Home > Customers > TechSoup Global

TechSoup Global

TechSoup Global Demonstrates How Nonprofits Profit from Application Security.

Total

visibility

Easy-to-use

interface

Flexible

and non-intrusive

Industry

Technology

Website

www.techsoup.org

“We have a responsibility to protect the data for our vendors and our partners, and our clients and our employees.”

Richard Collins,

TechSoup

Download as PDF

Overview

TechSoup Global, a nonprofit organization based in San Francisco, California, offers other nonprofits a one-stop resource for technology needs. The organization provides free online information, resources, and support. They also offer TechSoup Stock, a product philanthropy service where nonprofits can access donated and discounted technology products provided by corporate and nonprofit technology partners. The product donation program has enabled organizations to save over $1.4 billion in expenses as of June 2009.

Donations are often processed through credit cards, which makes the organization’s web-based transaction processing infrastructure a prime target for hackers. After an unsuccessful breach attempt, TechSoup felt it needed to go beyond traditional perimeter and desktop protection. A comprehensive evaluation of web application firewalls (WAFs) led TechSoup to select Imperva’s SecureSphere for its ability to provide operational visibility, with little overhead and no changes to the applications, and its ability to facilitate PCI compliance.

“We have a responsibility to protect the data for our vendors and our partners, and our clients and our employees,” explained Richard Collins who manages cyber security for TechSoup.

Business Problem

TechSoup Global’s web application servers handle sensitive data on a regular basis, including credit card information from donors. The volume of TechSoup transactions placed the organization in the Tier 4 merchant classification, which required the nonprofit to comply with strict Payment Card Industry (PCI) rules that govern the handling of personal data.

TechSoup’s small, but dedicated, application development and IT teams worked hard to maintain a secure environment using traditional firewalls and desktop security solutions. But in early 2009 a hacker launched an unsuccessful SQL injection attack, which attempted to gain access to sensitive data within the transaction processing application. As a result, TechSoup was forced to take its applications offline for two days, while staff tried to determine how the exploit was executed and remediate any weaknesses in the system.

“We did have a SQL injection issue about a year ago, and the SQL injection was unsuccessful in destroying or modifying or stealing any data. However, it did take us about two days of system downtime to deal with the forensics,” explained Collins. The attack caused TechSoup to search for an application security solution that would more effectively monitor and protect its applications from hackers and prevent the loss of sensitive data. As a nonprofit with limited resources, the solution also needed to be easy to use and deploy, and require no changes to applications or the network.

Technology Requirements

To protect its web-based transactions from hackers, TechSoup Global deployed SecureSphere Web Application Firewall.

SecureSphere delivered total visibility into data access and usage. Its easy-touse interface provided granular policy creation and enforcement to circumvent unauthorized access or changes to data residing on TechSoup’s web applications and databases. SecureSphere Web Application Firewall protects web applications and sensitive data against sophisticated attacks, such as SQL injection, cross-site scripting (XSS), and brute force attacks. It also stops online identity theft, and prevents data leaks from applications. Imperva’s Dynamic Profiling technology automatically builds a model of legitimate behavior and recognizes application changes over time, ensuring that SecureSphere’s security policies are up-to-date, and accurate, without manual tuning.

SecureSphere met TechSoup’s needs for flexible, non-intrusive deployment, and the ability to manage their environment with the smallest of footprints. The solution offers drop-in deployment, automated adaptable security, and low operational overhead. “The architectural flexibility was just what we needed,” says Collins. “We did deploy it in an inline mode, but we appreciated the fact that we could have deployed it in other modes.”

The Intelligent Choice for TechSoup Global

With the deployment of SecureSphere Web Application Firewall, TechSoup Global has gained operational visibility and control of its applications, ensuring a high level of trust among its nonprofit partners and donors. “Our comfort level is much higher knowing that Imperva is providing protection at the application level,” says Collins. SecureSphere has also helped us simplify PCI compliance by reducing annual pentesting requirements. SecureSphere has turned out to be a very good fit for us.”

dark gradient black blue purple with dots bg

See how we can help you secure your web apps and data.

Free Trial Schedule Demo

Free Trial Schedule Demo

The importance of a resilient CDN for digital performance

Imperva named a security leader in the SecureIQlab CyberRisk Report

IDC Spotlight: Effective Multicloud Data Security

Global DDoS Threat Landscape Report

The State of Security within eCommerce 2022

Imperva reimagines partner program: Imperva Accelerate

Protect your Cloudera data with Imperva

Quálitas continues its quality services using Imperva Application Security

Discovery Inc. tackles data compliance in public cloud

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

Cyber Threat Index

Browse the Imperva Learning Center for the latest cybersecurity topics

Imperva ESG Reports