you are spending less time on innovating, running your business and pleasing your customer. And more time looking after your website and protecting it from any security threats.
Also, if you don’t keep your Drupal system up-to-date, your site becomes vulnerable to numerous attacks, as discussed in the previous section.
No Out-of-the-box Headless Capabilities
Drupal isn’t built from the ground up to be a headless CMS — yet headless content management is exactly what enterprises need. A headless CMS provides developers with a great deal of flexibility to innovate and deliver content to various IoT devices, from Amazon Echos to smart refrigerators. Headless content management also makes life easier for developers who wish to adapt their content strategy to meet emerging consumer trends. In other words, it is future proof.
Out of the box, Drupal users do not have this same flexibility. Drupal’s more rigid content management infrastructure gives developers little room to deliver their content outside of conventional web browsers.
Drupal 8 Vs Zesty.io: 7 Ways Zesty.io Wins
Zesty.io is an enterprise-grade SaaS (Software-as-a-Service) solution that makes for the ideal tonic for a brand in technical turmoil thanks to Drupal’s migration policy. Here are seven ways Zesty.io beats Drupal 8.
- Zesty.io Customers Never Migrate or Update
As a SaaS product, Zesty.io users never have to worry about migrating to a new version. In fact, as a Zesty.io user, you’ll never even have to think about an update or security patch. Thanks to our multi-tenant architecture, we make the updates centrally, without ever inconveniencing our customers. As a result, there’s significantly less downtime, a whole lot less of a burden on your IT department, and more head space to think about the growth of your company.
- Zesty.io is Headless
As previously mentioned, Drupal 8 has no out-of-the-box headless capabilities. Zesty.io, on the other hand, has a decoupled architecture, allowing users to manage content centrally and then deliver it headlessly to any channel or device. Plus, Zesty.io’s advanced content models automatically provide universal machine-to-machine readable data via JSON or XML content feeds with no plug-ins, modules or custom development required. Now that’s IoT-ready.
- Zesty.io is Plug-and-Play
Compared to on-premise WCMS, SaaS products are much easier and faster to deploy. A Zesty.io deployment takes a matter of weeks, ending with a simple sign on through your favourite web browser. In comparison to Drupal, Zesty.io is plug-and-play.
- Zesty.io is Secure
Drupal’s history with security breaches doesn’t have to be your brand’s burden to carry. Zesty.io benefits from enterprise-level security controls for all aspects of the Zesty.io platform; including the physical environment in which the platform is hosted, accessed and monitored, as well as the logical system-based controls employed to manage platform access.
Furthermore, Zesty.io supports two-factor authentication and a robust user permissions feature that govern’s user-level protection. DDoS mitigation is delivered through Fastly's content delivery network. As for your media delivery, that’s all served by Google Cloud Platform along with SSL encryption supported up to 2048. Oh, and we guarantee 99.9% uptime, too.
- Development Environment Out-of-the-box
You may have been told that closed-source SaaS solutions are harder to customize. While Zesty.io isn’t open source, there is a development environment baked in, allowing front-end developers to get creative with content delivery across channels.
- Multi-site Management is a Breeze
With Drupal, operating multiple sites is a hassle. You need to spin up a new instance for each site and route each one to your server. But with Zesty.io, you get a WCMS that has been built from the ground up to support multiple websites from one dashboard. We call this the Zesty.io Ecosystem, which helps connect any number of Zesty.io instances you have.
By using Zesty.io Satellites and our Ecosystem approach, brands can centralize media assets, manage user permissions and review analytics across all their digital properties — all from one dashboard which can be logged into by anybody in your company thanks to our multi-tenant architecture.
- Zesy.io is Built to Scale
Leveraging the Zesty.io Satellite and Ecosystem approach, brands can scale to whatever size they need without thinking twice. Additionally, Zesty.io allows brands to deploy localized websites specific to countries, regions, and languages while maintaining consistent brand imaging and experiences.
Finally, as the first WCMS to partner with Google Cloud, our customers can depend on us to deliver Google-grade cloud infrastructure every minute of every day — no matter their scalability requirements.
Don’t Migrate, Evolve.
Drupal’s migration policy isn’t enterprise friendly. Moreover, Drupal’s security flaws — which have been exposed time and time again — are a glaring risk at a time when cybersecurity is more important than ever before.
Now that you’re being forced to make a move, it’s time to break the migration cycle and evolve with a SaaS WCMS built for the future instead.
Stuck Between a Drupal Rock, and Drupal Hard Place? Let’s Talk.
By Chloe Spilotro
Hooked onto the platform since first using it through the Zesty.io Incubator Program at the University of San Diego. Passionate about all things marketing, IoT, and helping businesses leverage technology to grow and become major players in their industries.