Defense by Design: How Caching Enables Resilience

Defense by Design: How Caching Enables Resilience


Thought leadership articles by IABM and our members
Articles taken from IABM's journal and at show papers
To submit your article email

Defense by Design: How Caching Enables Resilience

Journal Article from Varnish Software

Mon 15, 08 2022

Adrian Herrera

Chief Marketing Officer, Varnish Software

Business resilience depends on reliable cybersecurity, but relying only on traditional security tools can leave aspects of your business vulnerable. Resilience for digital business starts with high availability and scalability – guaranteeing performance and uptime for websites and apps, no matter what levels of traffic are thrown at them. This can be achieved with caching technologies.

Securing your platform for high-performance content delivery with secure-by-design principles is one layer of a complete resilience strategy. An additional layer, of course, is your specific approach to cybersecurity and data privacy.

Technology drives business resilience and continuity

Digital performance is tied directly to business resilience, even if the connection is not immediately obvious. While there are many types of disruption that can interfere with business continuity – pandemics, unpredictable supply chains, and so on – there are aspects you can control. Technology and operational resilience, according to consulting firm PwC, for example, drive stable core business functions in the face of uncertainty.

During COVID, as an example, the sudden shift to remote work, a boom in e-commerce, and a streaming-entertainment tsunami, taxed the very foundations of the internet (and it proved resilient). Businesses that invested in the availability of key technology found themselves able to handle shifting demands. Many of these investments included cache-management strategies, which secured origin shielding and uptime, enabling business-continuity and security.

Reducing the complexity of resilience and security

As the traffic challenges posed by COVID have faded (or become the norm), different challenges to business resilience have arisen. The most pressing challenges are cyber threats in the form of malware, data hijacking, DDoS and ransomware attacks. Business continuity rests on technical foundations, and IT-related transformation has helped to reduce the complexity of infrastructure. Yet, even the most modern solutions and security tools do not keep every threat at bay.

Multiple security layers and cache-related mitigation techniques ensure that you have more control over traffic management and caching policy in addition to your more comprehensive security measures.

Standard resilience solutions: First line of defense

A standard cybersecurity strategy is your actual first line of defense, but cache-based solutions should play a key role as part in securing digital business stability. What kinds of solutions are these?

Front and backend TLS transport: Secure traffic

TLS is the standard for private, safe traffic transport and enables two key advantages:

TLS ensures that you can trust that the server you’re reaching is authentic

TLS connections are private, so that your details, such as a credit card number, cannot be stolen if a bad actor attempts to intercept traffic between you and the server you’re communicating with.

Another extension of TLS is mTLS, which simply means “mutual TLS“. mTLS authentication ensures that traffic moving in both directions (client and server) is secure and trusted, which is more secure than regular TLS (which only requires the server to prove its identity, but it will accept connections from anyone). With mTLS, only trusted clients can even connect to the server, which is necessary for zero-trust security models, which are becoming increasingly common.

Web application firewall (WAF): Put out the fire before it starts

Most websites employ WAF technology to ensure that incoming requests are genuine and not malicious, working with up-to-date security rules to detect and stop bad traffic from ever hitting the origin server.

Total cache encryption: Render stolen data useless

Data breaches have become more common and difficult, and data privacy laws and regulations (such as GDPR and CCPA) are coming under stricter enforcement. Encrypting cached data is a clever way to keep attackers from being able to use or read stolen or leaked data. Total cache encryption enables secure business resilience in terms of both regulatory compliance and in being able to avoid steep financial penalties associated with non-compliance when data leaks and breaches do occur.

DDoS and cache poisoning: Limit the damage

Hackers and bad actors have a lot to work with if you’re not defending your operations. In particularly challenging or unstable times organizations have seen their sites and apps flooded by traffic – some of it legitimate, but just as often, floods come in the form of DDoS attacks and botnets. It’s during these overload periods when mistakes are made, security is compromised, and data privacy gets breached.

The consequences to business can be expensive:

An average DDoS attack for a large business costs an average of $2 million USD; for an SMB it’s about $120,000 USD.

An average data breach costs $3.9 million USD.

The loss of trust, loss of business, and downtime can tarnish a brand and lead to lost revenue and tarnish a brand for year to come

With rate limiting, request inspection, and throttling, DDoS attacks can be stopped in their tracks, or at the very least, limited in the damage they can do. By using the right caching technology your website can stay operational during an attack.

Beyond security tools: Mitigation techniques as a second defense layer

Cybersecurity requires more than just a single action or approach because threats exist on many levels. Some of the biggest threats, in fact, can be those that seem innocuous. You may be so busy preventing attacks at the perimeter of your network and guarding against other vulnerabilities that you fail to see that some of the biggest threats are based on social engineering or human error. Employees who aren’t fully aware of cybersecurity threats like phishing are a risk. Incorrect configurations within your infrastructure can bring your website down, (in fact, configuration errors can bring down half the internet). And, a spike in the popularity of an item in your online store, the release of breaking news or an in-demand streaming title can all bring your site down. Yes, even your success can bring you down!

This is why security from a business resilience perspective requires big-picture thinking and planning for performance regardless of the disruption you face.

Origin shield: Protect your servers

Bad things happen when your origin server becomes unavailable, so you want to protect it at all costs. Using additional layers of caching in front of your origin as a protective shield, you can ensure uptime/high availability, reduce outages, and make your content delivery more efficient – and thwart the kinds of downtime that are becoming more common as content delivery has become more centralized.

Access control: Customize your authentication and authorization policies

Not everyone needs access to everything in your system, just as not every external visitor to a website needs access to all the content in your CMS. Customizable authentication and authorization policies for access control and paywalls are one way to secure your assets.

Good code: Code defensively

The vast majority of security vulnerabilities come from human-created configuration errors and bugs, which open the door to denial of service attacks, code injections, or data leakage. Well-written, well-tested, high-quality code is a good place to start in fortifying yourself and becoming less vulnerable to common classes of cyberattack.

These are just a few of the reasons how caching technology can be utilized to protect you from the myriad of issues that can impact business resilience. The good news is that this type of protection can be seamlessly added to your existing operations whether in cloud, on-premises or hybrid. If security and business resilience is critical to you and your company and you haven’t employed caching technology you should ask your reliability and IT staff why and send them our way if they have any questions. We are happy to help.

Search For More Content