Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 30 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

A bright future for the certificate authority sector

by The Gurus
November 22, 2013
in Opinions & Analysis
Share on FacebookShare on Twitter

The certificate authority (CA) industry may have had a bad year back in 2011 but, according to one of its survivors, 2013 finds it in a better place.

Speaking to IT Security Guru, Henry Krumins, a senior director at GlobalSign, said that 2011 was a bad year for the industry, but said that “it defines who you are”.
“It was a bad year for the certificate authority industry, but SSL is far from broken and it’s still the best thing out there today. The events of 2011 galvanised the industry and as CAs are always likely to be a target for hackers, our core focus is more so now than ever before on how to mitigate these continuing threats and coming out of this eventful period has made the industry stronger,” he said.
Since then there has been little talk of certificate security, but in the past month the issue of certificate trust has been raised as US government SSL certificates expired in the recent shutdown.
Krumins claimed that this situation could have been avoided, as there are lots of CA tools for automatic renewal, but said the main problem here was  that as SSL certificates began to expire, website visitors were clicking through the warning messaging to reach their government run sites, inherently trusting it, but ignoring the browsers’ forewarnings.
“If website owners are letting their certificates expire and end users are more commonly seeing these warning messages, especially on highly trusted sites such as government owned ones, then it will desensitise users to website security. They will learn the behaviour to automatically click through the warning messages and one day could easily be sent to a spoof site”, he said.
He went on to say that the industry should be informing users that if they see a warning that essentially says “don’t trust this website” or “the SSL certificate on this site has expired”, it is not a good thing and they should not automatically bypass these advanced browser warnings.
Asked if there is a genuine risk to users and businesses about an expired certificate, Krumins said that even through the certificate has expired, it is still a secure connection with an SSL handshake, but users must not trust it.
“The danger from a business perspective is with regards to trust and who actually owns the site.  If the SSL certificate has expired, the site is no longer verified by the issuing certificate authority and the site could be fraudulent. The reputation of the business can therefore be damaged as you wouldn’t trust the business after a period of time if warning messages continually appeared.  The danger to the user as previously mentioned is that they too easily become desensitised to such warning messages and trust a site that could be a falsified.  As a responsible CA we want the user to be safe and properly consider what is and what isn’t a trusted site. So if the site has this warning, they should lose that trust,” he said.
“If end users are desensitised in this way, you want to say ‘access this site at your own peril!’.  Browser vendors currently do a good job at warning users even though messaging may vary slightly and there are tools out there for businesses to renew certificates and CAs go a long way to make it easy for them.”
GlobalSign, who was the first
CA in Europe, is unique. They want to restore trust in digital certificate security and make SSL a better understood technology, and are doing more than any other CA to improve the SSL ecosystem. They are leading the way with many initiatives, including making secure sites load faster so to improve its deployment. They also have forged technology partnerships with leading companies such as StopTheHacker, Netcraft and Qualys to offer value-added services for the full lifetime of their SSL certificates for on-going website security, such as malware monitoring, phishing alert detection and a SSL configuration checker tool.
“GlobalSign is arguably the largest pure-play Certificate Authority. Our focus has been, and always will be, on providing convenient and highly productive digital signature solutions for organisations of all sizes.” concluded Krumins.
For more information, visit www.globalsign.co.uk
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

People and processes will save the evolving CISO, not just technology

Next Post

Mobile report reveals dangers of the night

Recent News

Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information