SlideShare uma empresa Scribd logo

The Hidden Costs of SelfSigned SSL Certificates

RapidSSLOnline.com
RapidSSLOnline.com

Thawte CA has researched on estimate hidden costs of selfsigned SSL certificates. Read it before you go for selfsigned SSL.

Internet
1 de 6
Baixar para ler offline
The Hidden Costs of Self- Signed SSL Certificates WHY SELF-SIGNED CERTIFICATES ARE MUCH COSTLIER – AND RISKIER – THAN WORKING WITH A TRUSTED SECURITY VENDOR
2 The Hidden Costs of Self-Signed SSL Certificates Even when business is booming, smart companies always have an eye on the bottom line. Security is not usually one of the first places companies look to trim expenses, but some IT professionals believe that they can easily lower costs by eliminating third-party Secure Sockets Layer (SSL) Certification Authorities (CAs) from the budget equation. Although spending money on SSL security for external facing sites–such as the company home page or e-commerce pages – seems necessary, some IT professionals think that self-signed SSL certificates are an acceptable alternative for internal sites. They believe that, since only internal employees have access to servers that host internal-facing sites such as intranet portals and wikis, self-signed certificates provide adequate protection at practically no cost. However, this kind of reasoning can backfire – badly. The Total Cost of Ownership (TCO) of an SSL certificate is far more than just the price of the certificate. From security hardware, to management software, to data center space and more, the costs of establishing a secure self-signing architecture can quickly add up. Not only that, but a do-it-yourself approach to SSL security may put an organization at risk – from both technical and business perspectives–in a variety of ways. This paper explores the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor. Before a company decides to use self-signed certificates, these issues deserve careful consideration. Third-Party Verified Versus Self-Signed Certificates When the SSL protocol debuted in 1995, the world finally had a foundation for a safe and secure way to transact business over the web. Since then, SSL has evolved to be the single most important authentication protocol used in web- based transactions. Why is SSL necessary? Most web traffic goes over the Internet in an unencrypted form. This means that anyone with sufficient technical expertise and tools can easily “eavesdrop” on the conversations between two parties. SSL security encrypts the data moving between a web server and a browser, making it extremely difficult to intercept and decode the information. However, SSL security goes beyond mere encryption. From a purely technical perspective, Public Key Infrastructure (PKI) does an excellent job of safeguarding data transfers, but it leaves a gaping hole in the security of a transaction. How can parties to the transaction be sure they are communicating with the proper participants? For example, if a customer is trying to purchase an expensive camera at the web site of an online retailer, the business must be able to confirm its identity to the customer. Otherwise, the customer’s credit card information is encrypted when in transit, but if the retailer’s web site has been spoofed, all of that well-encrypted data may be sent to a cybercriminal who can easily decrypt it. This is where the importance of third-party validation is most apparent. A certificate signed by a trusted, independent CA helps ensure the organization that owns the certificate is indeed what it claims to be. From a technical standpoint, however, third-party validation is not essential for SSL security to function. Organizations can “self- sign” certificates. When companies use self-signed certificates, in effect they are saying, “I verify that I am myself. Trust me.” However, to standard web browsers such as Internet Explorer and Firefox, this guarantee is meaningless. Users who try to access a site “protected” with a self-signed certificate will usually get an error message that says the signing entity is unknown and not trusted. Not surprisingly, this kind of message scares off potential customers, partners, and other stakeholders. For this reason, few businesses will self-sign external-facing web sites. Retaining user trust is simply too important.
3 Internal-facing sites and servers, on the other hand, present a different use case scenario for SSL certificates. Corporate email servers, Human Resource (HR) portals, wikis for individual project management, software development sandboxes – these are just a few of the internal sites and servers that are often the primary candidates for internal certificates. Do organizations really need third-party signed certificates when only employees access these areas? Once again, when a business uses a self- signed certificate, it asks its employees to trust that its systems are secure. Even if they will – should they? The High Cost of Infrastructure for SSL Security DATA CENTERS AND PHYSICAL SECURITY Self-signed certificates are inherently less trustworthy than those signed by leading CAs. Reputable third-party CAs have robust processes in place to help ensure that their encryption keys, especially their highly sensitive private “root” keys, are kept safe. For these CAs, security is always a top priority: Personnel are rigorously vetted and highly trained, and these CAs have strict policies concerning where private keys are stored. In fact, if a CA wants to be approved by mainstream web browsers, these keys must be kept on non-extractible storage on smart cards. To offer strong SSL security, a CA must also provide high- availability and failover mechanisms to prevent system failure. This helps to ensure that it can provide the proper authentication on demand whenever users need it. Replicating this infrastructure to match the high security standards in place at leading CAs requires a number of costly components. First, an organization must have High-Availability (HA) replication of the SSL system and data. A second, related requirement is that this replication must be achieved using two different secure rooms in two different data centers in two separate locations. This helps to ensure that if one data center goes down, due to power loss or other unforeseen factors, the other will be there to provide backup authentication. Without replication across data centers, servers and browsers would not be able to complete the authentication process and vital SSL- protected transactions – such as credit card purchases at an e-commerce site or uploading new employee information to an HR portal – would stop. Moreover, the data centers housing the SSL systems and data