CyberPeace

CyberPeace moves to self-hosted Mattermost for data security & user-friendly design

“Without Mattermost, we couldn’t do everything we’ve done. For us, it was obvious it was the best choice.”
Florent Bitschy CTO and CISO at CyberPeace Institute
CyberPeace

Highlights

  • Moved to Mattermost for a more intuitive user experience
  • Self-hosted Mattermost on servers in Switzerland for data sovereignty and GDPR compliance
  • Streamlined new user onboarding to help NGOs improve their cybersecurity faster

Integrations

The CyberPeace Institute is a nonprofit organization that protects the most vulnerable communities and organizations from cyberthreats. To do this, the organization offers free services — including cyber resilience support, threat detection and analysis, incident response support, and security awareness training — to more than 400 nonprofits and non-government organizations (NGOs) across over 120 countries, including Oxfam and AIDS Resource. 

Founded in 2019 and headquartered in Geneva, Switzerland, the organization has roughly 40 full-time employees and collaborates regularly with over 1,000 volunteers to fulfill its mission.

Building a community: Needing a secure, self-hosted & user-friendly platform

To protect nonprofits against cybercriminals, the CyberPeace Institute works with lots of professional volunteers whose employers donate their time to the cause. The organization — which must secure the sensitive information it uses to help victims recover from cyber incidents — had been using a SaaS-based project management platform called Stackfield to collaborate with both their volunteers and the organizations they serve.

“Stackfield was very secure, but we were looking for a self-hosted solution for various reasons,” explains Florent Bitschy, CTO and CISO for CyberPeace. “Many of our users are also not digitally literate, so we also needed an API to develop our own modules and were looking for a flexible, user-friendly platform.”

Security & self-hosting: Choosing Mattermost for data sovereignty and GDPR compliance

As CyberPeace began looking for a new solution, they considered several options, including Rocket.Chat.

“Rocket.Chat is a very simple, very well-done chat platform,” Bitschy explains. “But we needed more than a chat. We needed something to organize work — like kanban-style boards.”

In a previous role, Bitschy used GitLab Omnibus, which ships with Mattermost.

“I had a very good opinion of Mattermost,” he says, adding that he was particularly impressed by the platform’s open source nature and the fact that it could be self-hosted. “Plus, with Mattermost, you have the possibility to connect through Okta’s single sign-on.”

As they continued their search, the operations team began benchmarking different applications to determine which option best suited their needs.

“We were looking for a Slack-like app where people could talk in channels, exchange data, and access a board we could use for matchmaking purposes,” Bitschy says.

Additionally, CyberPeace also needed a solution they could host on servers in Switzerland to comply with GDPR; any third-party, vendor-hosted SaaS service wouldn’t cut it. Due to the sensitive nature of the data that the organization deals with, they needed to make sure it was highly secure, too, with all messaging data encrypted at rest and in transit. 

What’s more, since the nonprofit relies on fundraising and grants, the ideal solution would be cost-effective; CyberPeace couldn’t afford to pay per-user license fees for more than 1,000 volunteers and the 300 or 400 NGOs they currently work with. With plans to connect 1,000 NGOs to 1,000 volunteers by the end of 2025, the organization also needed a solution that could perform at scale

“With all these considerations in mind, Mattermost was the obvious choice,” Bitschy says, adding that Mattermost’s support for nonprofit organizations was also compelling. “Another reason we really liked Mattermost was because it came with a mobile app, which we use every day when we’re on the go and have to discuss a case.”

Mattermost’s mobile app is a game-changer for volunteers and NGO participants as well.

“Our volunteers and NGOs all participate remotely, so the mobile app really gives them the flexibility that they need in order to keep going and keep improving from wherever they are,” says Alexis Alley, communications officer at CyberPeace.

Fulfilling their mission: Using Mattermost to make cyberspace safer 

By moving to Mattermost, CyberPeace has equipped volunteers and the NGOs and nonprofits the organization supports with a secure collaboration space that’s intuitive to figure out.

“Mattermost is super friendly for the people that we’re working with,” Alley says. “My background is not in cybersecurity, so it’s great to have a platform that is as nicely laid out as Mattermost is.”

With Mattermost powering collaboration, CyberPeace has a solution that’s built for scale — the perfect fit as they work toward their growth goals.

“It was the scale that really matched our needs,” Alley continues. “Mattermost stood out as the right solution at the time when we were rapidly expanding. And now we are really rapidly expanding, and Mattermost is doing a great job at serving our needs.”

With Mattermost serving as a centralized communications platform that ties CyberPeace’s entire community together, it’s much easier for the team to broadcast information and updates on emerging cyber threats, training sessions, volunteer assignments, and ongoing incident responses, keeping all stakeholders informed and engaged.

“With a community of over a thousand volunteers and over 400 organizations that we’re protecting, it’s hard to get a message out,” Alley says. “Mattermost is a way to keep our community together, engaged, and informed. It’s really gotten the job done.”

