Sector(s)
Project Team
Team members:
Antoine Osanz - Engagement Manager
Nick Austen - Project Manager
Steven Worley - DevOps Lead
Ivan Grynenko - Technical Lead
Ming Quah - DevOps Engineer
Following a threat alert from the Tertiary Education Quality and Standards Agency (TEQSA), we worked with this university client to help secure their platform and websites from cyber threats. Our solution uses QuantCDN, which creates an entirely static copy of the website on the frontend to reduce the attack vector. We also brought key uni websites into our support desk and migrated them to Salsa’s hosting platform to ease the university’s operational burden.
About the project
The university’s challenge
Our university client wanted to improve the security posture on their websites that Salsa was supporting. They were also keen to reduce the operational burden of hosting and maintaining sites internally. Note: Due to a strict communications policy, this client can’t be named.
Back to topThe university’s transformation — Salsa support and new security measures
To relieve the operational pain, Salsa recommended putting the websites onto our operational support infrastructure. As part of this process, 10 websites were moved onto the Salsa Helpdesk for their support needs. The sites were also moved onto the new, highly secure Salsa hosting platform.
For security, we took a multi-pronged approach. Firstly, we set up a more rigorous patch application process. We also proposed putting QuantCDN in front of the sites.
When Salsa CTO and QuantCDN creator Stuart Rowlands explained to the university’s security expert that Quant was not just a CDN but also a static copy of the site, he instantly understood the benefits (reduced security attack vector on the sites) and was onboard straight away.
QuantCDN generates and serves a static version of a website to users. This significantly reduces the attack surface because users interact with a static representation of the content, not the frontend of a live CMS. More about QuantCDN
This gives the university increased flexibility and reduces time pressure for patching the backend because it’s not as publicly accessible.
The university backend was hardened further by putting basic authentication in front (a shield). Now, content authors need to enter the shield username and password before they can login to the CMS itself.
For more complex scenarios where the Quant static option wasn't feasible — such as websites needing public user authentication — we deployed a Web Application Firewall (WAF) to monitor traffic and thwart malicious activities targeting the web application.
Back to topThe outcomes — improved security and reduced costs
- Significantly reduced security risks across all of the university’s sites that Salsa supports
- A significantly reduced attack surface
- 10 of the university’s sites now on the secure Salsa hosting platform
- Reduced costs for maintenance and patch cycles
- 10 websites now supported by Salsa to ease operational burden
- Faster and more consistent response times
- The option to “buy time” as a mitigation against D7 End-of-Life liabilities (through a static version of the D7 sites post End-of-Life)
More information about options for Drupal 7 End-of-Life
Back to topWhy Drupal was chosen
Technical Specifications
Drupal version:
