HubSpot CMS Enterprise - Infrastructure, Security, & Capabilities

On April 7th, 2020 HubSpot introduced an exciting advancement in their website design and development platform, CMS HUB Enterprise, with a host of features set to serve organizations with complex requirements.

With features like serverless functions and memberships, sophisticated teams will be able to build integrated app-driven web experiences that offer amazing capabilities to their visitors. Internal teams gain deep control over who has access to content, and the ability to see who is making changes to the site through activity logs and user permissions. Add to that amazing infrastructure and security advancements with multi-domain management and the Enterprise CMS HUB can compete with any website technology.

Building Websites With HubSpot Enterprise CMS

There are a variety of options when choosing a CMS for your tech platform. Historically, we have had a lot of the entry-level DYI builders. But those were not robust enough, or provided the capabilities a more mature organization might require. On the other hand, enterprise solutions may require hundreds of thousands of dollars in subscription and maintenance costs. As well as potentially take months or even years to fully onboard and implement. For an advanced organization to onboard a centralized platform that has the advanced capabilities they need, this could mean significant cost and impact to the overall company operations. 

HubSpot realized this gap in the marketplace between entry-level solutions and the behemoth enterprise solutions that have dominated the space. Capitalizing on that opportunity, HubSpot has evolved with its Enterprise CMS Hub. 

The HubSpot Mainsail

It’s HubSpot's mission to help millions of organizations grow better, and they believe that giving them secure, reliable, performance and usable software will help them do just that. HubSpot rolled out its Mainsail in 2019, providing a shared language to illustrate their prioritization of the multitude of inputs and requests on their plates while maintaining autonomy. 

HubSpot Mainsail


The seven levels of the Mainsail are split into two sections: Guardrails and Goals. 

The Guardrails are each tied to a metric (or metrics) with an explicit SLA (service-level agreement) that Product teams can track to assess their health:

  • Security, Privacy and Compliance: Security tickets (e.g. security, compliance and privacy-related tasks that address major risks to our customers) 
  • Infrastructure: Infrastructure tickets (e.g. issues related to critical infrastructure upgrades or migrations)
  • Reliability: Support tickets, incident follow-ups, service availability SLAs (e.g. failure rate)
  • Performance: Service latency SLAs (e.g. response time, or time until successful page load)
  • Usability: UX tickets (e.g. usability/interface issue data from all data sources, including but not limited to: customer research, NPS, support tickets, the Ideas Forum, etc. categorized by severity (how bad is it?) and reach (how many people does it impact?)) 

The Goals levels on the Mainsail typically relate to new features, though sometimes new features can be the solution to a Guardrail level. The metrics for Goals vary by team, though they are working on standardizing these over the next year as well. 

HubSpot's Security, Privacy, and Compliance

Compliance and security are paramount to HubSpot's culture. As a true global organization that serves localized customers the world over, providing a stable, secure and compliant platform to their clients was non-negotiable. Especially with their upstream move to serve larger, more enterprise organizations, security was constantly evaluated and improved. 

Currently HubSpot's SOC 3 report is available online. Additionally, we can obtain a copy of their SOC 2 Type I report by contacting a HubSpot representative directly. 

Application Security

Sessions between the user and their portal are protected with in-transit encryption using 2,048-bit or better keys, and TLS 1.2 or 1.3 when using modern browsers. TLS is enabled by default on all HubSpot-hosted websites. 

With the ever-increasing attacks on platforms and organizations, HubSpot monitors any potential attacks through a web application firewall (WAP) as well as network-level firewalling. Additionally, the HubSpot platform contains a DDoS prevention to help ensure the uptime of your website to your customers. It is evident that HubSpot takes security seriously and continues to stay at the forefront to ensure its customers and their audiences remain secure. 

Audits, Vulnerability Assessment & Penetration Testing 

When it comes to monitoring and maintaining a secure environment, HubSpot runs static code analysis, leverages 3rd party pen-testing firms multiple times a year, and has a crowd-sourced vulnerability testing initiative called the "bug bounty" program, in effort to help spot potential flaws on an ongoing basis. As you can see, HubSpot takes not only the security of their platform seriously, but ensures that as a user of their platform, you can showcase your commitment to security to your audience as well. 


HubSpot Security

For more information, you can find HubSpot's official security information on their Security Page


When it comes to privacy, HubSpot takes a holistic view of privacy in terms of customers, partners, developers and everyone else. As a truly global company, HubSpot subscribes to all privacy procedures regarding their own clients information whether they're in the EU, AMEA, North America or somewhere else. By practicing what they preach, subscribers can be confident that HubSpot follows proper GDPR, CCPA and WCAG practices. In addition they extend tools to let their customers offer the same best practices to their individual audiences as well. They have enhanced their platform to enable easier compliance with GDPR, and provided tools so organizations can be fully WCAG compliant in terms of how they process customer data on the HubSpot platform.

The Enterprise CMS takes it a step further by allowing individuals to partition access to HubSpot assets for different individuals so that only the right people have access to view and edit them. Whether you need to keep your sales and marketing teams separate while working in HubSpot, or you have important pages or databases that only a specific team should manage, you can now leverage HubSpot partitioning to keep everyone in line across teams. 