themselves also need to be secure, which means establishing strict physical security measures. In addition to screening employees who would have physical access to data rooms, these extra precautions would include installing key card readers to grant entry to locked areas, mounting video surveillance cameras, and even hiring security guards to do regular walk- bys. If an unauthorized person gained access to these restricted rooms, he or she could obtain the key to crack encrypted data, once again putting transactions at risk. The basic cost for a secure, one-rack colocation data center room – with all connectivity and utilities included–can range from $1,000 to more than $10,000 per month.1 Adding more racks, increasing bandwidth, or utilizing technical support can raise costs even more, often by hundreds of dollars. Not only that, but all of these expenses will double to replicate data in two data centers. Clearly, the costs of maintaining the physical infrastructure and security needed to protect SSL encryption and authentication processes are more than many businesses can afford. HARDWARE COMPONENTS Although you can easily acquire free or very low-cost software that will allow you to generate self-signed SSL certificates, you will still need a Hardware Security Module (HSM) for each data center to manage encryption. And each HSM will need to be under a support contract to ensure business continuity. An SSL HSM is a secure crypto-processor – a physical piece of hardware–dedicated to managing digital keys and for authenticating private keys in a PKI SSL protocol system. An HSM has three purposes. First, it securely generates public and private keys for encrypting transactions over the web. Second, it securely stores keys in a way that prevents them from being extracted. Third, it allows companies to manage sensitive cryptographic data. HSMs are highly specialized pieces of hardware that are usually quite expensive, ranging from $13,000 on the low end to upwards of $30,000 each. Once again, for purposes of replication and achieving high availability, any SSL infrastructure needs at least two HSMs, one for each data center. 1. Multiple sources: http://www.hostventures.com/colocationprices.html, http://www.datacenterknowledge.com/archives/2011/02/11/analysis-colocation-pricing-trends/
4 Finally, companies use HSMs to offload application servers for both asymmetric and symmetric cryptography, though this is less relevant today. Even though the National Institute of Standards and Technology (NIST) recommends that companies use 2048- bit RSA keys, SSL encryption does not significantly affect system performance. MANAGEMENT AND PERSONNEL Beyond pure hardware costs, the time and expense associated with finding and training skilled professionals to manage self- signed SSL security – as well as to create policies to govern the use of SSL certificates – are also a major consideration. Tools that allow you to self-sign certificates – such as Microsoft Certificate Authority – do not include certificate management functionality. Given that, organizations will need to plan and implement robust processes to help ensure that SSL protocols are being strictly followed. Without such safeguards, anyone could ask for an SSL certificate and receive it, which in turn would allow anyone to spoof a supposedly “secure” site at will. First, an organization needs to carefully control who has the authority to create and sign certificates for its domains, and establish processes for ensuring that this is done according to established policies. Such policies would include requiring that only personnel of sufficient tenure and trust have authority to create and sign certificates, and that they are adequately trained in best practices, standards, and technologies. This authority should not be given lightly, and a clear audit trail is needed in case an investigation is ever required. Second, leading third-party CAs typically offer web-based applications with easy-to-use management interfaces that automate and accelerate many processes, including delegating authority for creating certificates and approving certificates for signing by the CA. Certificate Signing Requests (CSRs) must eventually be approved by someone vested with authority for a particular domain. Trusted CAs have robust automated procedures in place to help ensure that all of this occurs as prescribed. Third, if an organization decides to use self-signed certificates, it will need processes similar to those described above. Some businesses attempt to automate the SSL security workflow by writing custom software, but many simply attempt to manually manage the processes. This takes a considerable amount of time and effort from highly skilled and trusted staff – which may mean more highly paid senior employees. Fourth, without the management tools and alerts that often come with certificates from a trusted CA, organizations will not be notified when certificates expire. The expiration of self-signed certificates – as well as their renewal – will need to be tracked manually, an extremely time consuming task that can take skilled personnel away from other mission-critical work. The cost of expired SSL Certificates is unacceptably high; “rogue” certificates can create an uneven patchwork of security, leading to warning messages that may negatively impact customers and internal stakeholders alike. Finally, with software-only encryption, visibility into status can be severely limited. Unless the keys are stored in hardware, organizations cannot guarantee that it knows how many keys exist and who has had access to them. If the network is compromised, a company has no way of knowing if a key was copied off-site and is being compromised as well. After all, keys are essentially just files, and file servers, virtual file systems and servers, and Storage Area Networks (SANs), or Network Attached Storage (NAS) systems, can be backed up, duplicated, and replicated. That makes it difficult to know how many copies of a key exist and where they are located. It’s also more difficult to control access to them and harder to enforce policies. When keys are stored in hardware, as in an HSM, the keys are typically generated on these devices – which in itself means the keys are stronger – and they never leave the device. This means organizations always know exactly where the keys are and how many copies exist. They can enforce better policies to the keys as many HSMs allow the use of strong, two-factor authentication for policy-based access, such as limiting the signing of certificates to those times when two authorized persons are present. Retaining personnel who possess the right talent and expertise to perform all of these management tasks is expensive. According to ComputerWorld’s IT Salary Survey 2011,2 mid-level security professionals earn approximately $100,000 a year. Depending on the size of an organization, the expense of hiring even one experienced worker could raise the cost of self-signed SSL security above a reasonable threshold, particularly when compared to the cost of using a trusted third-party SSL vendor. 2. April, 2011. http://www.computerworld.com/s/article/9214739/Salary_Survey_2011.
