Under Attack?
Search
Menu

COVID-19: What Does Unemployment Have To Do with Load Balancing?

By Prakash SinhaMay 27, 2020

According to CBS News, the U.S. now has over 40 million unemployed. In other words, one in four U.S. workers has applied for jobless aid in the last 10 weeks. COVID-19 has affected nearly every business, some rather dramatically. Many sectors are still adjusting operations to stem the spread of the new coronavirus.

One of my relatives was let go from his job a month ago. I was talking with my nephew about his experience filing for unemployment benefits while he searched for new opportunities. As he described, the process for unemployment has been frustrating to say the least. He had tried to file his application for weeks by any means possible – on the phone, online and he even tried to get an appointment to file in person…all to no avail. Finally, he had success submitting his application online after two weeks of frustration, in the middle of the night.

Old Systems Need Redesign in the Long Term

State unemployment offices are so overwhelmed that for most people filing for unemployment benefits, the process has been infuriating, with dropped calls, overwhelmed interactive voice response (IVR) systems, unresponsive web pages, crashed applications, errors at the end of a form submit, inability to schedule an appointment and a host of other issues. Even after filing unemployment benefits, many are still waiting for unemployment payments weeks later.

[You may also like: Protecting Remote Connectivity in Today’s ‘New Normal’]

So how do we address the challenges that organizations such as California’s Employment Development Department (EDD) and Florida’s Connect face? Many of the systems in place are old and require re-architecture for the future.

Improving Scalability, Performance & Security in the Short Term

In the short term, the systems can add additional application servers and human operators to handle online and IVR connections to scale and improve performance, enable resiliency and reduce latency, enable mobile-friendly sites to ease access, save entered data to start from where a user left off – especially on a timeout or if systems crash.

Since money is involved, whether through unemployment payments or through stimulus checks, hackers will be using a combination of phone and online tools to set up and execute attacks – one of the mechanisms is used to look for information such as account numbers, addresses, and balance and then that information is used through another channel, to break into the account.

The Essentials

For an online site, latency, payload and rendering times are the key measurements when evaluating a website performance. Aside from the speed of the network connectivity, from the time the person trying to file for unemployment requests the EDD/Connect webpage, to the time the resources on that webpage are downloaded in the user’s browser, is directly related to the weight of the page, number of content object resources.

The larger the total content size, the more time it will take to download everything needed for a page to become usable for the user.

[You may also like: COVID-19: The Rise of the Telecommuter & the Impacts on Businesses]

Optimize performance, your users will thank you. The low hanging fruit to enable optimizations are easy and obvious such as:

  • Reducing the number of user’s connection set up with the back-end applications.
  • Another easy fix is to compress the content objects to reduce the data received by the user’s browser.
  • Utilize caching to manage static objects and pre-fetch data (if possible).
  • A content delivery network (CDN) may serve static content from mirror sites closer to the user’s geography to reduce latency.

More advanced optimizations may include:

  • Caching techniques to consolidate fetching common content resource from the application server across multiple users.
  • Reducing payload over the network by compressing images that are sent to the user’s browser depending on the type of device (e.g. Mobile or Desktop), speed of connection, location of the user.
  • Reducing the size of objects requested by content minification.
  • Some additional techniques, such as delaying ads after the page has become usable to the user, may improve perception of web page and applications.

Scalability is the need of the hour. As applicants connecting to a particular unemployment benefits application service or IVR systems grow, new instances of these application services are brought online in order to scale these applications.

Scaling-in and scaling-out in an automated way is one of the primary reasons why application delivery controllers (ADCs) have built-in automation and integrations with orchestration systems. Advanced automation allows ADCs to discover and add or remove new application instances to the load balancing pool without manual intervention. This not only helps reduce manual errors and lowers administrative costs, but also removes the requirements for all users of an ADC to be experts.

Security is paramount since there is a big financial element at stake with unemployment benefits  – for the users, the state unemployment departments and the banks that have the users’ accounts. The hackers are always looking for online accounts and digital currency. As the hackers probe to gain access to sensitive data, the prevention needs to be multi-pronged:

  • Prevent denial of service (DDoS) attacks to prevent service degradation and outage of employment benefits applications.
  • Conduct routine vulnerability assessment scans on benefits applications and institute code patches.
  • Deploy web application firewalls to prevent scraping attacks, malware and malicious access to user and application data, especially on information uploaded by the person applying for unemployment benefits.
  • Prevent malicious bots from targeting benefits applications and systems.
  • Prevent malicious access to benefits applications by validating applicants and instituting multi-factor authentication.
  • Secure the data at rest and in motion.

For those applying for benefits, I recommend the following security measures:

  • Use stronger passwords. I recommend a pass phrase that you can remember that’s long enough to prevent brute force cracking.
  • Do not reuse passwords across multiple sites.
  • Avoid public WiFi networks if possible or use a VPN; also make sure that the connections to your state benefits sites are encrypted using SSL.
  • Prevent social engineering by not clicking on any emailed link; instead, go directly to employment websites by manually typing them in into your browsers.
  • Logout from your session, especially if you do not have control over the computer.

Application delivery and load balancing technologies have been the strategic components providing availability, optimization, security and latency reduction for applications.

In order to design resiliency into of business-critical applications, use load balancing and application delivery infrastructure to address the needs of scaling, optimizing and securing applications that are so critical for so many in their times of need.

Download Radware’s “Hackers Almanac” to learn more.

Download Now

Posted in: Application DeliveryTags:

Prakash Sinha

Prakash Sinha is a technology executive and evangelist for Radware and brings over 29 years of experience in strategy, product management, product marketing and engineering. Prakash has been a part of executive teams of four software and network infrastructure startups, all of which were acquired. Before Radware, Prakash led product management for Citrix NetScaler and was instrumental in introducing multi-tenant and virtualized NetScaler product lines to market. Prior to Citrix, Prakash held leadership positions in architecture, engineering, and product management at leading technology companies such as Cisco, Informatica, and Tandem Computers. Prakash holds a Bachelor in Electrical Engineering from BIT, Mesra and an MBA from Haas School of Business at UC Berkeley.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?