The Dangers of Using a CMS to Build Your Enterprise Application

The following article was written by Mike Nelson; an expert developer at Surge. Websites built with Content Management Systems such as WordPress and Drupal scatter the web by the millions. These systems are vastly popular tools for creating websites and managing user-generated content. They come pre-built with many features tempting developers embarking on enterprise application projects to build upon their shaky foundations. While starting off with a vast wealth of features and an established framework is understandably enticing, the illusionary head start will quickly be eclipsed by problems arising from fundamental architectural dissonance.

What is an Enterprise Application?

An enterprise application is software intended for use in a corporate environment (obviously!). These applications are commonly large and complex. They are required to be scalable, distributed, secure, and mission-critical. Enterprise class problems often include a requirement to store, manage and process large amounts of sensitive data. They almost always require integration with other software within the enterprise. These applications require enterprise-grade architectures that are specifically designed to meet such requirements.

Content Management Systems (CMS)

Content management systems are designed to solve one specific problem: manage content. Typically this content is in the form of textual information (i.e. blog posts, wiki entries, product documentation, etc.…) These systems require user-friendly content editing and management tools, user (author) management and security surrounding content. CMSs are used effectively to manage content for millions of websites, often within a corporate environment.

The Overlap

The two application types share some common features. They both require handling large numbers of page views. They both require user management, authentication and authorization. They both are often deployed as web applications designed to be accessed with a web browser.

The Lure

CMS systems are tempting. It feels like you get a huge head start on your project. User management is built in. Patterns for reading the database, rendering HTML, collecting information from users through forms, themes and skins entice application developers as a foundation to build on. CMS systems typically come with huge libraries of plugins, most geared towards the realm of content management but some venturing into the enterprise domain. Why wouldn’t we want such a great kick-start to our project?

The Fundamental Problem

The aforementioned architectural dissonance stems from the original goals of these two systems. CMSs were designed to manage content. They are great for building websites as well as quick web-applications and rapid prototypes. Their architectures reflect these goals. For example: here is a diagram of Drupal’s component architecture: Drupals-Architecture Drupal is considered more an application framework than a CMS but its roots lie in content management and its architecture reflects such. Notice how its main components reflect its original design goals: editing, displaying and managing HTML content. Menus, Forms, Blocks (small sections of content), Comments, Nodes (page hierarchies) make up the major components of this architecture Now, contrast that with a fairly typical enterprise architecture diagram: Enterprise-Architecture1 This architecture is organized in a way to effectively deal with complex business workflows, data, and security needs and to integrate with other enterprise applications. Service interfaces, service gateways, business components, data access layers and orthogonal security and operation management make up its architecture.

The Dangers

Like a building built on a weak foundation, an enterprise application built with the wrong architecture will ultimately fail. While it may seemingly get off to a quick start, building an enterprise application on the foundation of a CMS will start to exhibit predictable symptoms, including:
  • Security vulnerabilitiesCMSs are not designed to securely manage corporate data. You’ll get no industry standard data access and security patterns from your CMS. CMSs are also notorious for common web application vulnerabilities including SQL injection, XSS and CSRF attacks.
  • Performance problems: CMSs come with a lot of baggage. Thousands of useless execution paths will be evaluated before your business specific logic can be reached. A CMS answer to performance problems is typically caching. Cache everything. This solution works great for content management, where information is solely controlled by the one application. This solution starts to break down fast in an enterprise environment where information is coming from many different systems. Caching is important but must be handled with great care in an enterprise application; it is not a silver bullet for corporate performance problems as it is for those typically encountered in content management.
  • Feature incompatibility: CMSs typically include user and role management. Enterprise systems need integration with enterprise user management systems (Active Directory, LDAP, Single Sign On, LDAP, etc…). CMSs don’t help you here and getting their user management systems to work effectively with these enterprise systems is difficult, if not impossible. Again, your CMS is working against you.
  • Hampered agility: CMSs will really start to work against you when you need to work outside of their paradigm. For example: most modern web applications built after 2012 utilize one of the popular Single Page Application frameworks (Wikipedia). These frameworks rely on restful web-services to retrieve dynamic data but render the entirety of the application on the client via JavaScript. The monolithic architecture of most CMSs will provide no help in these scenarios.
  • Maintenance: Enterprise Applications are notoriously complex. Enterprise architectures and sound software design patterns are typically employed to abstract, encapsulate and manage this complexity. The design patterns employed in common CMSs lack these principals because they are unnecessary in the simplistic world of content management. Building enterprise software without these techniques will quickly mire your project in maintenance costs and yield a brittle application.

What You Are Missing

Thankfully, development organizations across the globe have been building enterprise applications for decades. You don’t have to reinvent the wheel and develop everything from scratch. Picking a tried-and-true enterprise application framework, like those provided by Java (Spring, JEE) and .NET (WCF, Unity, EF) each provide giant libraries and excellent tools to get you off on the right foundation. Proven architectural patterns, abstractions and layering will ensure avoiding these dangers. Each of these frameworks includes solid documentation and examples of illustrative best practices for building enterprise grade software. These frameworks also include tools and libraries to ease integration of other enterprise software. You’ll get built-in support for enterprise user identity management, advanced messaging architectures, data abstractions, enterprise grade security and much more. You’ll also benefit from a huge hiring pool of experts who know and understand these technologies. If you start off building your application on the right architecture, using proven technologies, you’ll always be able to find engineers who also understand these patterns and will be able to hit the ground running.

Conclusion

Building your enterprise applications on top of a CMS will get you off to a quick start but will ultimately drag your project into a lethargic, insecure, maintenance nightmare. Avoid the temptation of simplicity offered by these frameworks and build on a more sure foundation.

Supporting References

America's Best Software Engineers, On-Demand, at an Affordable Price
Surge Forward With Us