5 A company could always choose to outsource infrastructure management, but this tactic not only adds additional cost, it also raises other key questions: Who is going to manage the outsourcer? What happens if the outsourcer makes costly mistakes? Adding to these concerns, infrastructure outsourcers are notoriously difficult to replace given the dependencies that such relationships create. Technical and Business Risks of a Do-It- Yourself SSL Security Strategy In addition to all the “hard” costs an organization may accrue with self-signed SSL certificates, it also faces increased operational risks. Although difficult to quantify, these dangers can add up to substantial expenses if not mitigated. Some of these risks are technical, including the potential for security breaches that can happen at both ends of the encryption/ decryption process if the environment is not secured properly. In addition, it is extremely difficult to revoke certificates in unmanaged, self-signed certificate schemes. Business risks are arguably even more serious than technical ones. Most of these perils involve building trust with customers and end users. Trust is critical for any web-based transaction, whether it’s online banking or uploading personally identifiable information to an internal employee portal. Although the true value of trust is difficult to quantify, not winning the trust of potential customers could be disastrous to revenues. For an internal site, like an HR portal, a lack of trust among employees – who might wonder if their salary histories and other personal data are truly secure – could impact worker morale and productivity. Another factor to consider is the warranty protection that a third-party SSL vendor can provide. These warranties can range anywhere from $10,000 to $750,000 (or more) and are meant to compensate a business if a data breach occurs. Self-signed certificates do not provide warranty guarantees. In addition, a risk of using self-signed certificates internally is that, over time, employees may start to ignore security warnings given by their browsers and begin to add untrusted certificates to their browsers’ store of trusted certificates. Not only can this potentially compromise internal networks and systems, but it can also create a lax attitude toward security across the organization and undermine general policies meant to safeguard internal systems. Finally, with self-signed certificates, organizations are also more at risk of Advanced Persistent Threats (APTs), or attacks with multiple attack vectors, because of the security processes and measures that third-party CAs put into place that are often lacking with internal CAs. For example, the server that the CA is stored and run from might be attached to the same network as other systems, with no additional physical security boundaries. Internal CAs often don’t have biometric access control for the use of the root key that is used to generate certificates. All of this adds up to lower security and less due-diligence in the way certificates are issued. In short, organizations operate under a false sense of security. Adding Up the Overall Total Cost of Ownership (TCO) There are numerous components that make up a strong, reliable SSL security infrastructure. Here is a quick, side-by- side comparison of the costs associated with self-signed SSL Certificates and SSL certificates provided by Thawte, a leading provider of SSL security: Self-Signed Certificates (annually) SSL Certificates from Thawte3 SSL certificates No additional cost $87 - $227/certificate Replicated data center facilities $24,000 - $240,000 Included Hardware Security Modules (HSMs) and related software and maintenance fees $26,000 - $60,000 Included Management/personnel costs $100,000 full-time equivalent employee Included TOTAL $150,000 - $400,000 annually $88,000 - $230,000 (assuming 1000 certificates) 3 Annual costs based on 1,000 SSL certificates given Thawte prices as of June 2012. Prices subject to change without notice.
6 © 2013 Thawte, Inc. All rights reserved. Thawte, the thawte logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Thawte, Inc. and its subsidiaries and affiliates in the United States and in foreign countries. All other trademarks are property of their respective owners. When all of the costs are totaled, self-signed certificates are clearly the more expensive security option, by hundreds of thousands of dollars annually. Working with a reputable CA like Thawte means that an organization can not only save money, but can also enjoy the peace of mind that comes with knowing its SSL security is backed by the expertise and resources of one of the world’s most trusted security companies. Conclusion Although many IT professionals believe that using self-signed SSL certificates can help their organizations lower security costs, the real numbers tell a different story. From data center infrastructure and physical security, to the hardware and software required for the PKI SSL system, to the personnel needed to manage the certificate lifecycle, the true costs of self-signed SSL security can become very expensive, very fast. Both external- and internal-facing sites need strong SSL protection, and working with a reputable third-party provider like Thawte is the easiest, most cost-effective way to protect customers and other stakeholders with best-in-class SSL security. With Thawte SSL Certificates, organizations of any size can afford to secure their sites and protect their reputations without breaking their bottom lines. • Via phone –– US toll-free: +1 888 484 2983 –– UK: +44 203 450 5486 –– South Africa: +27 21 819 2800 –– Germany: +49 69 3807 89081 –– France: +33 1 57 32 42 68 • Email sales@thawte.com • Visit our website at https://www.thawte.com/log-in To learn more, contact our sales advisors: Protect your business and translate trust to your customers with high- assurance digital certificates from Thawte, the world’s first international specialist in online security. Backed by a 17-year track record of stability and reliability, a proven infrastructure, and world-class customer support, Thawte is the international partner of choice for businesses worldwide.

