Since joining the Technology Committee, my goal has been to ensure that the underlying architecture, the computers and network that connects them, is robust enough to support anything the ANA would want to do and to make sure that it is secure so that the ANA does not add itself to the list of recent attacks.
From the beginning of this project, many decisions were made that has lead to the system being designed in a way that could support anything the software can accomplish. A company with an excellent industry reputation hosts the physical computers. Also, the architecture of the computers, the way they are setup and connected to each other, is done in a way to allow for growth while being able to maintain security.
As someone who has been working in computer security for more than 25 years, it was important for me to make sure that not only my information was kept safe, but that of all ANA members were also protected. I am happy to report that the systems and software supporting the ANA website are properly hardened to resist attack.
I understand that there will be the ongoing question “is the site secure.” The problem is that there are threats out there that we do not know about, threats that have yet to be discovered or created, accidental mistakes, and errors that can cause problems. I can report that this system is designed to protect against known attacks, it is also design to catch many errors and repel as many potential attacks as possible.
In computer security, we work on identifying the risks and what it will take the mitigate them based on how confidential the data is, the integrity that has to be maintained, and how it is to be made available. One area of concern was the personally identifiable information, or PII, of member data including their login information and the credit cards they use with the ANA.
You might have read the news were it was reported that overseas hackers stole over one billion passwords throughout the Internet. I can report that the method they used to steal all those passwords will NOT work on the ANA’s website. Those same protections will help keep the PII of ANA members safe.
Another area of concern what the safety of member credit card information. To protect the confidentiality of the ANA member’s credit card information it is important to note that anytime the credit card information is communicated from one computer to another, it is encrypted using state-of-the-art encryption. After providing the ANA with the credit card and is processed, the services the ANA use to manage member information will not keep the credit card information. The credit card information is deleted and all that the ANA keeps is a transaction number that can be used to verify the payment with the credit card processor.
My family and friends know that when it comes to computer security, I am very paranoid. Many resisted doing certain online tasks like e-filing their taxes until I was satisfied with the security of the site. If a member was to ask me if I would use and trust the website as designed today, I would give it a hardy endorsement and say that I would register even if I was not a member of the Technology Committee. I am convinced everything was done to maintain the integrity of the membership information while keeping it confidential.
Finally, I would like to congratulate everyone on a job well done. Specifically, I would like to thank Jake Sherlock for delivering this message for me and congratulate him on a job well done. I also would like to send my highest commendation to Ann Rahn, the ANA’s project manager, who not only did a fantastic job herding the cats but also put up with the special quirks of the members of the Technology Committee. The next time I see them, I owe them a beverage of their choosing!
Thank you for allowing me to be part of this process.