Are you ready for the new SSL landscape
-
Upload
paul-van-brouwershaven -
Category
Documents
-
view
24 -
download
2
Transcript of Are you ready for the new SSL landscape
Are you ready for the
new SSL landscape? Paul van Brouwershaven
Technology Solutions Director
About me Paul van Brouwershaven
Technology Solutions Director
What we provide
User, Machine &
Device
Authentication
Transport Layer
Security (TLS)
Code
Signing Secure
Document
Signing
Identity and
Access
Management
Please open your browser!
• Let us know what you think!
• Scan the QR code and click to answer
globalsign.com/whd-vote/
It’s about you and
your customer!
SSL is dead
And has been for a long time
actually!
TLS & Hosting
GlobalSign and the Hosting industry
API
OneClickSSL
CloudSSL
SNI /
CloudSSL
Security is more than just TLS
• Phishing
• Spam
• Malware
• SQL Injections
• Cross Site Scripting (XSS)
• Authentication & Authorization
• Information leakage
• Storage
• ……
What priority level is TLS in your
security plan?
TLS and Identity
Assurance
Identity Assurance
Domain Validation Certificate
Extended Validation Certificate
• Shows who is behind the padlock
• Enhances trust and improves conversions
What prevents you from providing
certificates with identity
assurance?
Best practice
implementation
ALPN Session
identifiers
Best practices
Legacy
support
Compliance
Cipher
suites
OCSP
stapling
Forward
secrecy
ECC
SNI
Configuration
management
Server &
software
maintenance
HSTS
Legal
restrictions
Key
size
CT
Do you see the complexity of best
practices as an obstacle to
deploying TLS?
How often do you review your
TLS configurations?
Would you switch to a more
efficient ‘protocol’ even if it cost
you a percentage of visitors?
TLS by default
IoT growing requirements
Source: ariasystems.com
HTTP connections indicated as insecure
Source: httpvshttps.com
HTTP/2, SPDY Improves performance
Source: httpvshttps.com
Would you like to provide TLS by
default?