Dunelm’s ecommerce stack, optimized to be 978% faster and more secure with Fastly

The challenge

Dunelm developers modernized the company’s e-commerce platform, deploying AWS in a customized solution, but realized they had to work with an external CDN provider. An Akamai affiliated offering was selected. However, the level of service was unacceptable for a company determined to scale and continuously improve the user experience.

“Our e-commerce modernization project was so successful, we needed to find a CDN partner that could keep up with us. And we needed to migrate quickly, because we were nearing the end of the contract with our previous provider. That’s when we turned to Fastly,” explains Jan Claeyssens, DevSecOps principal engineer at Dunelm. “Fastly provides the speed, performance, and flexibility we need.”

The solution

Dunelm uses Fastly Next-Gen WAF, Fastly CDN, and Fastly Bot Management to enhance developer productivity, security, site performance, and gain valuable insights into changing consumer behavior.

The company’s developers find it easier with Fastly to deliver more frequent feature updates and new releases, such as customer data tools, AI-driven product recommendations, and DevOps experimentation, Claeyssens says.

Fastly solutions also help the Dunelm developers ensure security by design. “Fastly plays a key role in our security efforts, because our configurations are built into infrastructure as code (IaC) using Terraform,” he says.

Consumers benefit from the highest quality user experiences. “Fastly’s CDN dramatically improves our website performance, and the Image Optimizer elevates the end-user experience with faster load times,” he says.

Improve the user experience with fast load times

With Fastly CDN, the company saw a 978% improvement in homepage speed and an 800%-900% faster page load speed across key pages, significantly enhancing user experience. This improved responsiveness empowered developers to deliver more frequent feature updates and new releases, scaling their deployment frequency from just 1 per month to 200 per month—a 200x increase that enabled continuous innovation. “We see tremendous speed improvements with Fastly CDN. The Image Optimizer reduces load times significantly and that improves the end-user experience,” Claeyssens says.

Create secure code by default

Fastly’s developer-friendly platform makes things easier for DevOps. Claeyssens’ team collaborates with the Dunelm platform engineering team to create repositories with templates for configuring the Fastly CDN and Next-Gen WAF securely by default. “With pre-built templates with secure-by-design settings, developers don't have to think about security—their code simply works securely from the outset,” he says.

Clear the cache in milliseconds with Instant Purge

With Fastly's Instant Purge, releases and experiments are easier, too. The previous CDN took 15 to 30 minutes to clear the cache. By contrast, Fastly does it in milliseconds. “With Fastly, our developers release new functionality and features daily, knowing the cache will be updated immediately,” Claeyssens says.

Streamlined Terraform Configuration with GiLab, Datadog & More

Claeyssens appreciates the ease with which the DevSecOps team at Dunelm can create rules to block Tor traffic, malicious IP ranges, and specific user agents on the Next-Gen WAF. And by using Terraform, the team ensures the changes are traceable. "We configure both the Fastly CDN and the Next-Gen WAF with Terraform, creating rules specific to our services. This way we ensure auditability, version control, and peer-review for Git repository hygiene,” he says.

The ability to use popular toolsets like Terraform for security rules, GitLab for CI/CD, and Datadog for observability enables the DevSecOps team to serve developers where they live, using tools they already know. This approach integrates security directly into development processes, streamlining workflows and providing 23% improved basket performance, which contributes directly to business outcomes. “Fastly plays a key role in our security efforts, because our configurations are built into infrastructure as code (IaC) using Terraform,” Claeyssens says. “Developers can see everything they need in our CSV pipelines for automated workflows.”

Gain real-time insights for proactive security

The DevSecOps team keeps an eye on the threat landscape as it changes. While using Fastly Bot Management, Claeyssens’ team saw that consumers now shop using AI tools, like ChatGPT and the Perplexity search and answer engine, which has implications for security. “Instead of seeing customer IPs in our logs, we now see the IPs of the AI services they’re using. In addition to creating challenges for personalization, this consumer behavior raises questions to inform our security strategy. Attackers can exploit these AI services,” he says.

Key takeaway

Claeyssens recommends Fastly to any company that values its developers and invests in their technical capabilities. “Fastly provides excellent tools—Next-Gen WAF documentation, the VCL playground, and Fastly Academy- to guide your developers through the learning curve.”

He continues, “And Fastly has fantastic people on their account management and technical teams who really help your developers get up to speed. Once set up, you’ll have a high-performing platform that is flexible and reliable.”