Protecting Xero’s Cloud-Based Accounting Platform from Cyber Attacks

ID IMPERVABLOG:71C517300B441FB2D0B16E8D17593F58
Type impervablog
Reporter Tami Casey
Modified 2017-10-24T11:00:21


Meeting with customers is always insightful, and recently I got a chance to sit down with Aaron McKeown, head of security engineering and architecture at Xero, to talk about how they use Imperva SecureSphere for their cloud-hosted applications.

Founded in 2006, Xero provides cloud accounting software to small businesses. The company, which has over one million subscribers in more than 180 countries, is scaling quickly. After experiencing a significant period of growth, they decided to move from legacy infrastructure to a cloud data-hosting environment.

Xero uses SecureSphere Web Application Firewall (WAF) and the Imperva ThreatRadar service to further safeguard its cloud-hosted applications from malicious web application attacks.

What were the business and technical issues facing Xero?

McKeown: While we had grown to be hugely successful on our previous infrastructure, we migrated to AWS’ data-hosting environment to enable us to scale to meet the needs of millions of customers.

Our systems are busiest on the first and twentieth of the month and in the days leading up to tax filing deadlines. We needed a data-hosting environment that would enable us to scale out our servers to meet high user demand times and deliver more consistent performance to our customers, even during the busiest times of the day.

Aaron McKeown, head of security engineering and architecture at Xero

Aaron McKeown, head of security engineering and architecture at Xero

Why did you choose Imperva?

McKeown: When we began our migration to AWS, we developed a detailed security architectural plan, which outlined the five key tenets to our security architecture. One of those was covered by Imperva and the protection of our web application stack. Not only did Imperva provide the protection we needed, but Imperva SecureSphere gave us a high degree of environmental control and was customizable to meet the needs of our application stack.

What can you do now that you could not before?

McKeown: Deploying Imperva SecureSphere further fortifies the layer of protection between Xero’s users and its application that protects them against the OWASP Top 10 web security risks. Imperva SecureSphere also enables the virtual patching of applications against new vulnerabilities as soon as they are discovered.

Is there anything you’d like to add?

McKeown: At Xero, protecting and defending our systems and environment against today’s sophisticated cyber attacks is of critical importance. Imperva is helping us do this without compromising speed or the deployment of innovative features. We’ve developed a strong relationship with Imperva and see them more as a security partner rather than a vendor.