Shifting Infrastructure: How the California Secretary of State Adapts to Irregular Traffic Patterns

The office of California’s Secretary of State is comprised of nearly 500 people dedicated to the areas of elections, business, political campaigning, legislative advocacy, and historical treasures. The office is responsible for implementing electronic filing and Internet disclosure of campaign and lobbyist financial information, serving as the state’s Chief Elections Officer, maintaining business filings, commissioning notaries public, operating the Safe at Home confidential address program, maintaining the Domestic Partners and Advance Health Care Directive registries, safeguarding the state archives, and serving as a trustee of the California Museum.

There were growing concerns within the Secretary of State regarding election fraud from foreign entities given the Russian tampering incidents discovered from the 2016 presidential election. With another election fast approaching, they needed to shore up their website’s security stance to help mitigate these concerns.

The office was interested in a robust cloud environment, namely Amazon Web Services (AWS), which offered flexibility, security, and availability in the cloud for all of their infrastructure needs. AWS’s ability to easily scale up and scale down based on the immediate needs of applications made it an especially appealing cost-saving solution.

InterVision was chosen to help their agency ensure that their website would not be a point of weakness for hackers to tamper with the voting process of future elections. Starting in September 2018, two months before the statewide elections, InterVision migrated the Secretary of State’s (SOS) website and Content Management System (CMS) into AWS and upgrading the CMS to the latest version, all using our Cloud Migration Lifecycle Assurance (CMLA) program. By leveraging the scalability of AWS, SOS no longer needed to be concerned with on-premise hardware (capacity planning, buying and installing hardware, scaling to meet high demand and unused capacity during lulls), since AWS would scale the infrastructure up or down based upon the needs of applications.

We were responsible for not only the migration, but the design and deployment of the architecture, designing and deploying a secure architecture, establishing segmented networks and a fault-tolerant bastion host for secure remote access. We secured communication to the website with Transport Layer Security (TLS) and HTTPS end points and migrated the on-premise MySQL database to AWS Aurora. We configured autoscaling for compute and storage using Elastic Compute Cloud (EC2), Simple Cloud Storage Service (S3), and Relational Database Service (RDS), and modernized the infrastructure management and application delivery pipeline by enabling Continuous Integration/Continuous Deployment (CI/CD) using AWS CloudFormation, AWS CodeCommit and AWS CodePipeline.

We reduced the risk of deployment issues by configuring the application for blue/green deployments, enabling quick rollbacks in case of errors. Additionally, we performed website design and development for the SOS information landing page, a Security Assessment of CMS, and cloud website migration.

The end result was a modernized website that utilized an upgraded CMS and also leveraged cloud based autoscaling and elasticity. These changes alleviated previous performance problems and allowed the SOS website to support the election season without any issues.

AWS Services Utilized:

• AWS Lambda
• AWS Serverless Application Model
• AWS VPC
• AWS EC2
• AWS CloudFront
• AWS WAF
• AWS NACL
• Amazon Relational Database Service
• AWS Aurora
• AWS CloudFormation
• AWS CodeCommit
• AWS CodePipeline
• AWS Node.JS
• AWS Application Gateways
• AWS Security Groups
• AWS Load balancer