For years, merchants using Stripe with Drupal Commerce have faced a familiar dance: sign up for Stripe, create API keys in the Stripe dashboard, copy them over to Drupal, paste them into the right fields, and hope everything connects properly. Not complicated for a developer or experienced site builder who is familiar with the steps, but it's one of those friction points that makes launching a new e-commerce site more complex than it needs to be.
That changes with the latest release of the Commerce Stripe module. It now integrates with Stripe Connect, which simplifies the payment gateway setup process.
What Changes With Stripe Connect
Stripe Connect changes this entire workflow by acting as a secure bridge between your Drupal Commerce site and your Stripe account. Instead of manually copying credentials, merchants can now authenticate directly through Stripe's interface and automatically establish the connection.
For merchants new to Stripe
When setting up a payment gateway, merchants see a "Connect with Stripe" button. Clicking this button takes them to a Stripe-hosted page where they can create a new account. Once authenticated, they're redirected back to Drupal with the connection automatically configured.
For existing Stripe merchants
The same streamlined process applies. They just need to log into their existing Stripe account to connect without manual key management.
Why This Matters Beyond Convenience
While the improved user experience is the most visible benefit, Stripe Connect brings several strategic advantages that we believe strengthen the entire Drupal Commerce ecosystem.
Even seasoned tech leaders find it tough to keep up with how fast Drupal evolves-especially when you're juggling performance tweaks, tricky migrations, and compliance headaches all at once.. That's why Tag1 is committed to sharing our expertise at Drupal's most impactful events.
From Reactive Repairs to Continuous Improvement: Modern Operations and Maintenance for Enterprise Drupal Platformsdemet
Stop paying for emergency fixes and start investing in features that grow your business
Most organizations still treat website maintenance like building maintenance: waiting for something to break before fixing it. But digital platforms are living systems that require continuous evolution to stay secure, performant, and competitive. Unlike a building's HVAC system that might run for years without attention, websites face constant new security threats, changing user expectations, and evolving technology standards.
Here's what changes when you shift to proactive operations and maintenance:
Instead of losing revenue during emergency downtime, your site stays available.
Instead of paying developers overtime for crisis patches, you're investing in implementing new features.
Instead of explaining security breaches to stakeholders, you're preventing them entirely.
The resources you save on emergency fixes can be reinvested in improvements that actually grow your business.
In this article, you'll discover:
The four pillars of modern operations and maintenance (O&M)
The costs of reactive maintenance and a business case for a proactive approach
Key components of modern O&M services and the specialized expertise Drupal platforms require
Whether to build an in-house team, outsource, or adopt a hybrid approach
The tools and metrics that separate high-performing operations from those just keeping the lights on
A practical roadmap for transforming your maintenance strategy from firefighting to strategic enablement
What are operations and maintenance services for digital platforms?
When facility managers talk about operations and maintenance, they're thinking about HVAC systems, plumbing, and electrical grids - physical infrastructure that degrades predictably over time. Digital platforms operate in an entirely different reality. Your website doesn't rust or wear out. While a building's roof might need replacing every 20 years, your website's security patches can't wait even 20 days. Digital platforms must contend with an ever-shifting landscape of security threats, browser updates, API changes, and user expectations that evolve at the speed of the internet.
As a result, operations and maintenance in the digital realm call for a unique strategy: a move from break-fix crisis management to continuous improvement. Instead of waiting for problems to surface, modern operations and maintenance anticipate and prevent issues while continuously enhancing platform capabilities.
Indeed, the distinction between operations and maintenance becomes clearer in this digital context:
Operations ensure your platform runs smoothly day-to-day: monitoring uptime, managing traffic spikes, responding to user issues, and keeping services available.
Maintenance evolves and improves the platform: updating modules, patching security vulnerabilities, optimizing performance, and adding new capabilities.
Let's take a look at what a modern digital operations and maintenance service should provide.
The four pillars of modern operations and maintenance
Effective digital operations and maintenance rest on four interconnected pillars, each addressing different aspects of platform health:
Corrective maintenance handles the inevitable issues that arise despite best efforts. When a module conflict breaks functionality or a server configuration causes errors, corrective maintenance rapidly diagnoses and resolves the problem. Unlike the old break-fix model, modern corrective maintenance includes root cause analysis to prevent recurrence.
