The statistics around data breaches and personal information misuse are alarming. In the United States alone, there is a new victim of identity theft every two seconds. As of June 2020, at least 16 billion records (including personally identifying information, credit card numbers, and sensitive information) were breached or leaked. The United States Federal Trade Commission (FTC) received more than 1.4 million complaints about identity theft in 2020 (up from 651,000 in 2019). More than 33 percent of Americans, according to a Proofpoint survey, claim to have experienced identity theft. IBM statistics indicate that the average cost of a data breach is almost four million USD.
Since COVID-19, with more people working and shopping from home, there are considerably more vulnerabilities to exploit and more sensitive, unsecured data being exchanged.
At the same time, one of the fundamental tenets of web performance and enabling the continued flow of information is caching. And when you cache data, the cache itself is exploitable. However cached information is accessed, any kind of data leak or data breach poses risks. Meanwhile, we see the problem of data privacy and security continue to balloon at a global level.
Cache encryption: Encrypt data to make breached data useless
As data breaches loom (and boom), there are ways to mitigate the risk and to ensure that even if bad actors get their hands on data, that data is rendered unusable. Data leaks happen, but it’s possible to patch the holes by making sure that leaked data cannot be read by just anyone.
In parallel, these mitigation factors can’t impair web performance: you still need to cache data to ensure high-performance content delivery. A few years ago, a new class of vulnerability appeared on the cybersecurity scene: the cache leak. Virtually all online entities use caching to improve efficiency, but that means there is a lot of data stored in a tightly packed space with easy access. This makes the cache uniquely vulnerable, as we saw with Cloudbleed and Meltdown vulnerabilities in 2017 and 2018. These kinds of vulnerabilities have not disappeared in the years since, instead becoming more common.
Data protection from a caching perspective requires a total cache encryption solution, which uses encryption keys to make each and every cached data item unreadable to unwanted and unauthorized eyes. This neutralizes the threat of a cache leak.
Varnish Total Encryption is a flexible Varnish Configuration Language (VCL) based type of encryption. Total Encryption can easily become part of your larger architecture and comprehensive security strategy.