Federal agency moves to digital population survey
The U.S. government has gone digital with the constitutionally mandated decennial population survey. The agency in charge of the decennial data collection has taken full advantage of available technology to make participation easier for all Americans, while providing U.S. government and its enterprise customers more efficient access to the resulting data. Over its 230-year history, the agency has relied on surveyors to gather population data by recording information on paper — until now.
Technology, like cloud computing and the proliferation of mobile devices, made it easy to go digital. But technology also posed challenges that needed to be addressed. The first challenge was security. This included making sure the survey was available and that the confidentiality and integrity of the data collected was protected. The second challenge was to ensure access to the survey for everyone.
To meet the challenges, the agency looked to RavenTek and Akamai. With a global edge platform of over 350,000 servers, Akamai was able to place the agency’s first layer of security within one network hop of 85% of all users and threats. Furthermore, Akamai’s mobile edge optimization and performance routing ensured optimal performance and availability for all Americans.
From the start, the agency had already planned an expansive cloud architecture that included multiple regions, each with redundant active and reserve workloads. Even with this level of back-end redundancy, it was clear that the survey application required a more dynamic scalability to be able to maintain optimal performance while mitigating threats.
To meet these needs, RavenTek and Akamai worked closely alongside the agency to move forward with its deployment of front-end solutions for a domain name system (DNS), application-layer security, and UX optimization.
Availability, integrity, and confidentiality
Considering the United States population was estimated to be near 336M1 at the time of its upcoming survey, the agency’s digitization strategy accounted for the increasing cybersecurity threats and populations of constituents either abroad or in rural communities with limited access to broadband. With the goal of reaching and providing access to more constituents than ever before, the agency considered that smartphone usage was projected to increase by over 3002 since its last decennial survey.
Careful consideration was given to meet critical requirements for the secure dissemination of the survey, storage, and accessibility of the data. For the survey application to be successful, it needed to be available while under heavy loads or attacks.
Once collected, the agency needed to ensure the confidentiality and integrity of the survey results.
Cloud-based DNS
Key to availability, and often overlooked, is DNS. A robust and scalable DNS resolver was required to withstand sudden peaks in traffic, while automatically mitigating attacks. With 2,000 DNS zones, Akamai’s market-leading Edge DNS was able to handle high traffic volumes securely while improving performance and availability.
Akamai Edge DNS uses a distributed network of recursive resolvers and redundant authoritative resolvers to increase availability with robust scalability. Built-in rate controls prevent the risk of being targeted by volume attacks while Akamai threat intelligence enables DNS servers to reject requests from known active threats.
Edge DNS fully supports DNS Security Extensions (DNSSEC) with the capabilities of automating the processes for zone signing, re-signing, and key rotation.
The agency was able to integrate the Edge DNS solution into its own internal system. Because Edge DNS can be deployed as a secondary resolver, the agency was able to continue using its current internal DNS management system to manage all internal and external zones.
In addition to DNS resolution, Akamai was able to provide the agency with DNS-based load balancing. Integrated into the Edge DNS platform, Global Traffic Management (GTM) performs target location polling to determine the availability of each location. In the event of failure, GTM provides automatic failover at the DNS level. Edge DNS automatically mitigates DNS attacks by only accepting requests from known nameservers as well as leveraging Akamai’s threat intelligence to prevent requests from known active threats. Default rate controls further protect against excessive requests.
Application-layer security
The agency now needed to address the availability and security of the survey application. It implemented App & API Protector, a cloud security solution that provides DDoS mitigation and a fully functional web application firewall (WAF).
Operating as part of the Akamai Connected Cloud, App & API Protector extends the security perimeter to the edge, mitigating attacks targeting web applications, including:
- DDoS
- Scripting and injection attacks (XSS, SQLi, CDMi, PHPi, RFI, LFI)
- Traffic protections within OWASP Top 10 list
With enormous capacity at its disposal, the platform automatically scales to absorb and deflect malicious traffic, while maintaining site performance and availability for production users.
Included with the App & API Protector is Akamai’s full-featured WAF, which offers a rich collection of predefined but configurable application-layer firewall rules. Akamai maintains this with regular updates for different categories, such as protocol violations, request limit violations, HTTP policy violations, malicious robots, generic and command injection attacks, Trojan backdoors, and outbound content leakage.
Like all Akamai features, the security features function on Akamai edge servers, which are within a single network hop of 85% of all end users. Even in cases where a client outside the U.S. is requesting a site/application with caching configured for the U.S. only, the end user will be first connected to the closest available edge server. It is at that edge server where security policies are applied, and mitigations are enforced.
Mitigation at the edge enables Akamai to route traffic over the best available route between the client and origin, without having to redirect requests to a centralized PoP or third-party cloud for security inspection and mitigation. Akamai provides security mitigation in a direct line, at the edge, without impacting performance.
This massive capacity and mitigation accuracy have earned Akamai recognition as an industry leader in DDoS mitigation and WAF from both Gartner3 and Forrester.4
Despite the mass proliferation of smartphones, only 77% of Americans have home broadband access, while 15% can only access the internet over their smartphone.5 The agency also considered underserved communities, which are critical population segments necessary for the policy and legislative decisions. A key requirement of its digital strategy was to ensure that everyone who was smartphone-dependent, or lacked internet access altogether, was counted.
