Cloud Security

Compliance

Start your free trial

In-memory caching

Traditional CDNs send sensitive data on a separate network that has less capacity than their main network, or they pass it directly to the customer’s origin. Both approaches cause slower response times, and bypassing the CDN altogether leads to extra load on the origin server. With Fastly, you can cache cardholder data in a compliant manner at the edge. Our servers have huge RAM capacity, allowing us to hold this data in memory, without writing to disk. Remove data instantly with Instant Purge or by setting a short time to live (TTL).

Object-level control

Fastly protects data subject to PCI or HIPAA requirements down to the content-object level. We offer greater control over cacheable objects and those that need to be treated as sensitive, and not cached for compliance reasons. You can flag content as sensitive via header responses from the origin, signaling to Fastly to only store that content in RAM, never writing it to disk. This fine-grained control allows you to increase your cache hit ratios while maintaining compliance.

Audit Log Data

Fastly also provides API audit logs for user activity related to your service or account. When a change occurs, we capture who made that change and when it occurred. Some examples of logged events include failed logins, password updates, API key creation, and when users are added, updated, or deleted. You can also see when user accounts are locked or unlocked, and when two-factor authentication is enabled or disabled. Real-time access to this log data helps improve monitoring and ensures your configuration settings are more secure.

Compliance Services

Our Compliance Services provide additional support for customers handling sensitive data that may be subject to audit requirements. We offer access to a library of third-party audit reports and certification attestations in addition to security-related policies and procedures. Executive summary reports are available for annual risk assessments, penetration tests, and network scans. Subscribers to Compliance Services can also use professional service hours to conduct direct audits of Fastly.