This is a follow-up example to my introduction to Varnish Total Encryption. In that post, I introduce Varnish Total Encryption as a security countermeasure for cache leaks. Varnish Total Encryption is used to encrypt cache and works with all Varnish storage types. Total Encryption also supports streaming mode, meaning Total Encryption can be used to encrypt and decrypt any kind of HTTP traffic. I also explain that since Total Encryption is completely controlled by VCL, we can extend the ideas of Total Encryption to create larger secured architectures. In this example, we will examine how Total Encryption can use a CDN as secured cloud transport.
It seems like security is now more important than ever in our industry. And just when we think we have things under control, vulnerabilities like Meltdown pop up, forever changing the security landscape as we know it. When we think about what we can do to prevent these vulnerabilities, writing perfect code and designing perfect systems would be great. Obviously that is not always possible, or realistic to expect. It is for these reasons that we design countermeasures. Things like firewalls, WAFs, advanced compilers, static analysis, SSL/TLS, and encryption, these are all examples of countermeasures that can greatly enhance the overall security of our systems. When used properly, these measures can neutralize entire classes of security vulnerabilities and security risks. It is with this in mind that we designed Varnish Total Encryption.
All European businesses (and in fact all companies that do business with Europe) have at least one thing in common until May 25, 2018. They are all busting their balls to comply with the new General Data Protection Regulation (GDPR) when it comes into force at that time. The reason? The consequence of non-compliance can result in a hefty fine worth 4% of the company’s annual revenue. For most businesses, getting such a fine is not a risk worth taking.