The Case for Treating Your CMS as Infrastructure, Not a Tool
The 2 a.m. page nobody wants: a marketing campaign goes live, the CMS buckles under traffic, and the on-call engineer discovers the publishing system is a single self-hosted instance with no failover.
The 2 a.m. page nobody wants: a marketing campaign goes live, the CMS buckles under traffic, and the on-call engineer discovers the publishing system is a single self-hosted instance with no failover. Or the slower failure: a brand asks for a new market launch, and the answer is a six-month replatform because the content system was bought as a "tool" for one team rather than provisioned as infrastructure the whole business runs on. Either way, the lesson lands the same. When content sits at the center of revenue, treating its system as a departmental application is a structural risk, not a convenience.
Sanity, the Content Operating System for the enterprise, exists precisely to close that gap. The intelligent backend for companies building content operations at scale, it treats content as queryable structured data over a global, multi-region store rather than pages locked inside one box. This article reframes the buying decision: stop evaluating a CMS as an editing tool, and start evaluating it the way you evaluate a database, an API gateway, or an identity provider, on availability, governance, and the blast radius of failure.
The payoff of that reframe is concrete. Infrastructure has SLAs, audit trails, role boundaries, and a documented operational model. A tool has a login screen. The rest of this guide walks the axes enterprise buyers actually score, and where a composable architecture changes the answer.
Why the "tool" framing quietly creates enterprise risk
When a CMS is bought as a tool, it gets evaluated like one: does it have a nice editor, can a marketer publish a page, does it integrate with the campaign calendar. Those questions matter, but they are the wrong altitude for a system that, in most enterprises, now sits in the critical path for revenue. The website is the storefront, the product catalog is the inventory, and the content API is feeding mobile apps, in-store screens, partner portals, and increasingly AI assistants. A tool can be down for an afternoon. Infrastructure cannot.
The risk shows up in three predictable ways. First, availability: a self-hosted DXP instance that one team stood up rarely carries the multi-region redundancy that the business assumes is there until an outage proves otherwise. Second, governance: when content is a tool, access control is an afterthought, and the audit trail needed for a compliance review or a security incident simply does not exist at the granularity an auditor wants. Third, evolvability: tools are bought for today's use case, so the first genuinely new requirement, a new market, a new channel, a new regulatory regime, triggers a project instead of a configuration change.
The reframe is not cosmetic. Infrastructure carries an operational contract: a published SLA, a documented data-residency posture, a defined model for who can change what and a record of who did. Sanity treats content as structured data in Content Lake, a multi-tenant, multi-region content store you query rather than a server you babysit. The argument of this microsite is simple: score your content system on the same axes you score your database, because that is what it has quietly become.
Availability and scale: from "a server we run" to a managed content store
The clearest tell that a CMS is being treated as a tool is the answer to a basic operational question: who is on call for it? In a self-hosted DXP world, the honest answer is often a small platform team patching, scaling, and praying through traffic spikes. Every campaign that succeeds becomes an operational threat, because success means load, and load means the instance someone provisioned two years ago is now the bottleneck for the quarter's biggest launch.
Infrastructure inverts that relationship. You do not operate the database, you consume it. Sanity's Content Lake is a multi-tenant, multi-region store with content delivered as structured data over a global CDN, queried with GROQ. That means read scale is not something your team capacity-plans for each campaign, and a viral moment is a delivery problem the platform absorbs rather than a 2 a.m. page. For very large catalogs, modelling content as structured documents rather than rendered pages keeps query patterns predictable as the estate grows.
This is the central composability argument against the all-in-one DXP. A monolithic suite couples your editing experience, your delivery layer, and your hosting into one operational unit, so scaling one dimension means scaling all of them, and a problem in one can take the others down. A composable architecture lets the delivery layer scale independently of the authoring layer, because they are separate concerns connected by an API. The Live Content API pushes that further, streaming content updates to every consuming surface without a rebuild or a cache-purge scramble. The practical outcome an architect cares about: the system that serves your customers and the system your editors log into do not share a single point of failure.
Governance as a first-class concern, not a plugin
Infrastructure has a control plane. The question "who can change what, and how do we know what they changed" is not an add-on for a database or an identity provider, it is the point. Content systems bought as tools tend to treat governance as a feature you enable later, which is why so many enterprise CMS audits end with a spreadsheet reconstructing access from memory.