Adaptive maintenance keeps your platform compatible with the changing digital ecosystem. When PHP releases a new version, browsers update their standards, or third-party APIs change their endpoints, adaptive maintenance ensures your site continues functioning seamlessly. This pillar is unique to digital platforms - buildings don't need updates when Chrome releases a new version!
Perfective maintenance enhances your platform based on user needs and business goals. This includes improving page load speeds, streamlining content workflows, adding new features, and optimizing user journeys. This is where maintenance transitions from cost center to value creator, directly impacting user satisfaction and business metrics.
Preventive maintenance proactively protects against future problems through regular health checks, security audits, performance monitoring, and systematic updates. By addressing potential issues before they impact users, preventive maintenance dramatically reduces both downtime and emergency repair costs.
These four pillars work together to create a comprehensive maintenance strategy. Organizations that master all four see improvements in reliability, user satisfaction, and total cost of ownership.
The business case for proactive operations and maintenance services
Reactive maintenance isn't just stressful - it's also expensive. It's stressful for your developers to scramble to patch systems over the weekend, and it costs you a fortune in overtime. Understanding the true costs of reactive maintenance versus proactive care reveals why forward-thinking organizations are transforming their approach.
Preventing catastrophic failures starts with recognizing how small issues compound. A minor module incompatibility ignored today becomes tomorrow's site crash during peak traffic. An unpatched vulnerability dismissed as "low risk" becomes next month's data breach. Technical debt accumulates interest like credit card debt - what seems manageable now can spiral into a crisis that requires a complete platform rebuild in the future. A single unpatched vulnerability could expose your entire user database, leading to breach notifications, legal fees, and diminished customer trust.
The real-world costs of reactive maintenance tell a compelling story:
Data breaches average$4.4 million globally, not counting reputational damage that can persist for years.
Downtime costs enterprises$5,600 per minute on average - that's $336,000 per hour of lost productivity and revenue.
Accessibility is also a major topic: In the United States, Section 508 non-compliance can lead to lawsuits and legal action.
Regular accessibility audits, security updates, and compliance monitoring through proactive maintenance cost a fraction of violation penalties - while protecting your organization's reputation and maintaining customer trust.
Palantir's Continuous Delivery Portfolio helps organizations transition to a proactive approach, turning maintenance from a necessary evil into a strategic advantage.
Core components of enterprise operations and maintenance services
Modern operations and maintenance for enterprise digital platforms involve a comprehensive approach that addresses security, performance, and continuous evolution:
Security and compliance management
Continuous vulnerability scanning and patch management
Compliance monitoring dashboards and reporting
Incident response planning and execution
Performance optimization
Database optimization and query tuning
Advanced caching strategies and CDN management
Core Web Vitals monitoring and improvement
Feature and content evolution
Systematic module testing and updates
Continuous feature deployment without disruption
Content workflow optimization for editorial teams
These components apply to any enterprise platform - but if you're running Drupal, its architecture and ecosystem demand specialized knowledge that generic web maintenance providers can't always offer.
Why Drupal sites require specialized operations and maintenance expertise
Module ecosystem complexity: Managing dependencies across hundreds of contributed modules requires understanding not just individual modules, but how they interact, which combinations cause conflicts, and how updates cascade through the system.
Core update strategies: Taking advantage of innovative features in new versions needs to be balanced with maintaining stability across Drupal's release cycle. You need to know when to apply security updates immediately versus waiting for minor releases, and planning major version migrations years in advance.
Custom code maintenance: Ensuring your unique functionality evolves with core requires deep understanding of Drupal's APIs, coding standards, and deprecation timelines to prevent custom solutions from becoming tomorrow's technical debt.
Multi-site governance: Coordinating updates across complex Drupal architectures demands expertise in configuration management, deployment strategies, and understanding how changes propagate across shared codebases.
Working with a certified parter is the best way to manage a Drupal setup. Palantir's Top Tier Certified Partner status represents our continuous contributions to Drupal core, deep involvement in the community, and proven expertise across hundreds of implementations. This means our operations and maintenance teams don't just know how to use Drupal, but help shape its future, giving you insights into upcoming changes and best practices that only come from being at the forefront of platform development.
