Douglas Omaha Technology Commission
Struggling with Web Security Challenges
In 2016, rather than invest millions of dollars to replace its outdated legacy infrastructure, DOTComm began migrating its sites and applications to a large cloud services provider. The organization also used a cloud-based web application firewall (WAF) along with robust alerting tools that enabled it to monitor for outages.
Unfortunately, the WAF did not perform as expected. Over a two-year period, DOTComm experienced more than 10 outages, each of which brought down a subset of the organization’s websites and applications. These outages lasted anywhere from 15 minutes to several hours — an unacceptable amount of time when they impacted the availability of 24/7 mission-critical services related to public safety.
Even when the outages affected less mission-critical DOTComm sites and applications, the organization had to deal with complaints from county departments and citizens. Because the WAF vendor refused to take accountability for these outages, Dolinski was forced to pore over his log files to prove that the issue was the vendor’s responsibility. Once engaged with the vendor for support, Dolinski was often frustrated dealing with entry-level personnel lacking deep knowledge of the WAF.
To make matters worse, the WAF vendor was supposed to manage DOTComm’s SSL certificate renewals. However, lacking a graceful certificate renewal process, the vendor often failed to renew DOTComm’s certificates before they expired. As a result, DOTComm sites would either go offline or throw SSL errors.
As soon as the contract with the WAF vendor expired, Dolinski began evaluating other solutions.
Douglas Omaha Technology Commission (DOTComm)
DOTComm provides technical support and consulting to over 70 governmental entities in the Omaha and Douglas County area. Over 5,000 dedicated government workers spread across 120 locations rely on our services every day. With a 24/7 service center and service offerings across all IT disciplines, we are a unique blend of talented individuals who are continually striving to better serve our clients through actively living our Mission, Vision, and Values.
Improving Its Security Approach with Web Application Protector
At first, Dolinski opted to take advantage of its cloud provider’s WAF. “This is a good solution providing basic rules, and it solved our certificate renewal issues. But we don’t have the resources nor the time to keep up with emerging threats and write and maintain more sophisticated WAF rules,” he explains.
What Dolinski did realize by using the cloud provider’s WAF was that DOTComm wasn’t catching and blocking as many threats as it should — in spite of running security at many layers of its infrastructure.
With a clear understanding of DOTComm’s security needs and gaps, Dolinski looked for a solution with a managed rule set that monitored for active threats. He also wanted to work with a professional, responsive vendor that took ownership of its product. Akamai and its Web Application Protector solution fit the bill.
By leveraging Akamai’s experienced professional services team, DOTComm avoided common WAF implementation stumbling blocks. “With the guidance and best practices of Akamai’s experts, we quickly migrated our first four sites. They prepared us to set up our environment for the future, and within a week, we migrated another 60 sites on our own,” explains Dolinski.