Using Tokenization for Superior Data Security Thanks to Google and Facebook, awareness of Transport Layer Security (TLS), formerly known a Secure Sockets Layer (SSL) encryption technology, is now fairly high. In fact, adoption of TLS/SSL is so high among clients and Web servers that IT organizations are now starting to adopt TLS/SSL to secure communications […]
Using Tokenization for Superior Data Security
Thanks to Google and Facebook, awareness of Transport Layer Security (TLS), formerly known a Secure Sockets Layer (SSL) encryption technology, is now fairly high. In fact, adoption of TLS/SSL is so high among clients and Web servers that IT organizations are now starting to adopt TLS/SSL to secure communications between servers.
This week, Varnish Software moved to make it easier to add TLS/SSL encryption to a website by embedding support for it in the enterprise class edition of its open source Web caching software called Varnish Plus.
Varnish CTO Per Buer says rather than forcing IT organizations to add a TLS/SSL encryption from a third-party vendor, Varnish decided to include TLS/SSL support for both clients and servers in Varnish Plus. The goal is to not only make it simpler to deploy TLS/SSL, says Buer, but also reduce the number of vendors that IT organizations actually must engage. Buer says that the client edition of the TLS/SSL code is part of the core open source offering, but the company is charging for the server side implementation as part of Varnish Plus.
While TLS/SSL represents a security advance, Buer notes that because of its complexity, it’s easy to misconfigure. As a result, a website that deploys TLS/SSL might wind up actually being less secure than one that simply uses plain text to exchange data. The reason for that, says Buer, is that kits to hack TLS/SSL have already been developed, whereas plain text has the benefit of not being specifically targeted by a particular exploit.
In fact, Buer notes that even when TLS/SSL is present, it’s not too hard to figure out what content is being exchanged from the metadata being generated. Of course, there’s no such thing as perfect security, and Buer is not advocating that IT organizations shouldn’t use TLS/SSL. It’s just that in its current form, TLS/SSL encryption adds additional security at a fairly steep cost in terms of what it takes to configure it properly.
Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
