This government agency serves a truly vital role: ensuring the health and safety of employees in workplaces of all kinds. They develop the country’s workplace regulations, strive to promote positive attitudes and behaviours about health and safety, and support industry, company, and employee leadership in maintaining safe work environments. Their staff of more than 550 are committed to leading by example through their own good practices.

The problem

This government agency’s mission was a big one: to ensure the health and safety of every worker.

They set and enforced regulations, and worked with businesses of all kinds to reduce accidents and develop safer workplaces. Their technology platform held a vast amount of sensitive information, including the health and safety records of nearly every company in the country, as well as detailed information about work-related illnesses and injuries suffered by individual employees.

The agency relied heavily on a specific web application that logged comprehensive details regarding every accident, injury, and death that occurred in workplaces around the country. While fully functional, the app was considered ancient by technology standards. Then, a routine security audit revealed that the data moving in and out of the app wasn’t even encrypted. It was there, in plain sight, for the taking.

The solution

RedShield recommended utilizing a RedShield proxy server. RedShield would act as a go-between, encrypting the information moving in and out of the app and fully securing the data, without the need to touch a single line of the original app code.

The  results

The agency gave RedShield the go-ahead, and the team executed a seamless deployment. Thorough testing showed all data was fully encrypted, and
the system completely protected. RedShield then did a bit of fine tuning, improving other security tools and implementing solid protection against generic threats. Now, the agency’s entire platform remains exactly the way they like it: safe, secure, and accident-free.

Today, RedShield continues to stand guard:
• Monitoring the agency’s tools and systems 24/7
• Auditing the application defences weekly
• Responding to any customer queries or application
updates
• Delivering monthly analyst reports

“Being unable to touch such a critical application put us in a difficult situation with the auditors and management. RedShield’s solutions were pragmatic, with the risks clearly communicated. The deployment was straightforward. The scores we now receive from our auditors are exactly
what we were after.”

—Government Agency Executive

Next article: Securing Web Applications Running on a Legacy Server
All Case studies

See how we can shield your web applications and APIs

Get your free trial or talk to one of our experts.

Free trial
or
Talk to us