Sponsor Content
What does this mean?

How to Prevent a Wave from Crashing Your Vaccine Website

Hear from Steve Winterfeld, advisory CISO at Akamai, on steps you can take to ensure your vaccine site performs under load.

Shutterstock_Crashed Site_Header
Remember when we went to concerts in person? I am a bit embarrassed to admit the last one I went to was a Johnny Cash cover band. Whenever I go to an event like that, I have a trick where I leave to get refreshments during my least favorite song. I get my overpriced drinks with no waiting and get back to my seat in no time.

Getting one during a break, however? Not a chance. Long lines and crowds leave me flustered and frustrated with more of my drink on my shoes than in my hand.

In essence, this is the same thing that happens when websites experience traffic influxes that they’re not equipped to handle. Users refresh and refresh, overloading the origin, until they give up, frustrated, taking to social media to express their frustration. As we well know, crowds can cause serious damage when they converge on a site that is not prepared. A large wave of legitimate traffic can bring it down as fast as malicious attacks. Often dealing with this kind of issue results in crisis-driven fixes, cutting short security reviews, allowing for vulnerabilities that normally would have been prevented. Now more than ever, its integral to build a site that performs and protects in a way that serves the health needs of our citizens and patients.

When dealing with any high-demand product, it is imperative to have the bandwidth to meet the surges that will come. In the last year, Akamai has seen surges hitting finance, shopping, gaming and streaming sites, as much of our lives have moved online. We’ve helped these companies be prepared for their big waves and view them as examples of how to prepare vaccine websites for traffic spikes. But the stakes are higher here. It’s frustrating when the new game console you were eyeing is all sold out 30 seconds after it drops, it’s another thing entirely when you or a loved one can’t schedule a COVID-19 vaccine because of an availability issue. It is vitally important to ride the wave of surging traffic verses getting crushed under it.

For many organizations, the size of the traffic waves is a new challenge. How can you meet user demands, keep your vaccine site running and thwart away malicious actors preying on any vulnerability?

This requires a solution that provides a positive, secure and cost-effective user experience. When solutioning, key considerations should be understanding how long it takes to process a patient and how to handle the overflow.

Enter Vaccine Edge. We start by offloading cached content and accelerating non-cacheable requests from your infrastructure with our globally distributed Edge Platform. Then, for the citizens and patients who are waiting, we build a virtual waiting room experience much like the real thing. This experience keeps citizens engaged until your appointment functionality can accommodate them. It provides a personalized page with their place in the queue, estimated wait time and info about the program. When their turn comes up, they’ll automatically be placed in the scheduling application.

We also found similarities around threat activities. There have been reports of scalper bots stealing appointment slots, as well as a general increase in ransomware and DDoS extortion attacks. Security must be a key criterion for any solution. Let’s look at some of the components of a security design.

When it comes to security, we can rely on the tried-and-true solutions that have protected similar high-demand sites both inside and outside state and local governments. With Vaccine Edge, your vaccine site is protected with a Web application firewall (WAF) to stop DDoS and malware-based attacks. That WAF is robust enough to manage both bots and aggregators and ensures that authorized patients get access to the necessary resources requires blocking those cheating the system. This ability to stop or redirect the automated efforts leaves you in control.

The site should also have a TLS certificate to provide HTTPS level of security. It's integral that you’re able to monitor and view analytics that allow for continuous situational awareness and remediation. Finally, you should conduct load testing to validate operational readiness.

Ideally, when picking a solution, you will not be in a crisis, but in the midst of one, you should look at vendors that can provide services around rapid testing and deployment. The more you can have your staff focus on providing vaccines in a timely manner, the better experience for everyone — because when your website works, citizens get vaccinated. For more information on Vaccine Edge, please contact us at vaccineedge@akamai.com.