Recomendados

Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
CloudMask inc.
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
Marco Essomba
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
James Sutter
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
RapidSSLOnline.com
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
Data leakage prevention EN Final
Data leakage prevention EN FinalData leakage prevention EN Final
Data leakage prevention EN Final
Zdravko Stoychev, CISM, CRISC
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Bloombase
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
Perforce
 

Recomendados

Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
CloudMask inc.
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
Marco Essomba
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
James Sutter
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
RapidSSLOnline.com
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
Data leakage prevention EN Final
Data leakage prevention EN FinalData leakage prevention EN Final
Data leakage prevention EN Final
Zdravko Stoychev, CISM, CRISC
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Bloombase
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
Perforce
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaks DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaks
Abhishek Sood
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
ClickSSL
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Jack Forbes
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
Richard Blech
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
stefanjung
 
Global Azure Bootcamp 216 - Azure Rights Management
Global Azure Bootcamp 216 - Azure Rights ManagementGlobal Azure Bootcamp 216 - Azure Rights Management
Global Azure Bootcamp 216 - Azure Rights Management
Riwut Libinuko
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
mjschreck
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
caca1009
 
Information Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting EnvironmentInformation Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting Environment
webhostingguy
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
DocuSign
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliance
pcidss14s
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 
Understanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdfUnderstanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdf
WebGuru Infosystems Pvt. Ltd.
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 

