Don’t ‘cache’ out: strengthen cache security & comply with GDPR

As the General Data Protection Regulation comes into force (in May 2018), businesses of all sizes are getting ready in many different ways to achieve compliance. The aim: protect the personal data of individuals in Europe. Whether your company is in Europe or, like most global enterprises, doing business within Europe, you are responsible for ensuring that people’s personal data is handled with care. This takes on different meanings depending on context, but here, we’re talking about protecting data that lives in parts of your IT infrastructure. In this case specifically, the cache. 

You probably already know the function of a cache: storing information after accessing it once so that your application does not have to repeatedly re-access the data from the backend. Caching, essentially, boosts performance and scalability. With the introduction of GDPR, the cache is one piece of the puzzle that needs attention. 

Cache security can encompass different things: most use defensive coding practices and secure design. But security has not always been a key component in cache design, leading to serious vulnerabilities that have been reflected in a number of high-profile security breaches, such as Cloudbleed and Meltdown.

How to take cache security to the next level

A couple of technical solutions exist to help secure your cache and become GDPR compliant.

Total cache encryption to prevent cache leaks

GDPR encourages the encryption of personal data, which makes leaked data useless. Applying complete encryption to every cache object is one way to prevent these kinds of leaks. Varnish Total Encryption, a solution that assigns each cache object its own unique encryption key based on the Advanced Encryption Standard (AES), prevents an entire class of cache vulnerability, the cache leak. Even in the event of a leak, objects in an encrypted cache are gibberish, and each object is uniquely encrypted with its own key.

TLS support

TLS has been used for a long time to ensure secure communication between servers and browsers. It has become a virtual requirement and can protect traffic between the frontend - which enables security between the edge and the cache server - and the backend - from which missing content is fetched by the cache. With encrypted TLS, an organization with fully encrypted data centers or that have web servers in different locations from their cache servers, backend TLS is important between caching nodes and backend server to ensure encryption from end to end.

How to secure your cache for GDPR

GDPR requires companies that experience security breaches to notify their local authority. But companies that have implemented cache encryption won’t have to worry about this since stolen data will be useless to third parties.

If you are preparing for GDPR and want to keep your cache from being a weak link in your GDPR chain, here’s your last chance to join us for our live webinar, How to Make Your Cache Infrastructure GDPR Compliant, on February 13th.


Topics: GDPR, gdpr compliance, data protection, total encryption, cache encryption


2/8/18 12:30 PM by Hildur Smaradottir

All things Varnish related

The Varnish blog is where the our team writes about all things related to Varnish Cache and Varnish Software...or simply vents.


Recent Posts

Posts by Topic

see all