As alluded to above, privacy and compliance go hand in hand. With the ever-changing regulations in the US and abroad, it is important for organizations to stay up to date on requirements and best practices. HubSpot not only provides you the tools, but also acts as a trusted advisor to help educate their customers with resources such as GDPR Playbooks, CCPA What to Know and more. The CMS makes it easy with built-in tools to leverage these compliance features with the simple click of a button. Whether you're concerned about your information being used in compliance with industry regulations, or want to ensure your organization is following proper procedures and protocols, HubSpot provides the tools and support you need to stay at the forefront of this ever-growing focus. 

HubSpot's Development Infrastructure

One of the primary benefits of leveraging HubSpot is that it is in fact a SaaS CMS solution. Updates, latency improvement, penetration testing, refactoring old code, and more have plagued IT teams and organizations tasked with custom building and hosting their own sites on their own servers. The opportunity costs gained from leaning on HubSpot's 140+ product teams puts direct minutes and dollars back into the organization and allow your teams to focus on the more important work they have on their plates. 

HubSpot's infrastructure is secure and stable, hosted on Amazon Web Services (AWS) in the United States East region. In the EU, HubSpot uses the Google Cloud Platform (GCP) to support the processing of local customer data that is critical to business operations.  HubSpot has been an Amazon Web Services (or AWS) customer for ten years now. Their footprint includes almost 2,500 EC2 instances, many petabytes of data on EBS and S3, and over a petabyte of web traffic flowing through over a hundred different ELBs each month. In 2017 HubSpot adopted Kubernetes for data infrastructure and began leveraging the Google Cloud Platform. Today HubSpot is an integral partner with Google on their international cloud infrastructure platform. 


The third layer of the mainsail is reliability. Especially important for larger organizations, uptime and availability of the website is crucial to business operations and a primary factor in selecting a CMS platform. Suffering a DDoS attack or bug with deployment that takes your website down for a period of time can wreak havoc on an organization. Unlike managing your own server configurations where you are responsible for pen testing, bug fixes and deployments, security scans and performance reports, leveraging a CMS like HubSpot allows you to put that time back into your day. HubSpot's platform is built on a worldwide content delivery network (CDN) provided by Cloudflare to distribute content to a location closest to users, enabling quick and consistent access wherever you are. This allows for contingencies if an issue arises in one part of the network, it doesn't take down the entire system. Your website and content will be served through a separate node on the network to ensure optimal uptime and accessibility.

In addition, HubSpot uses a variety of data stores and employs best practices for data safety and recovery. Through the use of AWS and Google Cloud, HubSpot stores its data in one of three separate data centers. If one server fails, the processing is switched to a replica server in a different data center to minimize service interruptions. The disaster recovery strategy at HubSpot uses a combination of snapshots of data and daily full backups to ensure that there are multiple copies of data available to be restored. Snapshots are used for quick reference while full backups are available to recover any deep information not included in the snapshot. This ensures that you will always have access to your data with safeguards in place to provide extra protection. 


When it comes to performance, HubSpot is the best-in-breed software as it is built for performance. As HubSpot describes it:

Great user experience (UX) is a factor of content quality, speed, security and accessibility. Optimizing for these generally also improves Search Engine Optimization (SEO). Better performance is all about providing a better experience for end users. Achieving better performance is all about solving for your individual site's bottlenecks.


Since opening up the CMS for local development via their CLI, and the advent of HubSpot themes, HubSpot is providing a foundation of success. By starting with the HubSpot theme boilerplate, you can be sure your foundation is optimized for speed, and they even publish their current scores from Lighthouse and Website Grader on their GitHub read me. Additionally, by leveraging the uptime performance API's, development teams can monitor the health of their sites around the clock.

HubSpot really tries to empower teams with the tools and knowledge necessary to manage a high-performing site right out of the gate. Many organizations don't have the in-house expertise to successfully optimize their sites on an ongoing basis for search engines. The SEO tools are just one example of how HubSpot takes the guesswork out of site performance management. Whether it be the auto-generated xml sitemap, the free SSL certificate that comes with CMS Hub, automatic image optimization, the in-editor optimization checklists and suggestions, or more, you don't need to be a technical expert to lean on the strategic tools HubSpot provides. But content and marketing teams can still benefit form the performance enhancements the foundation was built on. 


