TLS Upgrade Required
At Blackbaud, your security is our priority. As the cloud software partner to many leading social good organisations, we have world-class security, privacy, and risk management teams that work around the clock every day to ensure that your data is safe and accessible to you.
As part of our commitment to sector-leading security and in alignment with industry best practices set forth by the PCI Security Standards Council, Blackbaud is disabling TLS (Transport Layer Security) 1.0 encryption protocol across all our solutions and requiring an upgrade to TLS 1.1 or higher prior to 15th March, 2018.
Your organisation will need to take action to ensure that your Blackbaud solutions continue to be compliant, specifically that the payment processing capabilities in your solutions remain secure. But don’t worry! We’re giving you ample time to prepare and a wealth of resources to keep the process simple and painless.
What is TLS?
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS to date are TLS v.1.0, v.1.1, and v.1.2.
What is changing and why?
Blackbaud is committed to maintaining the highest security standards in our solutions to ensure that customers have access to the latest security protocols. Per the PCI Council, TLS v.1.0 will be considered obsolete and a PCI violation by June 30, 2018. The TLS encryption protocol upgrade is a mandatory, industry-wide security update, mandated by the PCI Security Standards Council and affecting a wide range of software solutions in your environment, not just Blackbaud solutions.
How does this impact me?
Blackbaud is requiring customers to upgrade to versions of their products that support TLS v.1.1 or higher by 15th March, 2018. On that date we will begin disabling the TLS v.1.0 encryption protocol in our solutions, which will prevent customers still using TLS v.1.0 from accessing some of their Blackbaud solutions.
What will happen if we don’t upgrade?
After Blackbaud begins to disable TLS v.1.0 on 15th March, 2018, if you haven’t made the required updates, you will no longer be able to access some or all of your Blackbaud solutions and services that rely on TLS v.1.0; they will fail. This will impact a number of Blackbaud solutions, including access to websites.
See examples of connectivity issues both hosted and on-premise clients will experience if they do not upgrade their OS and browser to support TLS v.1.1+.
How will my donors and constituents be impacted?
If you don’t upgrade to a version of your Blackbaud solution that supports TLS v.1.1 prior to 15th March, 2018 deadline, not only would you not be able to access your Blackbaud solutions, but your constituents, including donors, may not be able to access your websites and/or process donations/payments.
What action do I need to take?
Prior to 15th March, 2018:
- Ensure that you have upgraded to TLS v.1.1+ accepted Blackbaud products. See versions of Blackbaud products that support TLS v.1.1+
- Ensure that your OS and browsers have been upgraded to support TLS v1.1+. See operating systems and browsers that support TLS v.1.1+
- Notify your constituents to upgrade their OS and browser to TLS v.1.1+ supported versions, to ensure continuity of communications and transactions. For example, donors, patrons, parents and students accessing donor pages, store fronts, community pages and online registration pages hosted within on-premise environments are susceptible to vulnerability and connectivity issues if they do not upgrade their OS and browser to support TLS v.1.1+.