Cybersecurity requires more than just a single action or approach because threats exist on many levels. Some of the biggest threats, in fact, can be internal: employees who aren’t fully aware of cybersecurity threats like phishing are a risk; incorrect configurations within your infrastructure can bring your website down (in fact, configuration errors can bring down half the internet). Cybersecurity isn’t just about securing web traffic through transport layer security (TLS) or putting up a firewall, even though these are necessary fundamentals.
Good security is also about making sure you create security by design, which includes the aforementioned tactics alongside other robust practices and layers of protection that work together to ensure better cyber hygiene and security.
All roads lead to good code
Most security vulnerabilities come from bugs, which open the door to denial of service attacks, code injections, or data leakage. Well-written, well-tested high-quality code is a good place to start in fortifying yourself and becoming less vulnerable to common classes of cyberattack.
Safe traffic transport
TLS is the de facto standard for private, safe traffic transport, as it is obvious now that HTTP traffic is HTTPS by default, making it less vulnerable to interception. TLS enables two advantages:
- TLS ensures that you can trust that the server you’re reaching is authentic
- TLS connections are private, so that your details, such as a credit card number, cannot be stolen if a bad actor attempts to intercept traffic between you and the server you’re communicating with.
Another extension of TLS is mTLS, which simply means “mutual TLS“. mTLS authentication ensures that traffic moving in both directions (client and server) is secure and trusted, which is more secure than regular TLS (which only requires the server to prove its identity, but it will accept connections from anyone). With mTLS, only trusted clients can even connect to the server, which is necessary for zero-trust security models, which are becoming more prevalent.
Putting out fires: Web application firewall (WAF)
Most sites use WAF technology to make sure that incoming requests sent to the origin are genuine and not malicious, working with up-to-date security rules to detect and stop bad traffic from ever hitting your origin.
Bad things happen when your origin server becomes unavailable, so you want to protect it at all costs. Using additional layers of caching in front of your origin as a protective shield, you can ensure uptime, reduce outages, and make your content delivery more efficient -- and thwart the kinds of downtime that are becoming more common as content delivery has become more centralized.
As data breaches become more common, and aren’t easy to prevent entirely, encrypting cached data is a clever way to keep attackers from being able to use or read the data at all.
A helping hand
Varnish Software has believed since the beginning in security-by-design strategies and focuses on these tactics and more in building a vigilance-on-all-fronts approach to secure, high-performance content delivery.