According to CBS News, the U.S. now has over 40 million unemployed. In other words, one in four U.S. workers has applied for jobless aid in the last 10 weeks. COVID-19 has affected nearly every business, some rather dramatically. Many sectors are still adjusting operations to stem the spread of the new coronavirus.
One of my relatives was let go from his job a month ago. I was talking with my nephew about his experience filing for unemployment benefits while he searched for new opportunities. As he described, the process for unemployment has been frustrating to say the least. He had tried to file his application for weeks by any means possible – on the phone, online and he even tried to get an appointment to file in person…all to no avail. Finally, he had success submitting his application online after two weeks of frustration, in the middle of the night.
Old Systems Need Redesign in the Long Term
State unemployment offices are so overwhelmed that for most people filing for unemployment benefits, the process has been infuriating, with dropped calls, overwhelmed interactive voice response (IVR) systems, unresponsive web pages, crashed applications, errors at the end of a form submit, inability to schedule an appointment and a host of other issues. Even after filing unemployment benefits, many are still waiting for unemployment payments weeks later.
So how do we address the challenges that organizations such as California’s Employment Development Department (EDD) and Florida’s Connect face? Many of the systems in place are old and require re-architecture for the future.
Improving Scalability, Performance & Security in the Short Term
In the short term, the systems can add additional application servers and human operators to handle online and IVR connections to scale and improve performance, enable resiliency and reduce latency, enable mobile-friendly sites to ease access, save entered data to start from where a user left off – especially on a timeout or if systems crash.
Since money is involved, whether through unemployment payments or through stimulus checks, hackers will be using a combination of phone and online tools to set up and execute attacks – one of the mechanisms is used to look for information such as account numbers, addresses, and balance and then that information is used through another channel, to break into the account.
For an online site, latency, payload and rendering times are the key measurements when evaluating a website performance. Aside from the speed of the network connectivity, from the time the person trying to file for unemployment requests the EDD/Connect webpage, to the time the resources on that webpage are downloaded in the user’s browser, is directly related to the weight of the page, number of content object resources.
The larger the total content size, the more time it will take to download everything needed for a page to become usable for the user.
Optimize performance, your users will thank you. The low hanging fruit to enable optimizations are easy and obvious such as:
- Reducing the number of user’s connection set up with the back-end applications.
- Another easy fix is to compress the content objects to reduce the data received by the user’s browser.
- Utilize caching to manage static objects and pre-fetch data (if possible).
- A content delivery network (CDN) may serve static content from mirror sites closer to the user’s geography to reduce latency.
More advanced optimizations may include:
- Caching techniques to consolidate fetching common content resource from the application server across multiple users.
- Reducing payload over the network by compressing images that are sent to the user’s browser depending on the type of device (e.g. Mobile or Desktop), speed of connection, location of the user.
- Reducing the size of objects requested by content minification.
- Some additional techniques, such as delaying ads after the page has become usable to the user, may improve perception of web page and applications.
Scalability is the need of the hour. As applicants connecting to a particular unemployment benefits application service or IVR systems grow, new instances of these application services are brought online in order to scale these applications.
Scaling-in and scaling-out in an automated way is one of the primary reasons why application delivery controllers (ADCs) have built-in automation and integrations with orchestration systems. Advanced automation allows ADCs to discover and add or remove new application instances to the load balancing pool without manual intervention. This not only helps reduce manual errors and lowers administrative costs, but also removes the requirements for all users of an ADC to be experts.
Security is paramount since there is a big financial element at stake with unemployment benefits – for the users, the state unemployment departments and the banks that have the users’ accounts. The hackers are always looking for online accounts and digital currency. As the hackers probe to gain access to sensitive data, the prevention needs to be multi-pronged:
- Prevent denial of service (DDoS) attacks to prevent service degradation and outage of employment benefits applications.
- Conduct routine vulnerability assessment scans on benefits applications and institute code patches.
- Deploy web application firewalls to prevent scraping attacks, malware and malicious access to user and application data, especially on information uploaded by the person applying for unemployment benefits.
- Prevent malicious bots from targeting benefits applications and systems.
- Prevent malicious access to benefits applications by validating applicants and instituting multi-factor authentication.
- Secure the data at rest and in motion.
For those applying for benefits, I recommend the following security measures:
- Use stronger passwords. I recommend a pass phrase that you can remember that’s long enough to prevent brute force cracking.
- Do not reuse passwords across multiple sites.
- Avoid public WiFi networks if possible or use a VPN; also make sure that the connections to your state benefits sites are encrypted using SSL.
- Prevent social engineering by not clicking on any emailed link; instead, go directly to employment websites by manually typing them in into your browsers.
- Logout from your session, especially if you do not have control over the computer.
Application delivery and load balancing technologies have been the strategic components providing availability, optimization, security and latency reduction for applications.
In order to design resiliency into of business-critical applications, use load balancing and application delivery infrastructure to address the needs of scaling, optimizing and securing applications that are so critical for so many in their times of need.
Download Radware’s “Hackers Almanac” to learn more.
*** This is a Security Bloggers Network syndicated blog from Radware Blog authored by Prakash Sinha. Read the original post at: https://blog.radware.com/applicationdelivery/2020/05/covid-19-what-does-unemployment-have-to-do-with-load-balancing/