The largest online store of its kind globally, this retailer’s eCommerce sites handle more than 300k visits per month from customers in the US, Europe and Asia. To deliver the consistently high customer experience they’re recognized for, the retailer provides flexible payment solutions that necessitate integration with third parties, including PayPal, Amazon Payments, Apple Pay and Google Pay, along with traditional payment card options.
As these integrations come under increasing attack from hackers looking to steal payment information, the retailer recognized an urgent need t protect itself and its customers from attacks like Magecart, formjacking, cross-site scripting (XSS) and sensitive data leakage. They also wanted to protect the business from significant revenue loss caused by competitor ad injections and customer journey hijacking. They needed to do this without degrading user experience and website performance. To make things really easy to manage, the retailer wanted a solution that could integrate via CDN.
“In keeping with our commitment to providing a high-quality user experience on our websites, Tala has also ensured that the effect on website performance is near-zero.”
Deploy Effective Website Security Without Impacting Performance
When evaluating solutions to secure its websites and web applications, the retailer had key criteria:
1. VISIBILITY INTO THIRD-PARTY INTEGRATIONS
The IT security teams had little visibility into marketing and analytics teams and the integrations they were using. They needed a solution that could provide greater insight and visibility into these integrations.
2. SAFEGUARD USER DATA
The lack of visibility into third-party integrations created concern around PII protection and potential data leakage. The retailer needed to identify and secure third-party applications with the potential for sharing user data, including forms, user credentials and payment information.
3. WEBSITE PERFORMANCE ASSURED
The retailer needed a solution that provided optimal security without impacting on website performance or user experience.
4. CDN INTEGRATION CAPABILITY
The retailer needed a solution that could be deployed efficiently and without an operational burden.
“With Tala, we were able to deploy a strong Content Security Policy on our websites, ensuring our customers enjoy an optimal user experience, free of ad injections or session re-directs.”
Having recognized the value of standards-based security and Content Security Policy (CSP), their IT team was keen to jumpstart immediate adoption and wanted a solution that wouldn’t require significant effort to establish, test, maintain and monitor. Having noted that even very large retailers and banks were struggling with “DIY” implementations, this retailer wanted a solution that could do the heavy lifting for them to ensure maximum effectiveness.
Having evaluated a number of solutions against these criteria, Tala was one of the few that offered protection from a vast number of a Tala’s unique approach to standards-based security meant the retailer could accelerate its capability using automation and continuous deployment of precise, browser-native, standards-based policies and controls. And because Tala is a Cloudflare certified partner, the retailer could deploy comprehensive website security without the operational burdens associated with the application and administration of these policies.
“By securing the login, payment and checkout pages with Tala, we have ensured our customers’ credentials are safeguarded from malicious actors at all times.”
Easy Deployment with Cloudflare
The retailer deployed Tala Security through a CDN integration via Cloudflare. Because Tala is a certified Cloudflare partner, the integration was optimized for performance, delivering the precise security controls the retailer needed without placing a burden on internal infrastructure. Deployed via Cloudflare, Tala’s security policies are directly consumed by the browser, ensuring the retailer met their requirement of zero performance degradation and optimized page times. Cloudflare integration also means that Tala’s automation of standards-based, browser native security controls can be up and running in a few minutes.
Tala was deployed across all the pages of the main website, beginning in report mode for a week, followed by block mode. The option to report or block was important to the retailer’s IT team: with some applications undergoing a lot of changes, the option to stay in report mode without impacting functionality was critical.
Benefits and Business Impact
Following the successful deployment of Tala Security, the retailer realized significant benefits and business impacts:
Cost and resource savings
Tala’s automation of standards-based controls led to significant cost savings for the retailer: it would have taken a dedicated team of engineers and security experts to maintain CSP and the other security standards they were committed to accelerating.
Enhanced team alignment
Through Tala, reporting across multiple teams is enabled, meaning the retailer’s marketing and AppSec teams were able to establish a process to manage third-party vendors effectively. Approval and alerting for multiple teams within Tala allows multiple teams to stay aligned.
Increased return of 22% due to a significant reduction in content injection and customer journey hijacking attempts.
Increased conversion rate
Uplift of 5%, marketing campaigns effectiveness increased by 25%.
Don’t Sacrifice Security for High Performance
Tala’s Cloudflare-certified integration module allowed the global retailer to support multiple regions at once from a single installation. The module deploys in minutes via the Service Worker platform, enabling a serverless, instant deployment. This integration ensures that Cloudflare customers can activate enterprise-grade website security quickly and efficiently from Cloudflare’s 200+ reliable and redundant edge locations globally.
Tala’s security policies are directly consumed by the browser, ensuring optimized page load times and zero performance degradation or impact on user experience. In addition, Tala’s analysis engine continuously scans for malicious or unintended data leakage and provides alerts for any anomalous behavior. This feature is critical for driving data privacy, in line with GDPR, CCPA and other regulatory enforcement bodies.