One of the most critical elements for sales and marketing purposes, you need to make sure yours is designed for usability. Usability is designing and developing the website in a way that makes it easy to use. Not be confused with user experience (UX), which is more about making the website enjoyable to interact with. HubSpot produced the 9 pillars of usability, summarized here:

  1. Simplicity: All visitors are there for a reason. They want to complete some action, or to find some specific piece of information. Make it easy for them.
  2. Visual Hierarchy: This is about prioritization of elements. Working to determine and arrange website elements so that visitors gravitate toward the most important elements first. Give them the best, first.
  3. Navigability: Intuitive website navigation is crucial to help visitors find what they're looking for. Visitors should be able to quickly and efficiently find what they're looking for.
  4. Consistency: Don't confuse your visitors with drastic changes in experience. Make sure your backgrounds, color schemes, typefaces, and tone of your writing are all consistent.
  5. Responsivity: For a great user experience, your site has to be compatible with the many different devices that your visitors are using. Your website should naturally respond and reformat to all viewing devices. Responsiveness is critical to success, with the presence so many different types of viewing devices.
  6. Accessibility: The goal of web accessibility is to make a website that anyone can use, including people with disabilities or limitations that affect their browsing experience. 
  7. Conventionality: You shouldn't get too crazy with your website because visitors have expectations on where certain elements and resources should live. Make sure to tame your desire for originality with visitor expectations. 
  8. Credibility: Following web conventions lends your site credibility. It increases the level of trust your site visitors gain when they first land on your website. Remember, with credibility and trust the user experience won't be positive.
  9. User-Centricity: If you want your site to truly be great for the end user, you should get their feedback. Don't forget to conduct user testing, gather feedback, and implement changes based on what you've learned.

Theme Structure & Construction

One of the latest and greatest releases from HubSpot over the last year has been HubSpot Themes. Themes is built to empower marketing teams and non-technical roles easily manage and update website content on the fly. 


add a common module to a page


A theme is a set of files that make up your website. This can include templates, modules, coded files and stylistic settings for the site. HubSpot has many pre-built themes in its Theme Marketplace. But for those who leverage a development resource like an in-house dev team or agency partner, HubSpot makes it possible for you to custom code any website into their Themes interface. A developer essentially builds the site and sets the guardrails for anyone who will be working on the site. Want to change colors? Sure! But you'll only have the options of your brand-specific colors. Want to update fonts? Easy! But you'll only be allowed to select from your brand-approved fonts. These and other rules can be put in place by developers to help keep marketers and other roles operating within the proper guidelines. This allows them to focus on the content and not need to worry about the technical aspects of styling and page development. Developers build using flexible themes and content structures. Marketers easily edit and create pages on their own. Customers get a personalized, secure experience. With CMS HUB, everyone wins!

New call-to-action

Key HubSpot CMS Features

HubSpot CMS Enterprise has the ability to carry out your functional needs. This has been a big level-up play and opened the doors of possibility by allowing technical experts the ability to do what they need to do, without the limitations imposed on them by traditional CMS's.

Serverless Functions

Being a SaaS solution, HubSpot needs to maintain security so they do not provide the same level of access you would have by hosting a site on your own servers. Fortunately, they have provided the ability for developers to write server-side code that interacts with HubSpot and 3rd party applications through APIs. This alleviates the need to spin up and manage additional servers to support different website functionalities. Building complex calculators or event registration systems is now possible on HubSpot using simple JavaScript and NodeJS. You can check out this article for more information about serverless functions on HubSpot. With features like serverless functions and memberships, sophisticated teams will be able to blur the lines between static web pages, and web apps. You’ll also gain further control over who internally has access to your content, and see exactly what changes your team is making to your site through activity logs and user permissions. 

Team Permissions & Visibility

Another move by HubSpot to directly serve the larger, more enterprise clientele, is the ability to partition content and access for different groups. Whether it be different teams working on different parts of the website such as content creators, marketing resources or even sales and HR, it's important to provide a system that reduces the risk of something going wrong. By providing access permissions to different teams, you can ensure that the different resources working on the site have the access to the areas they need, and don't have access to the areas that they don't need. 


Historically membership sites were hard because of the management of individuals' unique logins and passwords. Where before we would need to spin up an external MySQL database to manage this data, this is now all possible within the HubSpot Enterprise CMS. Whether you want to deliver unique content to different segments of your audience. Or you want to create personalized membership pages, it is all possible on the CMS and seamlessly integrates with the other aspects of HubSpot like the CRM, Sales HUB and more. Gain more visibility into your audience by having an all-on-one platform that pairs with the best-in-breed marketing software on the planet. 


Another common requirement of more advanced sites is the need to have dynamic content. Whether you're managing a product catalogue, a list of franchises and staff members, or a database of resources and documentation, having a streamlined way to easily control this information in one place is what makes the difference between a 5min update and submitting a support ticket with 24-48hr turnaround times. 

HubDB is a lightweight database that leans on the power of HubSpot's APIs to send content to not only HubSpot hosted pages, but anywhere you want. By integrating HubDB with front-facing website pages, marketers can control the content that displays on the page without ever needing to edit the page themselves. Simply updating the data table the same way you would a Google Sheet or Excel doc, different teams can keep content on the website up to date easily. With all the information these databases can hold, HubSpot took added care in providing access management at a granular level. Control who has access to the data, who can update data tables and how the data tables can be updated. HubDB is the backbone of some of the most advanced sites we've built.

Is HubSpot CMS Enterprise Right For Your Organization?

That's a question that will likely be answered by a host of internal resources. Stakeholders from multiple departments will need to be consulted, including IT, marketing, sales, and operations. Our advice is to start with the security, infrastructure, and reliability of the CMS platforms you're evaluating. This will help your IT team get comfortable with your top choices, making the life of a marketer a lot easier. 

New call-to-action