The agency was aware that it needed more than just accelerated dynamic web content across the middle mile; it needed to be able to optimize content on a per-device basis. While a responsive web design (RWD) can accommodate varieties of devices, it also introduces many new challenges, such as delivering a much larger payload to the client and increasing the number of requests back to the origin. RWD can cause multiple calls back to the origin for responsive content because of the diversity of devices that are making initial requests.
Akamai Ion was designed specifically to optimize the user experience through edge site content adaptation. Ion goes beyond mobile detection and redirection by adapting content for mobile clients at the edge, reducing the client-side payload, and offloading the increased number of requests that are necessary for RWD.
Akamai’s dynamic routing mitigates middle-mile latency, and Ion takes optimizations to the edge, using client-specific situational intelligence to dynamically adapt content for the end-user experience.
With Ion, Akamai’s content delivery service provides maximum offload, scalability, performance, and availability for the agency’s survey application. At the same time, Ion minimized survey abandonment by ensuring an optimal user experience, regardless of the user’s devices or network capabilities.
Ensuring data integrity and confidentiality
In addition to securely gathering data, the agency needed to securely store that data, while making it accessible. The data collected is protected under Title 5 and Title 26 of the U.S. Code,6 meaning strict confidentiality must be maintained. Moreover, since the data would be used to adjust federal budget allocations and change congressional districts, the agency needed to ensure data integrity.
Using the application-layer security features of Akamai, the agency was able to protect the data from direct application-layer attacks. The protection was applied to both the survey applications and the application programming interfaces (APIs) designed to streamline authorized access to the data. With both the survey and APIs protected by Akamai, the agency was able to protect data integrity, while allowing authorized access to anonymized survey results.
Expanding the agency’s Akamai portfolio
Committed to better serving its customers, the agency began the journey to complete its digital transformation goal three years ahead of the 2020 survey.
Since Akamai was already a part of its existing hybrid-cloud infrastructure, the agency was able to avoid the extra costs of acquiring additional infrastructure, as well as save time on additional implementation. For increased efficiency, the agency expanded its Akamai portfolio to optimize its hybrid enterprise network, which is composed of physical infrastructure and multiple cloud regions. Additional Akamai solutions that were implemented include Cloud Monitor, CloudTest, Edge Redirector Cloudlet, Image & Video Manager, NetStorage, and mPulse.
Seamless data collection, distribution, and continued support
The global COVID-19 pandemic impacted the way people communicated and made the world more reliant on digital solutions. While the agency already had its digital roadmap planned prior to COVID-19, the pandemic proved to make its modernization efforts more critical than ever before.
The agency successfully implemented and completed its plan to transform the way it collects critical constituent data for the betterment of the nation. This was made possible by precise goals and key requirements set first by the agency, then met by the solutions and professional services available from Akamai and RavenTek. Internal and external collaboration fostered innovative solutions and optimal results that delivered critical security, scalability, and accessibility with an approach that will set new standards for the agency moving forward.
With a response rate of 99.98% from constituents, the joint effort between the agency, Akamai, and RavenTek resulted in the successful rollout of the inaugural 2020 online survey. Akamai’s suite of security solutions triggered the denial of over 761 million malicious activities between June 1 and December 31, 2020.
Due to COVID-19, the survey deadline period was extended from July to September 2020, during which the agency was able to maintain on-site support from Akamai and RavenTek. The agency’s new API features allow for faster, efficient, and more secure distribution of data to consumers, private enterprises, and fellow agencies.
About RavenTek
RavenTek recognizes that in today’s challenging fiscal environment, federal agencies need the right partner who can help them advance mission goals through efficient and innovative IT, engineering, administrative, and program management solutions. Learn more at www.raventek.com.
About Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world’s most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai’s security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.
Sources
1 Census Estimates U.S. Population As High As 336 Million Ahead Of Actual Count. Npr.org (2020). Retrieved from https://www.npr.org/2020/12/15/946396277/census-estimates-u-s-population-as-high-as-336-million-ahead-of-actual-count.
2 Smartphone Users in the US Expected to Reach Over 270 Million by 2022. Internetinnovation.org (2018). Retrieved from https://internetinnovation.org/general/research-peek-of-the-week-smartphone-users-in-the-us-expected-to-reach-over-270-million-by-2020/.
3 Akamai Positioned in Leaders Quadrant of Gartner Magic Quadrant For Web Application Firewalls. Akamai.com. (2017). Retrieved from https://www.akamai.com/newsroom/press-release/akamai-positioned-in-leaders-quadrant-of-gartner-magic-quadrant-for-web-application-firewalls.
4 Forrester Names Akamai a WAF Leader. Akamai.com (2020). Retrieved from https://www.akamai.com/lp/report/forrester-waf-wave-q1-2020?.
5 Mobile Technology and Home Broadband 2021. Pewresearch.org (2021). Retrieved from https://www.pewresearch.org/internet/2021/06/03/mobile-technology-and-home-broadband-2021.
6 U.S. Code. Law.cornell.edu (n.d.). Retrieved from https://www.law.cornell.edu/uscode/text.
