Case Studies - How RedShield Protects Critical Web Apps

Securing a Third-Party App That Can’t Be Touched

Written by RedShield Security | 29/07/2021 10:49:56 PM

The problem

This government agency’s mission was a big one: to ensure the health and safety of every worker.

They set and enforced regulations, and worked with businesses of all kinds to reduce accidents and develop safer workplaces. Their technology platform held a vast amount of sensitive information, including the health and safety records of nearly every company in the country, as well as detailed information about work-related illnesses and injuries suffered by individual employees.

The agency relied heavily on a specific web application that logged comprehensive details regarding every accident, injury, and death that occurred in workplaces around the country. While fully functional, the app was considered ancient by technology standards. Then, a routine security audit revealed that the data moving in and out of the app wasn’t even encrypted. It was there, in plain sight, for the taking.

The solution

RedShield recommended utilizing a RedShield proxy server. RedShield would act as a go-between, encrypting the information moving in and out of the app and fully securing the data, without the need to touch a single line of the original app code.

The results

The agency gave RedShield the go-ahead, and the team executed a seamless deployment of the new web application shield. Thorough testing showed all data was fully encrypted, and
the system completely protected. RedShield then did a bit of fine tuning, improving other security tools and implementing solid protection against generic threats. Now, the agency’s entire platform remains exactly the way they like it: safe, secure, and accident-free.

Today, RedShield continues to stand guard:
• Monitoring the agency’s tools and systems 24/7
• Auditing the application defences weekly
• Responding to any customer queries or application
updates
• Delivering monthly analyst reports

“Being unable to touch such a critical application put us in a difficult situation with the auditors and management. RedShield’s solutions were pragmatic, with the risks clearly communicated. The deployment was straightforward. The scores we now receive from our auditors are exactly
what we were after.”

—Government Agency Executive