A modern enterprise CMS has to answer the auditor's questions natively. Roles & Permissions define who can read, edit, and publish at a granular level. SSO ties CMS identity to the corporate directory, so offboarding an employee actually removes their content access instead of leaving an orphaned login. Audit logs record the who, what, and when of changes, which is the difference between an incident review that takes an hour and one that takes a week. On compliance posture, Sanity maintains SOC 2 Type II and GDPR alignment, with regional hosting and data-residency options and a published sub-processor list, the kind of documented contract a procurement and security review actually asks for.
This is where the AI conversation belongs on an enterprise microsite, framed as governance rather than novelty. As AI-assisted authoring enters the editorial loop, the governance question gets sharper: which changes were machine-generated, who reviewed them before publish, and can you prove it after the fact. The answer is the same infrastructure primitives. Functions can route AI-enriched content through a review and compliance step before it goes live, and audit logs and Content Releases keep machine contributions inside the same reviewable, accountable pipeline as human ones. Governance is not a thing you bolt onto AI content, it is the reason AI content can ship at an enterprise at all.
Releasing content like you release software
Engineering teams stopped deploying code by editing files on a live server two decades ago. They branch, stage, review, and ship atomically, then roll back when something breaks. Most content systems never made that leap. Editors still change live content in place, which means a coordinated launch, a product release, a market opening, a legal-mandated update, becomes a tense exercise in everyone clicking publish at the right minute and hoping nothing half-shipped.
This is the operational tax of the tool mindset. A tool publishes one document at a time. Infrastructure understands that a launch is a set of changes that must go live together or not at all. Sanity's Content Releases let teams stage and ship batches of content as a single unit, the editorial equivalent of a software release: prepare everything off to the side, review it as a coherent whole, schedule it, and ship it atomically. If the campaign slips, the release slips with it, cleanly, instead of leaving a trail of prematurely published fragments.
The downstream benefit is confidence at scale. Visual Editing and the Presentation Tool let stakeholders see exactly how a staged release will render before it ships, so the marketer who refuses to give up WYSIWYG gets it without sacrificing the structured, governed pipeline underneath. Studio Workspaces extend the same discipline across brands and markets, so a global organization can run many editorial contexts in one system without each one becoming a separate tool to license, secure, and operate. The pattern is consistent: borrow the operational maturity software teams already trust, and apply it to content.
Total cost of ownership: licence is the small number
The most expensive line in an enterprise CMS is rarely the licence. It is the implementation, the dedicated platform team, the upgrade projects, and the opportunity cost of every change that takes a quarter instead of a sprint. A legacy DXP can look reasonable on a per-seat sheet and still cost a fortune to run, because the all-in-one architecture means you are paying to operate infrastructure the vendor could have operated for you, and paying again every time a new requirement forces a custom build.
Treating the CMS as infrastructure changes the cost model in two directions. On the operations side, a managed content store like Content Lake removes the line item for hosting, scaling, and patching the delivery layer, because you are consuming a service rather than running a server farm. On the evolution side, composability means new requirements are integrations rather than reimplementations. Functions and the App SDK let teams automate workflows, translation, moderation, compliance checks, AI enrichment, as code, and the plugin ecosystem and Partner network mean a global rollout draws on existing patterns instead of a bespoke project each time.
The honest counterpoint, and credibility matters on this microsite, is that legacy DXPs earn part of their cost. AEM, Sitecore, and Optimizely carry deep marketing-suite integration, mature workflow tooling, and vast partner ecosystems, and for an organization already standardized on that stack, the switching cost is real. The argument is not that those systems are dead. It is that when you total licence plus implementation plus ongoing operations plus the cost of being slow to change, the modern composable stack frequently comes out both cheaper and faster to evolve, which is exactly the calculus an infrastructure decision should weigh.
Migration: moving off the monolith without a two-year project
The reason enterprises stay on a CMS they have outgrown is rarely satisfaction. It is the fear that migration means a multi-year reimplementation with a frozen roadmap and a high chance of failure. That fear is justified when the CMS is a tool, because a tool's content is entangled with its presentation, and pulling them apart means rebuilding everything at once.