Building your O&M team: In-house vs. managed services
The skills required for comprehensive operations and maintenance span multiple disciplines:
Security and compliance specialists who stay current with vulnerability management and ensure compliance with regulations like HIPAA, GDPR, or Section 508 accessibility standards.
Performance engineers who optimize database queries, implement caching strategies, manage CDN configurations, and monitor Core Web Vitals that directly impact search rankings and user experience.
DevOps specialists who implement automated testing pipelines, manage CI/CD deployment workflows, configure monitoring systems, and maintain the infrastructure that keeps your platform running smoothly.
Strategic consultants who translate business objectives into technical roadmaps, evaluate emerging technologies, and ensure your platform investment continues supporting organizational growth.
Drupal architects who understand module dependencies, core upgrade strategies, custom code maintenance, and how to evolve functionality through platform updates without breaking existing features. You'll need analogous specialists for any other CMS you might be using.
Finding all this expertise within a single team represents a significant investment and ongoing challenge. For this reason, outsourced and hybrid models are proving popular. These alternative models can also offer significant financial benefits.
Comparing in-house teams, outsourcing, and hybrid models
Building an in-house team with comprehensive O&M capabilities requires significant investment. For enterprise-level expertise across all required disciplines - security specialists, performance engineers, Drupal architects, DevOps specialists, and strategic consultants - in-house teams can cost hundreds of thousands of dollars annually in salaries alone, before benefits, training, and infrastructure costs
Complete outsourcing offers cost predictability, but that cost varies widely based on scope and complexity. A fully outsourced approach for an enterprise Drupal platform is likely to cost thousands of dollars per month, but this is still significantly less than building equivalent capabilities in-house. However, complete outsourcing creates risks around knowledge transfer, potential vendor lock-in, and loss of internal institutional knowledge about your platform and business requirements.
Hybrid models combine internal knowledge with external expertise. Your internal team retains institutional knowledge, understands business priorities, and maintains day-to-day operational control. External specialists then provide deep technical expertise, stay current with rapidly evolving best practices, and offer the surge capacity needed for major updates or strategic initiatives.
This hybrid model typically costs 40-60% less than building equivalent capabilities in-house, while avoiding the knowledge transfer risks of complete outsourcing. Your organization maintains control and develops internal capability while accessing specialized expertise that would be prohibitively expensive to hire full-time.
How Palantir's Continuous Delivery Portfolio works
At Palantir, we take a hybrid approach. Our Continuous Delivery Portfolio offers friction-free integration with your existing team structure - functioning as an extension of your team rather than an external vendor relationship.
Our Continuous Delivery Portfolio (CDP) offers:
Dedicated client success teams: Senior Drupal developers, security specialists, performance engineers, and strategic consultants who become genuine members of your extended team, participating in planning sessions and working toward shared success metrics.
Flexible engagement models: Services scale from focused monthly retainers for routine maintenance to comprehensive strategic partnerships, adapting to your specific requirements and budget.
Seamless integration: Our team members embed within your internal teams, organize sprints, and contribute to strategic decisions while ensuring knowledge transfer and leveraging our Certified Partner expertise. We also have close relationships with leading Drupal hosted infrastructure providers, like Acquia and Pantheon.
Knowledge transfer commitment: Every decision is documented, your team gains capability rather than dependency, and we ensure you can manage your platform independently. Our goal is empowerment, not vendor lock-in.
Strategic roadmapping: Regular planning and feedback sessions identify emerging business needs and align technical developments with organizational objectives, transforming maintenance from reactive crisis management into proactive strategic enablement.
Effective operations and maintenance requires measurement beyond simple uptime percentages. While 99.99% uptime sounds impressive, it doesn't capture whether your platform is actually supporting business objectives or providing excellent user experiences.
You'll need to define more meaningful KPIs, including:
Security metrics: Track vulnerability remediation speed, compliance audit results, and security posture improvements over time, not just the absence of breaches.
Performance metrics: Monitor Core Web Vitals scores that impact search rankings, page load times that affect conversion rates, and database optimization that reduces infrastructure costs.
User experience metrics: Measure task completion rates, user satisfaction scores, and accessibility compliance that ensures your platform serves all users effectively.
Business impact metrics: Connect technical improvements to organizational outcomes: revenue impact from performance optimization, cost savings from automated processes, and risk reduction from proactive security measures.
Development velocity metrics: Track how O&M services enable your team to focus on strategic initiatives rather than firefighting, measuring feature delivery speed and technical debt reduction.
Regular reviews analyze metrics trends, assess whether current services meet evolving needs, and identify opportunities for optimization or automation. This ensures O&M investments continue delivering value as your organization and platform mature.
Essential tools for comprehensive visibility
Of course, accurately assessing your O&M success depends on having the right monitoring and automation tools in place. Here are some you might want to consider:
Real-time monitoring and alerting platforms like New Relic, DataDog, or Nagios provide immediate notification of performance issues, security events, and system anomalies before they impact users.
Automated deployment and rollback systems such as Jenkins, GitLab CI/CD, or GitHub Actions enable rapid feature releases with safety nets that can quickly revert problematic changes if issues arise.
Performance testing and optimization suites including GTmetrix, WebPageTest, or Lighthouse continuously assess site speed, database efficiency, and user experience metrics across different devices and network conditions.
Security scanning and compliance tools like OWASP ZAP, Qualys, or Nessus provide ongoing vulnerability assessment, compliance monitoring, and threat detection that keeps your platform protected against emerging security risks.
Your operations and maintenance transformation roadmap
Transforming from reactive to proactive operations and maintenance can't be done overnight. You need a structured approach that addresses immediate risks while building long-term capability.
Successful transformations follow a systematic roadmap:
Current state assessment: Begin with a comprehensive audit of your existing maintenance practices, security posture, and performance baselines. This includes reviewing current backup procedures, update schedules, monitoring capabilities, and team responsibilities. Document existing pain points, recurring issues, and resources currently dedicated to maintenance activities.
Gap analysis: Compare your current capabilities against industry best practices and your specific compliance requirements. Identify immediate security vulnerabilities that require urgent attention, performance bottlenecks limiting user experience, and process gaps that create operational risk. Assess your team's current skills against the expertise needed for comprehensive O&M.
Prioritization framework: Security vulnerabilities and compliance issues typically require immediate attention. Performance improvements that directly impact user experience and revenue should follow closely. Longer-term initiatives like DevOps transformation and advanced monitoring can be planned for subsequent phases based on available resources and organizational readiness.
Implementation timeline: Plan realistic phases for O&M maturity, for example:
Phase 1 (Months 1-3) an initial site audit to establish benchmarks, identify KPIs, and address critical issues or vulnerabilities.
Phase 2 (Months 4-9) focuses on performance optimization, staged deployment processes, and automated testing.
Phase 3 (Months 10-18) introduces advanced monitoring and begins measuring business impact metrics.
Working with an experienced external partner can accelerate this transformation by providing immediate access to specialized expertise, proven methodologies, and tools that would take months or years to develop internally.
The right partner brings not only technical capabilities but also strategic guidance on prioritization and realistic timeline planning.Palantir's expertise spans all phases of this transformation roadmap. Our Drupal CertifiedPartner status demonstrates our deep platform knowledge, while our 25+ years of open source experience means we understand the unique challenges enterprises face when modernizing their operations and maintenance approaches.
We've guided organizations through comprehensive assessments, gap analyses, and phased implementations across the healthcare, government, higher education, and enterprise sectors.
In 2024, Drupal 11, the latest version of the popular content management system, was released. The new edition brought significant changes, such as an intuitive administrative interface and ready-made configuration sets (Recipes). Thanks to automatic updates, the system has also become more secure and easier to maintain. In this article, you will learn why you should choose Drupal 11 or upgrade your current website to it.
DrupalCon Vienna 2025 is more than a gathering of developers and site builders, it's a destination for anyone who believes in continuous learning, personal growth, and professional development. Whether you're new to Drupal or leading enterprise-scale digital experiences, this year's event offers a wealth of opportunities to learn, share, and evolve.
At its core, DrupalCon has always been about knowledge-sharing. In Vienna, you'll have direct access to the people who build, maintain, and push the boundaries of Drupal itself. Through keynotes, breakout sessions, workshops, and contribution sprints, you'll find insight into the technologies shaping the future and the practical tools to apply them now.
