When HealthCare.gov launched on Oct. 1 of last year, press coverage focused on the problems that consumers had in signing up to create accounts, and various other technical glitches. Some of the state sites had problems as well. Colorado, Washington DC, and Oregon’s sites experienced delays, and California and Maryland’s sites were slow.
New York’s site reported login issues after two million people tried to visit within the first two hours.
Many of the problems appeared to be problems of scalability which happen when a large number of people try to gain access at the same time. Other problems were suspected of being software glitches, which could indicate that the software did not undergo enough testing before the launch. Some computer experts, like Kevin Johnson, CEO of Secure Ideas, believe that the site also has flaws that could expose sensitive user information as well as flaws that could allow a remote attack. There have been no successful security attacks on HealthCare.gov, and security testing is ongoing to safeguard consumer personal information. Regular penetration testing and continuous monitoring are also ongoing processes. What can an IT department learn from the problems the ACA website has experienced?
“How can it not find the account I just spent an hour creating?”
Security and Security Updates Should Be Priorities
Sometimes getting your new site functionality up and running takes precedence over security, unless there is a regulation or directive (like PCI DSS) that requires security precedence. But when the rush toward functionality results in neglect of security issues, big problems could await you down the road. It’s critical that as you add functionality to your website that you build in multiple security checks to prevent nasty surprises later.
Web development today is much faster than it used to be in order to respond to demands quickly. Whereas a few years ago, new features might have been released once or twice per year, today upgrades can happen every few weeks. Releasing security updates along with scheduled site upgrades can help prevent problems, and can ingrain the importance of continual security monitoring in your programmers.
Understand How Data is Handled and Where Data Resides
With HealthCare.gov, sensitive information is not stored in a centralized database (where it would be easier for hackers to steal large quantities of data at once), but is routed through a secure hub to various locations where it is verified and where it triggers a notice to insurers that someone has selected their plan. Many other businesses also rely on third-party and cloud providers for hosting their sensitive data, and may therefore lack understanding of where the data actually resides and who might have access to it. But if you don’t know where your data lives and how it is handled, how can you be certain that it is secure? Knowing these things is a basic prerequisite to having a solid security plan.
“The data were last seen heading east-northeast at 35 knots. Man the pursuit boats!”
Prepare for the Worst
Developing and testing an incident response plan is essential. If you don’t spend sufficient time developing a plan for addressing possible website and / or network problems, or even to have a crisis communications plan, you could find yourself scrambling for answers when something goes wrong. Obviously, it’s impossible to plan for every conceivable problem, but documenting what could go wrong and how your organization will act should a problem develop will help you keep your cool when there’s a problem. Before launching a new site or a new feature, you’ll want to run load testing with twice the load of the expected peak so you can see how the site behaves if it’s overrun with traffic. If load testing reveals potential problems, how hard would it be in the real life situation to identify the problems and fix them? Sometimes it’s the finding of the problem that takes up a lot of time when things go wrong.
Running an IT service desk successfully requires the ability to anticipate problems, react swiftly to disasters, and monitor the security of your organization’s IT ecosystem. With leading IT service desk software like Samanage, your IT team can not only handle IT service desk requirements handily, they also have a full suite of IT asset management tools so that identifying network threats is easier. When your organization is rolling out a new website or new website functions, you need your IT environment to rest on a foundation of stability and problem solving, and Samanage helps you have that solid foundation for great IT service delivery.What IT Departments Can Learn from the ACA Launch Click To Tweet