Transact Campus boosts data security with Azure Web Application Firewall

Transact Campus offers a mobile-centric technology ecosystem for educational institutions in the US. It was using a third-party web application firewall to protect its products. However, high costs, a variety of bugs, lackluster performance, and limited scalability led the company to explore other options. The company selected Azure Web Application Firewall on Azure Application Gateway, boosting customer data security, reliability, and scalability while reducing costs.

Today’s college-bound students have grown up in a world using smartphones to buy snacks, pay transit fares, manage schedules, and more. They expect a similar experience on campus. As a result, higher education institutions have been searching for modern solutions to meet these expectations. Transact Campus offers a variety of web-based app solutions that keep campuses modern for students, faculty, staff, and vendors.

Transact offers a range of products organized into three main categories: Transact Integrated Payments, Transact Campus ID, and Transact Campus Commerce. The integrated payment solutions cater to schools' administrative needs by streamlining electronic billing, facilitating campus-wide payments, and offering flexible tuition payment options. Schools can take advantage of these solutions to enable students and families to pay for various expenses, from parking fees to tuition.

Transact's Campus ID Solutions provide a more secure, mobile-centric campus environment, enabling contactless student ID credentials for seamless transactions and access privileges across the campus. In addition, Transact's Campus Commerce Solutions facilitate campus purchases through integrated point-of-sale systems that link student accounts to campus ID cards or mobile credentials. Schools can enhance student IDs by incorporating features such as meal-plan management or a debit card option with Transact Campus ID. Campus Commerce Solutions equip schools with the necessary tools to sell products both on and off campus. This includes point-of-sale solutions, mobile ordering capabilities, and self-service kiosks, all integrated with Transact's comprehensive metrics and reporting platforms to optimize operations.

Transact Integrated Payments offers a data and analytics tool, Transact Insights, designed specifically for the higher education market. A new feature, Data Connections, is expected to debut in mid-2024. Once implemented, it will enable campus administrators to access and analyze data, then aggregate that data seamlessly. Users can also connect AI-powered tools to their preferred reporting tool or platform.

Most of these products involve either financial services or personal data management, making strong data protection and reliability perennial requirements for Transact. More recently, the company has needed greater scalability to keep up with rapid customer growth. Previously, Transact relied on a third-party traditional web application firewall (WAF) that was hosted in a network virtual appliance as the first layer of security for its products. However, rising operational costs, constant issues, instability, and limited scalability led the company to explore WAF solutions from other providers.

"Our WAF couldn’t scale dynamically to meet demand, and we couldn’t comprehensively monitor the platform. The licensing model was also archaic,” says Justin Galbraith, Cloud Infrastructure Architect, Transact Campus. “Ultimately, the largest problem was the inability to scale, which caused a good deal of anxiety anytime the volume of traffic on the platform was predicted to grow.”

The team seized the opportunity to find a replacement security stack and compiled a long list of additional improvements they wanted to see. At the top of that list was finding a solution that enabled teams to help protect against the Open Worldwide Application Security Project’s (OWASP) top 10 emerging threats. Intrusion detection and prevention functionality were a must, along with monitoring and dashboard functionality. The solution would also have to meet the mandates of multiple compliance frameworks without breaking the bank.

“We were looking for a balance between features and cost. The ability to dynamically scale up and down based on actual traffic volumes helps us to keep the environment rightsized and cost efficient,” Galbraith says. “We wanted to stay away from systems that were not offering scaled pricing, because we knew that it would take time to migrate all our products over from our existing solution and we didn’t want to pay for unused capacity.”

The final list of criteria contained more than a dozen requirements. A tall order—but not an impossible one. Multiple solution candidates ticked all the boxes on the list, qualifying them for final consideration. Transact asked each finalist to provide a trial version of their software. The company then conducted a series of real-world use cases on each to determine which one best met their needs.

A winning solution: Azure Web Application Firewall and Azure Firewall

In the end, only one solution came out on top: Microsoft Azure Web Application Firewall on Azure Application Gateway and Microsoft Azure Firewall.

“During the trial, it became clear that the platforms provided by other vendors were so complex that they would require specialized training to operate,” recalls Galbraith. “Since we were looking to partially decentralize the configuration and administration of our WAFs, that extra complexity would introduce a difficult hurdle that our teams would have to overcome before they could take on extra responsibilities.”

The Transact team was already using Azure in other capacities, giving it a natural edge over the competition. “We were already an Azure shop, so we had a deep understanding of how to create and manage resources in our environment,” Galbraith explains. “We were looking for a solution that offered native logging integration with other Azure solutions, as well as the ability to have several built-in dashboards to show resource performance and health.”

The Azure WAF impressed on several levels during the trial. The Transact team noted the ease of deployment and configuration, especially with the existing set of automation tools. However, the deciding factor was data protection.

“Azure met or exceeded all our security, performance, scalability, and compliance requirements. The ease of spinning up and configuring a new application gateway meant we could shift away from having a centralized security architecture and move toward product-specific security stacks,” Galbraith says. “By providing each product with its own WAF solution we could avoid resource demands that led to performance issues on the previous monolithic stack. Plus, the deep integration with the Azure threat intelligence feeds provided the extra layer of modern security that we were looking for to protect our customers’ data.”

A solution that benefits everyone

Transact has already seen positive changes since moving to Azure WAF on Azure Application Gateway and Azure Firewall, Galbraith says. “Our customers have benefited from our more modern security posture, which provides additional layers of protection to help keep their data safe,” he notes, adding that the solution has benefited the company internally as well. The benefits of this solution don’t just stop at security and compliance, however.

“Now that our security and network configuration is fully source-controlled and automated, we benefit from having production-like development environments.” Galbraith continues. “Developers have confidence that their code will work the same in production as it does in their test environments. There are no more surprises caused by configuration drift.”

From a business perspective, the move to an Azure solution has led to some significant benefits as well. “Even in the most high-performing organization, hand-offs between teams take time. Now that new product features and security configurations are deployed together, we have a more streamlined release process,” Galbraith says. “The result is a massive increase in our release velocity which helps us to stay ahead of our competitors. It gives us a real edge in the marketplace.”

In addition, moving web security to the Azure Application Gateway has increased communication and collaboration between the organization’s security and development teams. Notably, the process for addressing false positives has evolved into a dialog between teams. Together, they work to decide between tuning, application, modification, or a combination of approaches. The result has been a much more secure environment that neither team could have achieved independently.

“The Azure Application Gateway is a good solution to protect modern applications. The nice part about this being an Azure offering is that it is under constant and very active development,” Galbraith says. “There are new features and functionality being delivered all the time. Chances are that if you do find something that is missing, it won’t be long before it’s added.”

Find out more about Transact Campus on Twitter, Facebook, and LinkedIn.