Tala’s Cloudflare-certified integration module makes deploying enterprise-grade web security easy.
The largest online store of its kind globally, this leading retailer’s e-Commerce sites handle more than 300k visits per month. To deliver the consistently high customer experience they’re recognized for, a critical area of focus was partnering with key third-party integrations to offer flexible payment solutions, including PayPal, Amazon Payments, Apple Pay and Google Pay, along with traditional payment card options (available choices vary based on device or browser).
These and other third party integrations are a favored target of attackers looking to steal payment information. The retailer identified the urgent need to protect its customers’ browser sessions from attacks like Magecart, formjacking, cross-site scripting (XSS) and sensitive data leakage. They also wanted to protect the business from significant revenue loss caused by competitor ad injections and customer journey hijacking. They wanted to do this without degrading customer experience or website performance.
Learning from the best, leading from the front
To protect customers from fraud and data loss, the retailer researched the best security strategies to adopt. They recognized that standards-based security and controls like Content Security Policy (CSP) would deliver the web protection they were looking for without impacting performance. But they also recognized that effective implementation in-house would require a dedicated team of engineers and security experts to implement and maintain those standards.
Cloudflare was identified as the ideal serving point for these security policies.
“We knew that, although many enterprises were moving in the direction of standards, they were slow to get to grips with it,” said the Head of Application Security. “We weren’t content to follow the slow-moving herd, and wanted to move this control forward. In order to keep delivering the very best shopping experience on the web, we looked for help to jumpstart our immediate adoption of CSP.”
The retailer evaluated a number of client-side security solutions against their main criteria:
- Protection against Magecart and other advanced client-side attacks
- Zero impact on website performance and user experience.
Simplified deployment via Cloudflare integration
To make things even easier, Tala’s website security technology could be deployed through a Cloudflare integration which effectively eliminated the operational burdens associated with the application and administration of standards-based security policies. The integration was optimized for performance, delivering the security controls they needed without burdening their internal infrastructure.
Tala’s Cloudflare-certified integration module allowed the global retailer to support multiple regions at once from a single installation. The module deploys in minutes via the Service Worker platform, enabling a serverless, instant deployment. This integration ensures that Cloudflare customers can activate enterprise-grade website security quickly and efficiently from Cloudflare’s 200+ reliable and redundant edge locations globally.
Tala’s security policies are directly consumed by the browser, ensuring optimized page load times and zero performance degradation or impact on user experience. In addition, Tala’s analysis engine continuously scans for malicious or unintended data leakage and provides alerts for any anomalous behavior. This feature is critical for driving data privacy, in line with GDPR, CCPA and other regulatory enforcement bodies.
Don’t sacrifice security for high performance
With Tala, the retailer was able to quickly deploy Content Security Policies and other highly effective standards-based security functionality on their website, ensuring a secure browser experience. By securing the login, payment, and checkout pages with Tala, the retailer ensured that customer credentials are safeguarded from malicious actors at all times. Deploying Tala via the Cloudflare service workers integration expedited the implementation of highly effective client-side security controls without impacting on performance.