Mais conteúdo relacionado

Mais procurados

Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
stefanjung
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
caca1009
 
Information Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting EnvironmentInformation Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting Environment
webhostingguy
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies
 

Mais procurados (20)

Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaks DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaks
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
 
Global Azure Bootcamp 216 - Azure Rights Management
Global Azure Bootcamp 216 - Azure Rights ManagementGlobal Azure Bootcamp 216 - Azure Rights Management
Global Azure Bootcamp 216 - Azure Rights Management
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
 
Information Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting EnvironmentInformation Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting Environment
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliance
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 

Semelhante a The Hidden Costs of SelfSigned SSL Certificates

Is web security part of your annual security audit
Is web security part of your annual security auditIs web security part of your annual security audit
Is web security part of your annual security audit
Dianne Douglas
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
Sam Kumarsamy
 
Website Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website SafeWebsite Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website Safe
Pixlogix Infotech
 

Semelhante a The Hidden Costs of SelfSigned SSL Certificates (20)

Understanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdfUnderstanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdf
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
Is web security part of your annual security audit
Is web security part of your annual security auditIs web security part of your annual security audit
Is web security part of your annual security audit
 
All About SSL/TLS
All About SSL/TLSAll About SSL/TLS
All About SSL/TLS
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
 
Website Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website SafeWebsite Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website Safe
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
 
Introduction of an SSL Certificate
Introduction of an SSL CertificateIntroduction of an SSL Certificate
Introduction of an SSL Certificate
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commerce
 
Importance of SSL.pdf
Importance of SSL.pdfImportance of SSL.pdf
Importance of SSL.pdf
 

Mais de RapidSSLOnline.com

Mais de RapidSSLOnline.com (20)

Tackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google ChromeTackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
 
Viewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonlineViewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonline
 
Compare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data SheetCompare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data Sheet
 
Introducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of EncryptionIntroducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of Encryption
 
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVERGUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
 
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecCybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
 
How to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows ServerHow to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows Server
 
Symmetric and Asymmetric Encryption
Symmetric and Asymmetric EncryptionSymmetric and Asymmetric Encryption
Symmetric and Asymmetric Encryption
 
SSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineSSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonline
 
Geek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationGeek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL Authentication
 
Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?
 
5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report
 
How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?
 
Uncover threats and protect your organization
Uncover threats and protect your organizationUncover threats and protect your organization
Uncover threats and protect your organization
 
A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015
 
Symantec 2016 Security Predictions - Looking ahead
Symantec 2016 Security Predictions - Looking aheadSymantec 2016 Security Predictions - Looking ahead
Symantec 2016 Security Predictions - Looking ahead
 
STRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDSSTRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDS
 
Attacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonlineAttacks on Point-of-Sales Systems | RapidSSLonline
Attacks on Point-of-Sales Systems | RapidSSLonline
 

Último

➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
nirzagarg
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
SUHANI PANDEY
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 

Último (20)