Image
Photo by Bram Driesen - Sessions - DrupalCon Barcelona 2024
Learn from the Best in the Ecosystem
DrupalCon Vienna brings together core contributors, industry leaders, and community experts to deliver actionable, real-world knowledge. You'll explore:
Deep technical sessions on decoupled architecture, API-first development, Drupal 11, and performance engineering
Hands-on workshops covering theming, configuration management, CI/CD, and DevOps best practices
Case studies from global enterprises, nonprofits, and government platforms
Frontend and backend tracks tailored to developers of all levels
These sessions go beyond theory, they're rooted in real-world challenges and solutions.
Tailored Learning for Every Role
DrupalCon is a cross-functional conference and that's one of its greatest strengths. Whether you're in tech, marketing, or project leadership, you'll find content built specifically for your role:
Site builders & editors will learn about Layout Builder, content moderation, and editorial UX
Marketers & strategists will dive into SEO, multilingual strategy, accessibility, and personalization
Architects & developers will explore caching, security, decoupled builds, and API integrations
Project managers & product owners will discover agile delivery tactics and stakeholder management tips
No matter your background, you'll find relevant, high-impact learning.
Hands-On Practice That Drives Confidence
One of the things that makes DrupalCon truly unique is its emphasis on applied learning. You won't just sit through slide decks, you'll get your hands dirty with real-time coding, design exercises, and collaborative problem-solving.
Expect:
Live coding labs to walk through Drupal API use cases, module creation, and debugging workflows
UX and accessibility workshops where you can test your designs against inclusive standards
DevOps sessions focused on deployment pipelines, performance testing, and automation
Contribution sprints where you can apply your knowledge in the real Drupal ecosystem
This approach gives you the confidence to return to your projects and implement what you've learned right away.
Grow Through Community Interaction
Some of the most meaningful growth happens outside the session rooms in conversations, BoF groups, hallway chats, and sprint tables. DrupalCon Vienna is your chance to:
Connect with mentors and contributors you've followed online
Discuss technical challenges with peers solving similar problems
Discover new career paths or specializations you hadn't considered
Build lasting relationships with a global community of passionate professionals
The Drupal community is known for its openness and generosity, and DrupalCon is the perfect space to experience it firsthand.
Invest in Yourself and Your Future
Attending DrupalCon Vienna 2025 is an investment in your skills, your confidence, and your future. It's a space to stretch your abilities, explore unfamiliar territory, and return home with practical knowledge you can apply immediately. More than that, it's a reminder that you're part of something bigger, a global open-source movement dedicated to building a better web.
Whether you're there to learn something new, prepare for certification, network with potential collaborators, or simply get inspired, DrupalCon Vienna is your platform for growth.
Join the DrupalCon Vienna contribution sprints and make a difference.
Not all software issues are bugs. Discover the four-category classification system that helps project managers allocate budgets correctly and set proper expectations with stakeholders.
Building accessible websites for people with disabilities should be a common practice nowadays. The Drupal CMS is helpful in this matter. How does it support creating webpages available for everyone? Find out from the following article.
Dries Buytaert's recent article on AI and the unbundling of digital agencies maps out many of the pressures and changes agencies are navigating right now. He outlines the shift from execution to orchestration, the reduced value of raw platform expertise, and the growing need for agencies to focus on outcomes rather than tasks. One idea that deserves more attention, though, is how AI might not just change the work agencies do, but change how clients define the work they need in the first place.
Most discussions around AI in agencies focus on internal operations. How can teams use AI to write content, generate code, automate testing, or produce visuals faster? That's important. But equally important is what happens outside the agency, how client expectations change once they begin using the same tools themselves. When AI gives clients direct access to capabilities they once hired agencies for, their view of what an "agency" is supposed to deliver will shift.
This creates a more subtle kind of unbundling, not just in how services are delivered, but in how problems are framed. A client who used to ask for a full website may now ask for a performance audit or a targeted campaign strategy instead. A marketing team with AI-generated content at their fingertips may turn to agencies less for copywriting and more for brand consistency, cross-channel orchestration, or data-informed decision support. The deliverables may look the same on the surface, but the reasoning behind them changes.
Agencies that understand this shift early will be in a better position to adjust their messaging, services, and proposals. The real question isn't how AI will change agency workflows. It's how AI will reshape what clients believe they need help with. That shift won't happen all at once. But it's already starting, and those who recognise it can prepare for a very different kind of conversation at the next client pitch.