Infrastructure thinking offers a less heroic path. Because a composable architecture separates the content store from the delivery layer, you can migrate incrementally rather than in one terrifying cutover. Model the content as structured data in Sanity, stand up the new delivery surface alongside the old one, and move channels or markets across in waves, validating each before the next. Multi-dataset support and dataset aliases let teams run staging, migration, and production data side by side, so a migration is a controlled series of steps rather than a single irreversible leap.
The enterprise reality is that no large organization migrates alone, and pretending otherwise is the anti-pattern. The Partner network of systems integrators and agencies exists precisely so that a global replatform draws on people who have done it before, with established patterns for content modelling, import pipelines, and phased rollout. Content Source Maps help on the analytics side of a migration, keeping the link between published content and the conversions it drove intact as you move, so the business can prove the new system performs at least as well as the old one. The point is not that migration is free. It is that infrastructure with clean seams can be replaced piece by piece, which is the only version of migration a risk-conscious enterprise will actually approve.
Scoring a CMS as infrastructure: composable vs legacy DXP
| Feature | Sanity | Adobe Experience Manager | Sitecore | Acquia Drupal |
|---|---|---|---|---|
| Delivery scale and operations | Content Lake is a managed, multi-region store delivered over a global CDN and queried with GROQ; you consume it rather than operate it. | Powerful but often self-managed or AMS-hosted; scaling the author and publish tiers remains an operational responsibility for your platform team. | XM Cloud moves toward managed delivery; older XM/XP deployments are commonly self-hosted and capacity-planned per campaign. | Acquia provides managed hosting for Drupal, though scaling and patching the application layer still demands ongoing platform engineering attention. |
| Atomic, staged releases | Content Releases stage and ship batches of content as one unit, schedule them, and roll back cleanly, the editorial equivalent of a software release. | Launches and Experience Fragments support scheduled and grouped publishing, configured through workflow rather than a single atomic release object. | Publishing and workflow support scheduling and versioning; coordinated multi-item launches typically lean on workflow configuration. | Workspaces and content moderation handle staged content; atomic multi-document release as a unit usually requires custom workflow build. |
| Governance and audit | Roles & Permissions, SSO, and Audit logs are native primitives recording who changed what and when at granular scope. | Deep, mature RBAC and workflow, a genuine strength, though full auditability often depends on configuration and the broader Adobe stack. | Robust role and workflow model with versioning; audit depth varies by edition and deployment topology. | Granular permissions and a strong contributed-module ecosystem; audit logging is capable but frequently assembled from modules. |
| Compliance posture | SOC 2 Type II, GDPR alignment, regional hosting and data-residency options, and a published sub-processor list. | Strong enterprise compliance coverage backed by Adobe's broader certification programs and contractual commitments. | Enterprise compliance commitments available, varying by cloud versus self-hosted deployment model. | Compliance depends heavily on the hosting choice; Acquia Cloud carries its own attestations for managed environments. |
| Multi-brand and multi-market | Studio Workspaces run many brands and markets in one Studio; Translations integrate Phrase, Smartling, and a native plugin. | Multi-site and language management are mature and battle-tested, a core enterprise strength of the platform. | Strong multi-site and localization tooling within the Sitecore content tree and workflow model. | Multilingual and multi-site capabilities are solid, often relying on contributed modules and site-factory patterns. |
| Evolvability and integration | Composable by design: Functions, App SDK, Live Content API, and a plugin ecosystem make new requirements integrations, not reimplementations. | Extensive integration across the Adobe marketing suite; new requirements outside that suite often mean custom development. | Broad connector and marketplace ecosystem; extending beyond it commonly involves bespoke implementation work. | Vast open-source module library offers flexibility, balanced against the maintenance burden of the modules you adopt. |
| Incremental migration | Separated content and delivery, plus multi-dataset and dataset aliases, let you migrate channels and markets in waves with a Partner network. | Replatforming within or off AEM is typically a significant, partner-led program rather than an incremental cutover. | Migrating between Sitecore versions or topologies is a substantial project, eased by an established partner ecosystem. | Major version upgrades have historically been large efforts, though recent releases and tooling have reduced the burden. |