Using Mattermost, CyberPeace is able to show NGOs how volunteers are helping them save money — as well as the impact of their corporate partners’ donations.

“We take the hours a volunteer has spent on a specific task and turn that into an in-kind value of what the NGO would spend on a paid service,” Alley continues. “Let’s say for an hour of awareness training, that could have saved an NGO $900. We evaluate this figure for each of our corporate partners to show them the positive impact they’re making with their volunteers, and Mattermost allows us to push this messaging and tracking out to our community. Each corporate partner has their own personal Board that is connected to Mattermost and reports that value to them. Mattermost has helped us to not only track and report on activities, but also engage our volunteers and show the financial value of their contributions.”

Safeguarding sensitive data: Controlling all confidential information with self-hosted Mattermost

Using Mattermost, the CyberPeace team is able to keep data strictly segmented for security reasons.

“NGOs come to the platform to ask for advice and learn best practices, other times because they are under attack, so data protection matters to them and to us,” Bitschy says. “Beyond our cybersecurity strategy and the granular controls that Mattermost offers when it comes to security — which is what we looked at to decide which platform to use — the fact that Mattermost supports organisations handling sensitive data like the U.S. Air Force or Space Force is very reassuring to our community. ”

Protecting vulnerable communities on the internet: Sending help from anywhere in the world

By moving to Mattermost, CyberPeace has been able to streamline the onboarding experience, ensuring new volunteers and folks needing help can get it right away.

“They are able to pretty much get connected from the comfort of where they are as they wish,” Alley continues. “Having this flexibility is fantastic — especially when it comes to incident response situations. For the NGO side, they’re able to connect wherever they are with their device of choice and on their time. Same with the volunteers, who are busy and come from professional organizations that provide us grants and want to support the program.” 

Recently, the CyberPeace team helped an NGO recover their leaked credentials from the dark web; the team used Mattermost to communicate throughout the process.

“Mattermost gives us the flexibility and supervision we were aiming for in order to carry out our program as effectively as we have,” Alley explains. “Without it, I don’t think we would be able to achieve our mission to the extent that we have.” 

Empowering volunteers: Using Boards & Channels to deliver robust cybersecurity support services

Using Channels and Boards, CyberPeace has been able to offer exceptional cybersecurity support to nonprofits. When an organization needs help, the CyberPeace team opens dedicated private channels where analysts, volunteers, and NGO representatives can securely share data and coordinate a response. 

“We really appreciate that, when there’s a private channel, we can be confident that the information is only accessible by the right people and not open to everyone,” Bitschy explains.

Whenever an NGO needs something — like a cyber security assessment, phishing awareness training, or information about password management best practices — their representatives create cards on Boards, and volunteers then pick the ones they want to help on and assign them to themselves — like a job board of sorts.

“Without Mattermost, we couldn’t do everything we’ve done — it would be very difficult,” he continues. “For me, it was obvious there was no other alternative.” 

Building the perfect tool: Leveraging Mattermost’s API for custom integrations

Using Mattermost’s API, the CyberPeace team is building custom modules and integrations that solve specific business challenges. For example, they’re developing an onboarding process where new NGO members can log into Mattermost and automatically be prompted by a cybersecurity assessment that determines the organization’s level of cybersecurity maturity.

“It’s a framework we are developing based on Mattermost’s API,” Bitschy says. “Mattermost’s API is very friendly.”

Ready for the future: Scaling the operation on Mattermost

CyberPeace deploys Mattermost in Kubernetes for optimal scalability. Mattermost Playbooks have been leveraged to streamline and standardize incident response workflows, enhancing the efficiency and consistency of mission-critical operations. This structured approach ensures rapid coordination during urgent scenarios — including such as cyberattacks, dark web alert management, and vulnerability response efforts — allowing analysts, volunteers, and NGOs to collaborate seamlessly and act swiftly. Playbooks support efficient task handling and increase operational transparency, enabling CyberPeace to track volunteer contributions and showcase the impact of their work, further strengthening their cyber resilience.

“Mattermost is a mature application. We’ve tested it and it’s strong enough to scale with us,” Bitschy explains. 

Looking ahead, the CyberPeace team is confident that Mattermost will enable them to keep their community engaged as they continue to grow.

“Without Mattermost, we wouldn’t be able to achieve the things that have allowed us to have a successful operation and fulfill our mission,” Alley says. “I have a lot of work ahead of me, and I can’t wait to use Mattermost to support me. It is mission-critical for us to have a highly engaged community because we have so many audiences to deal with and in different ways as well. Mattermost gives us that flexibility.”

If you’re looking for a secure collaboration platform with a friendly UI, Bitschy strongly suggests you explore Mattermost.

“Why? Because it’s open source and because you can self-host it if you want,” he concludes. “I recommend people use it every time I’m asked.”