Your marketing automation tools called. They're bored! Turns out, underusing them is more common than you think. Here's how to spot it, fix it, and make your tools work for your team.
Today we are talking about HTMX, What it is, and why it could be a game changer for Drupal with our guests Shawn Duncan & Carson Gross. We'll also cover RefreshLess as our module of the week.
Have you ever wanted to give your Drupal site a more application-like feel, by only reloading parts of the page that need to change? There's a module for that.
How old: created in Mar 2016 by Wim Leers, but recent releases are by ambient.impact, a fellow Canadian
Versions available: 2.0.0-alpha9
Maintainership
Actively maintained
Security coverage
Test coverage
Documentation
Number of open issues: 40 open issues, only 2 of which are active bugs against the current branch
Usage stats:
2 sites
Module features and usage
The RefreshLess module aims to give Drupal sites a smooth, fast, and responsive experience by using Javascript to selectively update the parts of the existing page that need to change, instead of a full page refresh. It uses the HTML5 History API to ensure the browsing behaviour is equivalent, and unsupported browsers will see a standard page refresh instead
Using RefreshLess also makes it possible to use transitions (with or without the View Transition API in modern browsers), morphing, and persistent elements to enhance the application-like feel
There is some indication that sites may encounter issues if they use RefreshLess with JS aggregation enabled, so it's probably better to use it if your site has HTTP/2 enabled
RefreshLess is currently built on the Turbo library originally built for Ruby on Rails, but there is already an issue open to move the implementation to use HTMX instead
Drupal Security Trends in 2025: How to Protect Your Business
EditorMon, 08/04/2025 - 12:04
Technically, Drupal is one of the most secure open-source platforms out there. It has an active developer community, frequent patches, and a robust architecture. But the reality is that cyber threats aren't slowing down even in 2025. If you still think updating modules is enough, that's one of the biggest mistakes today.
You know, cybercriminals in 2025 are sharper than ever. Hacking a site used to take time previously. Now they need just a few minutes, especially when site owners overlook basic security. Drupal may be powerful and built for high traffic, but without proper setup and maintenance, it can be breached. Read this article to learn how to protect your Drupal website from emerging threats.
Hooks are used in Drupal to allow modules and themes to listen to or trigger different sorts of events in a Drupal system. During these events Drupal will pause and ask if any modules want to have any say in the event that is currently being triggered.
For example, hooks are commonly used when content is viewed, created, updated, or deleted. So, if we delete a page of content then a delete hook is triggered which allows modules to react to that content item being deleted. Using this, we can react to this and perform clean up operations on items of content that don't exist any more. Our custom module might want to remove items from a database table, or delete associated files since they wont be needed.
This is just one example of how hooks are used in Drupal as they are used in all manner of different situations, and not just listening for content events. Another example of a common Drupal hook is when creating a custom template. Many modules will use a hook called hook_theme() to register one or more templates with the theme system so that they can be used to theme custom content.
Hooks have been used in Drupal for a long time (probably since version 3) and have always been one of the harder things for beginners to understand. Module files full of specially named functions that seem to be magically called by Drupal is not an easy concept to get into and can take a while to get familiar with.
New in Drupal 11.1.0 is the ability to create object oriented (OOP) hooks, which is a shift away from the traditional procedural based hooks that have been a part of Drupal for so long. This OOP approach to hooks can be used right now, has a backwards compatible feature, and will eventually replace procedural hooks (where possible).
In this article we will look at how to create a OOP hook, how to transition to using OOP hooks in your Drupal modules, and how to create your own OOP hooks.
Last week's Drupal AI webinar, Choosing the Right AI Tools for Content and Marketing, brought together a global audience and a powerhouse panel. Jamie Abrahams, Alan Botwright, and Matthew Saunders spoke while being moderated by Paul Johnson. Together, we tackled pressing topics facing digital leaders: how to harness AI to deliver real marketing value without getting lost in hype or hamstrung by complexity.
The webinar attracted attendees from more than 20 countries and nearly 80 participants at its peak. This session wasn't a technical demo. It was an honest conversation about challenges of implementing AI in today's constrained marketing landscape.
Paul started the conversation by framing the discussion with some statistics. Budgets are under pressure.
