How Change.org consolidated several VPN tools for a streamlined administration & use

Change.org, the world's largest platform for social change, empowers individuals to create change on the issues that matter to them. The organization leverages the impact of a single voice, uniting them with hundreds, thousands, and sometimes millions of others who feel the same and gives them the tools to mobilize those voices into action. Change.org’s mission is to empower people everywhere to create the change they want to see on a diverse range of issues, from local campaigns to improve community services to national and global campaigns that are fighting to stop climate change.  

The primary function of the technology-driven platform is to help individuals to create and launch campaigns, starting with an online petition. Once they’ve started a petition, the platform offers tools and guides to help that individual to mobilize their support, get media attention, and ultimately engage with their decision-maker. With approximately 70,000 petitions submitted monthly and over half of a billion people from nearly 200 countries joining the Change.org platform, individuals take action and make a difference in local and global issues. 

However, speaking up can cause risks, where some people, organizations, or governments may not agree with a desired change and may want to inflict harm, which poses data security challenges for the company. Mike Bogdan, Senior Manager of Information Security at Change.org, knows the importance of protecting platform members. Thus, he shared his journey of building the department from scratch and revising the existing infrastructure to improve.

The Challenge

Outgrown VPN tools for organization maturity needs

Change.org, a unique non-profit-owned company that operates globally, faces the complexity of problems due to its business service profile. To tackle these challenges, the organization implements protocols and procedures that lower the exposure of users’ identities, personal information, locations, and IP addresses to the public.

Security solutions are instrumental for the successful delivery of internal data protection policies. The company combined different tools with necessary functionalities, but incoherently covered business security needs — decentralized and scattered solutions increase resource squandering. 

Change.org reached a turning point when it identified the growing gap between the evolving company’s information security program and the maturity of implemented VPN solutions. Upon evaluating the investment value for poor user experience, it became evident that the existing solutions fell short of expectations and that an alternative was in demand.

The Solution

Change deficiency for efficiency & effect

To rethink and upgrade existing company infrastructure, the Infosec Senior Manager started looking for a solution that syncs with organization network management needs across the front and back ends. A lean cybersecurity team at Change.org must ensure that the selected tool is quick to grasp and intuitive, relieves from manual tasks, and has robust functionality. 

The key points of the new solution implementation were:

• The chosen tool had to work well in cloud environments as the company website and software development is cloud-based. 

• The approach to the change strategy must guarantee a structured transition incorporating testing and gradual transformation.

• The solution becomes integral to the infrastructure-building defense-in-depth security model.

• Time to value is demonstrated so admins and end-users adopt the tool swiftly.

Every organization member has set up a NordLayer account to access secured company gateways. Typically, the workforce is assigned to default company virtual private gateways. Admins can also define who are trusted individuals, allowing the right people to access the right websites and applications. Consequently, the NordLayer interface gets personalized for different member groups.

Once connected to the VPN, employees encounter different challenges before entering the network or company resources and applications. Thus, having a VPN as the first stage of authentication and access control is important for the company to protect its most guarded security infrastructure.

Why choose NordLayer

Cloud infrastructure and SaaS solutions enable possibilities of compatibility, mix-and-match options, and simple integration with minimal effort. However, ease of use doesn’t imply it is careless. 

When creating cloud-based architecture and selecting security tools, the admin must be mindful of making the most of the chosen solutions — they shouldn’t clash but enforce one another for more resilient and layered protection.

NordLayer experience compared to unconsolidated solutions and applications, according to Change.org

In the case of Change.org, NordLayer proved to have functionalities configured and maintained centrally under one roof. Streamlining the number and quality of vendors, applications, and desired outcomes brings true simplicity to cybersecurity, even in the face of complex challenges.

The Outcome

All required functionalities in a single solution

By reducing the number of tools and solutions to achieve defined security strategy targets, NordLayer eliminated decentralized infrastructure maintenance. Having one polished tool that combines main functionalities is easy to maintain, make changes and enforce updates. 

The centralized approach enables admins to move organization members, create and manage teams, configure internal policies in one place, and avoid repetitive configuration that could lead to human error.

Tech support availability is crucial for tackling customer-facing challenges, as they can escalate into severe service disruptions affecting both the organization and its end-users. The IT support team’s live chat ensures around-the-clock availability.

Moreover, the user interface of the NordLayer application and the Admin’s Control Panel is easy to grasp quickly. Intuitive installation and configuration allow the organization’s administrators to focus on their job responsibilities without wasting their attention and energy on navigating solution controls.

Pro cybersecurity tips

Our rule of thumb is to share valuable insights of the colleagues in the industry — what they find useful, where to pay attention first, and what good practices benefit the organization's security. Mike Bogdan, the Senior Manager of Information Security at Change.org, better than anyone else, knows how to make a difference. Here are his cybersecurity tips that are worth your time:

By consolidating security tools, companies can streamline their defenses and reduce complexity, enabling more efficient threat detection and response. Layered security involves implementing multiple security measures at different levels, creating a comprehensive defense against various attack vectors. 

In this era of growing cyber threats, NordLayer stands at the forefront by offering cutting-edge solutions that integrate these essential elements. Trust in NordLayer's expertise to fortify your digital defenses and protect your critical assets against ever-evolving security risks.