As the General Data Protection Regulation comes into force (in May 2018), businesses of all sizes are getting ready in many different ways to achieve compliance. The aim: protect the personal data of individuals in Europe. Whether your company is in Europe or, like most global enterprises, doing business within Europe, you are responsible for ensuring that people’s personal data is handled with care. This takes on different meanings depending on context, but here, we’re talking about protecting data that lives in parts of your IT infrastructure. In this case specifically, the cache. 

2018 started with a bang!

This is a follow-up example to my introduction to Varnish Total Encryption. In that post, I introduce Varnish Total Encryption as a security countermeasure for cache leaks. Varnish Total Encryption is used to encrypt cache and works with all Varnish storage types. Total Encryption also supports streaming mode, meaning Total Encryption can be used to encrypt and decrypt any kind of HTTP traffic. I also explain that since Total Encryption is completely controlled by VCL, we can extend the ideas of Total Encryption to create larger secured architectures. In this example, we will examine how Total Encryption can use a CDN as secured cloud transport.

It seems like security is now more important than ever in our industry. And just when we think we have things under control, vulnerabilities like Meltdown pop up, forever changing the security landscape as we know it. When we think about what we can do to prevent these vulnerabilities, writing perfect code and designing perfect systems would be great. Obviously that is not always possible, or realistic to expect. It is for these reasons that we design countermeasures. Things like firewalls, WAFs, advanced compilers, static analysis, SSL/TLS, and encryption, these are all examples of countermeasures that can greatly enhance the overall security of our systems. When used properly, these measures can neutralize entire classes of security vulnerabilities and security risks. It is with this in mind that we designed Varnish Total Encryption.