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 

The Hidden Costs of SelfSigned SSL Certificates

  • 1. The Hidden Costs of Self- Signed SSL Certificates WHY SELF-SIGNED CERTIFICATES ARE MUCH COSTLIER – AND RISKIER – THAN WORKING WITH A TRUSTED SECURITY VENDOR
  • 2. 2 The Hidden Costs of Self-Signed SSL Certificates Even when business is booming, smart companies always have an eye on the bottom line. Security is not usually one of the first places companies look to trim expenses, but some IT professionals believe that they can easily lower costs by eliminating third-party Secure Sockets Layer (SSL) Certification Authorities (CAs) from the budget equation. Although spending money on SSL security for external facing sites–such as the company home page or e-commerce pages – seems necessary, some IT professionals think that self-signed SSL certificates are an acceptable alternative for internal sites. They believe that, since only internal employees have access to servers that host internal-facing sites such as intranet portals and wikis, self-signed certificates provide adequate protection at practically no cost. However, this kind of reasoning can backfire – badly. The Total Cost of Ownership (TCO) of an SSL certificate is far more than just the price of the certificate. From security hardware, to management software, to data center space and more, the costs of establishing a secure self-signing architecture can quickly add up. Not only that, but a do-it-yourself approach to SSL security may put an organization at risk – from both technical and business perspectives–in a variety of ways. This paper explores the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor. Before a company decides to use self-signed certificates, these issues deserve careful consideration. Third-Party Verified Versus Self-Signed Certificates When the SSL protocol debuted in 1995, the world finally had a foundation for a safe and secure way to transact business over the web. Since then, SSL has evolved to be the single most important authentication protocol used in web- based transactions. Why is SSL necessary? Most web traffic goes over the Internet in an unencrypted form. This means that anyone with sufficient technical expertise and tools can easily “eavesdrop” on the conversations between two parties. SSL security encrypts the data moving between a web server and a browser, making it extremely difficult to intercept and decode the information. However, SSL security goes beyond mere encryption. From a purely technical perspective, Public Key Infrastructure (PKI) does an excellent job of safeguarding data transfers, but it leaves a gaping hole in the security of a transaction. How can parties to the transaction be sure they are communicating with the proper participants? For example, if a customer is trying to purchase an expensive camera at the web site of an online retailer, the business must be able to confirm its identity to the customer. Otherwise, the customer’s credit card information is encrypted when in transit, but if the retailer’s web site has been spoofed, all of that well-encrypted data may be sent to a cybercriminal who can easily decrypt it. This is where the importance of third-party validation is most apparent. A certificate signed by a trusted, independent CA helps ensure the organization that owns the certificate is indeed what it claims to be. From a technical standpoint, however, third-party validation is not essential for SSL security to function. Organizations can “self- sign” certificates. When companies use self-signed certificates, in effect they are saying, “I verify that I am myself. Trust me.” However, to standard web browsers such as Internet Explorer and Firefox, this guarantee is meaningless. Users who try to access a site “protected” with a self-signed certificate will usually get an error message that says the signing entity is unknown and not trusted. Not surprisingly, this kind of message scares off potential customers, partners, and other stakeholders. For this reason, few businesses will self-sign external-facing web sites. Retaining user trust is simply too important.
  • 3. 3 Internal-facing sites and servers, on the other hand, present a different use case scenario for SSL certificates. Corporate email servers, Human Resource (HR) portals, wikis for individual project management, software development sandboxes – these are just a few of the internal sites and servers that are often the primary candidates for internal certificates. Do organizations really need third-party signed certificates when only employees access these areas? Once again, when a business uses a self- signed certificate, it asks its employees to trust that its systems are secure. Even if they will – should they? The High Cost of Infrastructure for SSL Security DATA CENTERS AND PHYSICAL SECURITY Self-signed certificates are inherently less trustworthy than those signed by leading CAs. Reputable third-party CAs have robust processes in place to help ensure that their encryption keys, especially their highly sensitive private “root” keys, are kept safe. For these CAs, security is always a top priority: Personnel are rigorously vetted and highly trained, and these CAs have strict policies concerning where private keys are stored. In fact, if a CA wants to be approved by mainstream web browsers, these keys must be kept on non-extractible storage on smart cards. To offer strong SSL security, a CA must also provide high- availability and failover mechanisms to prevent system failure. This helps to ensure that it can provide the proper authentication on demand whenever users need it. Replicating this infrastructure to match the high security standards in place at leading CAs requires a number of costly components. First, an organization must have High-Availability (HA) replication of the SSL system and data. A second, related requirement is that this replication must be achieved using two different secure rooms in two different