Gartner released a report indicating that marketing budgets have dropped to around 7.7% of company revenue, down from 11% in pre-COVID days and this is looking to be the new normal. Combined with that, expectations are rising. Boards want more measurable results, greater efficiency and faster delivery. So everyone needs to do more with less. 59% of CMOs have insufficient budget to execute their strategies and most of them are looking towards AI to have as a possible lever to address this gap or at least try and bridge it. But there are real risks here. Teams are often starting with the technology and then going looking for problems to solve with that technology and that rarely delivers value and often leads to stalled initiatives. How do you help your clients avoid this solution-first mindset and what does a more structured problem-led approach look like in real marketing environments?
- Paul Johnson
Highlights & Key Insights
1. Start with the Why, not the Tool
Too many teams jump into AI with a solution-first mindset. The panel pushed hard against that.
You need to understand the whats and whys before you start tackling the hows.
- Matthew Saunders
We stressed the importance of identifying repetitive, data-heavy, and feedback-loop-dependent processes. Things like content review gates or asset tagging as the most valuable opportunities for automation.
2. AI is not Magic, It's Smart Math
Jamie framed Large Language Models (LLMs) not as creative geniuses, but as very good pattern recognizers. They're more "clever librarians" than original thinkers.
LLMs are not doing reasoning in the human sense, they're more like an extremely good search engine of human knowledge.
- Jamie Abrahams
Expecting them to invent breakthrough creative or strategy will leave you disappointed. But as support for summarising, filtering, and speeding up content workflows? They become an efficiency booster.
3. Human-in-the-Loop is Non-Negotiable
AI isn't a replacement for people, it's a partner. Matthew walked through a mini case study where AI was used to aid in brand guideline compliance audit, reduce SLA reporting times by 80%, and streamline asset pipelines. But in every case, humans remained in control.
We never removed people from the loop. The AI was an assistant, not an overlord.
- Matthew Saunders
This framing, AI as a force multiplier, resonated across the panel. Alan added:
You can never spend too much time framing the problem. Once that's clear, everything else starts to fall into place.
- Alan Botwright
Jamie suggested that human soft-skills are going to be increasingly important and that those with educational backgrounds not grounded in computer science might adapt more quickly.
People with psychology or literature backgrounds often adapt to AI tools faster than engineers. Soft skills are a real superpower here.
- Jamie Abrahams
4. Data Sovereignty Matters
The team then tackled one of the biggest blockers to enterprise adoption: where does your data go?
If you're using a public LLM, your data is not private. Full stop.
- Matthew Saunders
The options? Either host your own (complex, but sovereign) or work with a trusted provider who can guarantee control over data storage and model access.
5. Cost Isn't Just About Tokens
Licensing, training, integrations, governance, and internal change management all add up. Matthew suggested teams run a "pre-mortem":
Ask: a year from now, this AI rollout failed. Why? Map every reason-and you'll surface the hidden costs before they become real.
- Matthew Saunders
Jamie added that the best outcomes come from constrained agents and narrowly scoped tasks. Not sprawling generalist bots.
If you make your agent or LLM do as little as possible, it's much more likely to get it right.
- Jamie Abrahams
6. Open Source + Drupal = Strategic Advantage
When asked why Drupal AI matters and what it means to organizations, the panelists had quite a bit to say:
You can build and demo an end-to-end AI prototype in 5 minutes on Drupal. No other open platform gives you that kind of agility.
- Matthew Saunders
This isn't just a tech shift-it's a change program. Trust, communication, and alignment across teams are critical to success.
- Alan Botwright
Drupal's built-in abstraction layers mean you can swap models, switch providers, and adapt as the AI landscape evolves-without rearchitecting everything.
Final Thoughts
This was a real-world conversation grounded in experience: how to launch, govern, scale, and sustain AI in environments with limited budget, complex regulation, and high user expectations.
If you missed the session or want to share it with your team, the full recording is available here:
Thinking about AI for marketing? Discover how to identify high-impact use cases for AI adoption and avoid common pitfalls in our recorded expert-led AI webinar.
Drupal isn't just powerful open-source tech - it's officially recognized as a Digital Public Good, meaning it's built to serve people and planet. In this piece, Mike Gifford shows how Drupal's values align with global goals like sustainability, accessibility, and digital trust - and why it's time for the community to start talking more about Drupal as a force for public good.
