Blackbaud has begun disabling TLS 1.1 across its solutions as of March 31, 2021 and will continue to do so until all products have been successfully deprecated by May 1, 2021. Your organization will need to take action to ensure that your Blackbaud solutions are TLS 1.2 compatible, and your payment processing capabilities remain secure.
At Blackbaud, your security is our priority. As the cloud software partner to many leading social good organizations, we have world-class security, privacy, and risk management teams that work around the clock every day to ensure that your data is safe and accessible to you.
As part of our commitment to sector-leading security and in alignment with industry best practices set forth by the Payment Card Industry (PCI) Security Standards Council, Blackbaud will begin to disable TLS (Transport Layer Security) 1.1 encryption protocol across all its solutions as of March 31, 2021. This will require an upgrade to a 1.2 compatible version of our software if you host locally in your data centers or on your workstations. If you are on a Blackbaud cloud or hosted solution and receive upgrades automatically, you are always current with the latest security requirements. However, you are still responsible for keeping your operating system and browsers up to date.
If you are running an older version of a Blackbaud solution locally, your organization may need to take action to ensure that your Blackbaud solutions are TLS 1.2 compatible.
What is TLS?
TLS stands for "Transport Layer Security." It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS to date are TLS 1.0, 1.1, and 1.2.
What is changing and why?
Blackbaud is committed to maintaining the highest security standards in our solutions to ensure that customers have access to the latest security protocols. Per PCI requirements, TLS 1.1 will be considered obsolete and put organizations at an increased security risk as of May 1, 2021. The TLS encryption protocol upgrade is a mandatory, industry-wide security update, mandated by the PCI Security Standards Council and affecting a wide range of software solutions in your environment, not just Blackbaud solutions.
How does this impact me?
Blackbaud is requiring customers to upgrade to versions of their products that support TLS 1.2 by May 1, 2021. After that date, Blackbaud will block any calls made using that protocol and organizations still using a version which relies on TLS 1.1 will experience failures with critical functions like payment processing.
I have a hosted or cloud Blackbaud solution. Does this impact me?
For customers of our cloud solutions (such as Raiser’s Edge NXT, Financial Edge NXT, Luminate CRM, eTapestry, and Altru), you are always current with the latest security requirements. We have or will soon automatically release TLS 1.2 compatible versions of your solution and you do not need to take steps to upgrade your software. The same is true if you are on hosted versions of Raiser’s Edge 7 or Financial Edge 7. Customers hosted on Blackbaud CRM/Blackbaud Internet Solutions where upgrade schedules are determined by customers, need to ensure that their software has been upgraded to a version that is TLS 1.2 compatible.
However, you will need to ensure that your OS and browsers have been upgraded to support TLS 1.2, and you need to notify your constituents of this as well. See below for the actions you need to take.
What will happen if we don’t upgrade?
After Blackbaud disables TLS 1.1 on May 1, 2021, if you have not made the required updates, you will no longer be able to access some or all of your Blackbaud solutions and services that rely on TLS 1.1; they will fail. This will impact a number of Blackbaud solutions, including access to websites.
See examples of connectivity issues both hosted and on-premise clients will experience if they do not upgrade their OS and browser to support TLS 1.2.
How will my donors and constituents be impacted?
If you do not upgrade to a version of your Blackbaud solution that supports TLS 1.2 prior to the May 1, 2021 deadline, not only would you not be able to access your Blackbaud solutions, but your constituents, including donors, may not be able to access your websites and/or process donations/payments.
What action do I need to take?
Prior to May 1, 2021:
- Ensure that you have upgraded to TLS 1.2 compatible Blackbaud products. See versions of Blackbaud products that support TLS 1.2
- Ensure that your OS and browsers have been upgraded to support TLS 1.2. See operating systems and browsers that support TLS 1.2
- (Optional) Notify your constituents to upgrade their OS and browser to TLS 1.2 supported versions, to ensure continuity of communications and transactions. For example, donors, patrons, parents and students accessing donor pages, store fronts, community pages and online registration pages hosted within on-premise environments are susceptible to vulnerability and connectivity issues if they do not upgrade their OS and browser to support TLS 1.2.
Blackbaud TLS Resources
We are here to help! Below are additional resources to support you in taking the necessary steps to prevent disruption and ensure your Blackbaud solutions continue to be compliant, specifically that the payment processing capabilities in your solutions remain secure. (Note: These resources were initially released in 2018 when TLS 1.0 deprecation started. Recommendations are still valid, but deadline has changed to May 1, 2021)
- Best Practices for Sharing TLS Requirements with your Donors
- Reach out to your Customer Success Manager if you want to explore options available to upgrade to our next-generation cloud solution, Blackbaud Cloud Operations powered by Azure, or if you need additional support to make changes by the deadline.