data centers in two separate locations. This helps to ensure that if one data center goes down, due to power loss or other unforeseen factors, the other will be there to provide backup authentication. Without replication across data centers, servers and browsers would not be able to complete the authentication process and vital SSL- protected transactions – such as credit card purchases at an e-commerce site or uploading new employee information to an HR portal – would stop. Moreover, the data centers housing the SSL systems and data themselves also need to be secure, which means establishing strict physical security measures. In addition to screening employees who would have physical access to data rooms, these extra precautions would include installing key card readers to grant entry to locked areas, mounting video surveillance cameras, and even hiring security guards to do regular walk- bys. If an unauthorized person gained access to these restricted rooms, he or she could obtain the key to crack encrypted data, once again putting transactions at risk. The basic cost for a secure, one-rack colocation data center room – with all connectivity and utilities included–can range from $1,000 to more than $10,000 per month.1 Adding more racks, increasing bandwidth, or utilizing technical support can raise costs even more, often by hundreds of dollars. Not only that, but all of these expenses will double to replicate data in two data centers. Clearly, the costs of maintaining the physical infrastructure and security needed to protect SSL encryption and authentication processes are more than many businesses can afford. HARDWARE COMPONENTS Although you can easily acquire free or very low-cost software that will allow you to generate self-signed SSL certificates, you will still need a Hardware Security Module (HSM) for each data center to manage encryption. And each HSM will need to be under a support contract to ensure business continuity. An SSL HSM is a secure crypto-processor – a physical piece of hardware–dedicated to managing digital keys and for authenticating private keys in a PKI SSL protocol system. An HSM has three purposes. First, it securely generates public and private keys for encrypting transactions over the web. Second, it securely stores keys in a way that prevents them from being extracted. Third, it allows companies to manage sensitive cryptographic data. HSMs are highly specialized pieces of hardware that are usually quite expensive, ranging from $13,000 on the low end to upwards of $30,000 each. Once again, for purposes of replication and achieving high availability, any SSL infrastructure needs at least two HSMs, one for each data center. 1. Multiple sources: http://www.hostventures.com/colocationprices.html, http://www.datacenterknowledge.com/archives/2011/02/11/analysis-colocation-pricing-trends/
  • 4. 4 Finally, companies use HSMs to offload application servers for both asymmetric and symmetric cryptography, though this is less relevant today. Even though the National Institute of Standards and Technology (NIST) recommends that companies use 2048- bit RSA keys, SSL encryption does not significantly affect system performance. MANAGEMENT AND PERSONNEL Beyond pure hardware costs, the time and expense associated with finding and training skilled professionals to manage self- signed SSL security – as well as to create policies to govern the use of SSL certificates – are also a major consideration. Tools that allow you to self-sign certificates – such as Microsoft Certificate Authority – do not include certificate management functionality. Given that, organizations will need to plan and implement robust processes to help ensure that SSL protocols are being strictly followed. Without such safeguards, anyone could ask for an SSL certificate and receive it, which in turn would allow anyone to spoof a supposedly “secure” site at will. First, an organization needs to carefully control who has the authority to create and sign certificates for its domains, and establish processes for ensuring that this is done according to established policies. Such policies would include requiring that only personnel of sufficient tenure and trust have authority to create and sign certificates, and that they are adequately trained in best practices, standards, and technologies. This authority should not be given lightly, and a clear audit trail is needed in case an investigation is ever required. Second, leading third-party CAs typically offer web-based applications with easy-to-use management interfaces that automate and accelerate many processes, including delegating authority for creating certificates and approving certificates for signing by the CA. Certificate Signing Requests (CSRs) must eventually be approved by someone vested with authority for a particular domain. Trusted CAs have robust automated procedures in place to help ensure that all of this occurs as prescribed. Third, if an organization decides to use self-signed certificates, it will need processes similar to those described above. Some businesses attempt to automate the SSL security workflow by writing custom software, but many simply attempt to manually manage the processes. This takes a considerable amount of time and effort from highly skilled and trusted staff – which may mean more highly paid senior employees. Fourth, without the management tools and alerts that often come with certificates from a trusted CA, organizations will not be notified when certificates expire. The expiration of self-signed certificates – as well as their renewal – will need to be tracked manually, an extremely time consuming task that can take skilled personnel away from other mission-critical work. The cost of expired SSL Certificates is unacceptably high; “rogue” certificates can create an uneven patchwork of security, leading to warning messages that may negatively impact customers and internal stakeholders alike. Finally, with software-only encryption, visibility