According to Gartner, encrypted traffic now comprises 15%-25% of total web traffic today. But for many businesses, it’s over 50%. The adoption of Transport Layer Security (TLS), and its predecessor Secure Sockets Layer (SSL), to protect web traffic has contributed to our exploding reliance on the Internet for personal use and commercial business.
Our dependence on SSL/TLS continues to rise. Growing concerns and regulations over data privacy as well as the surge in cyberattacks are increasing use of SSL/TLS to encrypt data transmission and authenticate web servers, application servers, load balancers, and other applications.
In addition, Google has called for “HTTPS Everywhere.” As part of this effort, Google is prioritizing search results for sites that provide this secure, encrypted connection. With HTTPS providing better search ranking, even marketing departments across all types of industries are promoting an increase in SSL/TLS use.
But this upsurge in SSL/TLS usage could also be leading to business downfall. Why? Because this growth has also increased the misuse of SSL/TLS keys and certificates, resulting in cyberattacks and network outages. The hard truth is that pervasive SSL/TLS use is only effective if the SSL/TLS keys and certificates themselves are securely managed and protected.
The 2015 Cost of Failed Trust Report, published by the Ponemon Institute, analyzed the impact of attacks on digital trust. It reveals that today’s average enterprise holds almost 24,000 keys and certificates, but the real issue is 54% are unaware of how many keys and certificates they have in use, where they are used, and who owns them. As the use of SSL/TLS increases, this lack of visibility also causes an increase in certificate-related outages—disrupting the systems these certificates were meant to protect. These outages lower productivity and cause lost revenue, profits, and customers.
Here’s another startling fact from the Ponemon report: for four years running, 100 percent of the companies surveyed said they had responded to multiple attacks using keys and certificates. Gartner estimates that by 2017, 50% of cyberattacks will use SSL/TLS to sneak past enterprise security defenses. Unfortunately, many businesses have made it easy for the bad guys to use a company’s own defensive weapons, SSL/TLS keys and certificates, against it. The bad guys understand that organizations are struggling to enforce and automate policies and can’t keep track of what is trusted. If left unprotected, keys and certificates can be usurped by cybercriminals to evade detection and keep their activities cloaked.
Even with this evidence of increased outages and breaches, you can safely expand and rely on SSL/TLS to achieve data security and privacy—with the right key and certificate management and protection. Make it a priority to learn how to automate SSL/TLS key and certificate security and validation to ensure that your data and network resources stay safe. Here are a few steps you can take in the right direction:
- Understand the data protection issues of increasing SSL/TLS usage
- Learn the necessary tasks to address SSL/TLS key and certificate challenges
- Develop key and certificate management and security strategies that ensure trust in your SSL/TLS systems
You can learn more about safely using SSL/TLS on our data protection solution page, or drop me a comment if you’d like to learn more about SSL/TLS key and certificate management and security solutions.