Case studies

How Change.org consolidated several VPN tools for a streamlined administration & use


Case Study Change.org

Change.org, the world's largest platform for social change, empowers individuals to create change on the issues that matter to them. The organization leverages the impact of a single voice, uniting them with hundreds, thousands, and sometimes millions of others who feel the same and gives them the tools to mobilize those voices into action. Change.org’s mission is to empower people everywhere to create the change they want to see on a diverse range of issues, from local campaigns to improve community services to national and global campaigns that are fighting to stop climate change.  

Profile of Change.org

The primary function of the technology-driven platform is to help individuals to create and launch campaigns, starting with an online petition. Once they’ve started a petition, the platform offers tools and guides to help that individual to mobilize their support, get media attention, and ultimately engage with their decision-maker. With approximately 70,000 petitions submitted monthly and over half of a billion people from nearly 200 countries joining the Change.org platform, individuals take action and make a difference in local and global issues. 

However, speaking up can cause risks, where some people, organizations, or governments may not agree with a desired change and may want to inflict harm, which poses data security challenges for the company. Mike Bogdan, Senior Manager of Information Security at Change.org, knows the importance of protecting platform members. Thus, he shared his journey of building the department from scratch and revising the existing infrastructure to improve.

The Challenge

Outgrown VPN tools for organization maturity needs

Change.org, a unique non-profit-owned company that operates globally, faces the complexity of problems due to its business service profile. To tackle these challenges, the organization implements protocols and procedures that lower the exposure of users’ identities, personal information, locations, and IP addresses to the public.

People who use our site to create and sign petitions need protection as they publish their names or operate anonymously. And we must ensure that the users' safety is first and foremost.

Security solutions are instrumental for the successful delivery of internal data protection policies. The company combined different tools with necessary functionalities, but incoherently covered business security needs — decentralized and scattered solutions increase resource squandering. 

It was time for a change replacing and optimizing the VPN program that was combined with two inconvenient consumer-like solutions from different vendors and insufficient maturity levels.

Change.org reached a turning point when it identified the growing gap between the evolving company’s information security program and the maturity of implemented VPN solutions. Upon evaluating the investment value for poor user experience, it became evident that the existing solutions fell short of expectations and that an alternative was in demand.

The Solution

Change deficiency for efficiency & effect

To rethink and upgrade existing company infrastructure, the Infosec Senior Manager started looking for a solution that syncs with organization network management needs across the front and back ends. A lean cybersecurity team at Change.org must ensure that the selected tool is quick to grasp and intuitive, relieves from manual tasks, and has robust functionality. 

One of the solutions was used for typical VPN access, and the other was for privileged access to our cloud infrastructure. Discovering NordLayer lets us simplify by eliminating both products and focusing on a single application with the same functionalities that work better.

The key points of the new solution implementation were:

  • The chosen tool had to work well in cloud environments as the company website and software development is cloud-based. 
  • The approach to the change strategy must guarantee a structured transition incorporating testing and gradual transformation.
  • The solution becomes integral to the infrastructure-building defense-in-depth security model.
  • Time to value is demonstrated so admins and end-users adopt the tool swiftly.

The main use of a VPN for our employees is to switch to the tool as secure access to our secured cloud gateways — whenever they try to connect to an unfamiliar or untrusted network, either they enforce NordLayer or are redirected to an error page.

Every organization member has set up a NordLayer account to access secured company gateways. Typically, the workforce is assigned to default company virtual private gateways. Admins can also define who are trusted individuals, allowing the right people to access the right websites and applications. Consequently, the NordLayer interface gets personalized for different member groups.

Once connected to the VPN, employees encounter different challenges before entering the network or company resources and applications. Thus, having a VPN as the first stage of authentication and access control is important for the company to protect its most guarded security infrastructure.

Why choose NordLayer

Cloud infrastructure and SaaS solutions enable possibilities of compatibility, mix-and-match options, and simple integration with minimal effort. However, ease of use doesn’t imply it is careless. 

When creating cloud-based architecture and selecting security tools, the admin must be mindful of making the most of the chosen solutions — they shouldn’t clash but enforce one another for more resilient and layered protection.

NordLayer experience compared to unconsolidated solutions and applications, according to Change.org

VPN program table

In the case of Change.org, NordLayer proved to have functionalities configured and maintained centrally under one roof. Streamlining the number and quality of vendors, applications, and desired outcomes brings true simplicity to cybersecurity, even in the face of complex challenges.

The Outcome

All required functionalities in a single solution

By reducing the number of tools and solutions to achieve defined security strategy targets, NordLayer eliminated decentralized infrastructure maintenance. Having one polished tool that combines main functionalities is easy to maintain, make changes and enforce updates. 

The centralized approach enables admins to move organization members, create and manage teams, configure internal policies in one place, and avoid repetitive configuration that could lead to human error.

As a Senior Information Security Manager, I am satisfied that we consolidated two decent tools into one that works very well.

Tech support availability is crucial for tackling customer-facing challenges, as they can escalate into severe service disruptions affecting both the organization and its end-users. The IT support team’s live chat ensures around-the-clock availability.

The drastic time zone difference suggests it might be challenging to get timely support. However, a 10-hour interval didn’t create a gap for the delay in solving our issues.

Moreover, the user interface of the NordLayer application and the Admin’s Control Panel is easy to grasp quickly. Intuitive installation and configuration allow the organization’s administrators to focus on their job responsibilities without wasting their attention and energy on navigating solution controls.

Pro cybersecurity tips

Our rule of thumb is to share valuable insights of the colleagues in the industry — what they find useful, where to pay attention first, and what good practices benefit the organization's security. Mike Bogdan, the Senior Manager of Information Security at Change.org, better than anyone else, knows how to make a difference. Here are his cybersecurity tips that are worth your time:

Quotes of Change.org

By consolidating security tools, companies can streamline their defenses and reduce complexity, enabling more efficient threat detection and response. Layered security involves implementing multiple security measures at different levels, creating a comprehensive defense against various attack vectors. 

In this era of growing cyber threats, NordLayer stands at the forefront by offering cutting-edge solutions that integrate these essential elements. Trust in NordLayer's expertise to fortify your digital defenses and protect your critical assets against ever-evolving security risks.


Copywriter


Share this post

Stay in the know

Subscribe to our blog updates for in-depth perspectives on cybersecurity.