into status can be severely limited. Unless the keys are stored in hardware, organizations cannot guarantee that it knows how many keys exist and who has had access to them. If the network is compromised, a company has no way of knowing if a key was copied off-site and is being compromised as well. After all, keys are essentially just files, and file servers, virtual file systems and servers, and Storage Area Networks (SANs), or Network Attached Storage (NAS) systems, can be backed up, duplicated, and replicated. That makes it difficult to know how many copies of a key exist and where they are located. It’s also more difficult to control access to them and harder to enforce policies. When keys are stored in hardware, as in an HSM, the keys are typically generated on these devices – which in itself means the keys are stronger – and they never leave the device. This means organizations always know exactly where the keys are and how many copies exist. They can enforce better policies to the keys as many HSMs allow the use of strong, two-factor authentication for policy-based access, such as limiting the signing of certificates to those times when two authorized persons are present. Retaining personnel who possess the right talent and expertise to perform all of these management tasks is expensive. According to ComputerWorld’s IT Salary Survey 2011,2 mid-level security professionals earn approximately $100,000 a year. Depending on the size of an organization, the expense of hiring even one experienced worker could raise the cost of self-signed SSL security above a reasonable threshold, particularly when compared to the cost of using a trusted third-party SSL vendor. 2. April, 2011. http://www.computerworld.com/s/article/9214739/Salary_Survey_2011.
  • 5. 5 A company could always choose to outsource infrastructure management, but this tactic not only adds additional cost, it also raises other key questions: Who is going to manage the outsourcer? What happens if the outsourcer makes costly mistakes? Adding to these concerns, infrastructure outsourcers are notoriously difficult to replace given the dependencies that such relationships create. Technical and Business Risks of a Do-It- Yourself SSL Security Strategy In addition to all the “hard” costs an organization may accrue with self-signed SSL certificates, it also faces increased operational risks. Although difficult to quantify, these dangers can add up to substantial expenses if not mitigated. Some of these risks are technical, including the potential for security breaches that can happen at both ends of the encryption/ decryption process if the environment is not secured properly. In addition, it is extremely difficult to revoke certificates in unmanaged, self-signed certificate schemes. Business risks are arguably even more serious than technical ones. Most of these perils involve building trust with customers and end users. Trust is critical for any web-based transaction, whether it’s online banking or uploading personally identifiable information to an internal employee portal. Although the true value of trust is difficult to quantify, not winning the trust of potential customers could be disastrous to revenues. For an internal site, like an HR portal, a lack of trust among employees – who might wonder if their salary histories and other personal data are truly secure – could impact worker morale and productivity. Another factor to consider is the warranty protection that a third-party SSL vendor can provide. These warranties can range anywhere from $10,000 to $750,000 (or more) and are meant to compensate a business if a data breach occurs. Self-signed certificates do not provide warranty guarantees. In addition, a risk of using self-signed certificates internally is that, over time, employees may start to ignore security warnings given by their browsers and begin to add untrusted certificates to their browsers’ store of trusted certificates. Not only can this potentially compromise internal networks and systems, but it can also create a lax attitude toward security across the organization and undermine general policies meant to safeguard internal systems. Finally, with self-signed certificates, organizations are also more at risk of Advanced Persistent Threats (APTs), or attacks with multiple attack vectors, because of the security processes and measures that third-party CAs put into place that are often lacking with internal CAs. For example, the server that the CA is stored and run from might be attached to the same network as other systems, with no additional physical security boundaries. Internal CAs often don’t have biometric access control for the use of the root key that is used to generate certificates. All of this adds up to lower security and less due-diligence in the way certificates are issued. In short, organizations operate under a false sense of security. Adding Up the Overall Total Cost of Ownership (TCO) There are numerous components that make up a strong, reliable SSL security infrastructure. Here is a quick, side-by- side comparison of the costs associated with self-signed SSL Certificates and SSL certificates provided by Thawte, a leading provider of SSL security: Self-Signed Certificates (annually) SSL Certificates from Thawte3 SSL certificates No additional cost $87 - $227/certificate Replicated data center facilities $24,000 - $240,000 Included Hardware Security Modules (HSMs) and related software and maintenance fees $26,000 - $60,000 Included Management/personnel costs $100,000 full-time equivalent employee Included TOTAL $150,000 - $400,000 annually $88,000 - $230,000 (assuming 1000 certificates) 3 Annual costs based on 1,000 SSL certificates given Thawte prices as of June 2012. Prices subject to change without notice.
  • 6. 6 © 2013 Thawte, Inc. All rights reserved. Thawte, the thawte logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Thawte, Inc. and its subsidiaries and affiliates in the United States and in foreign countries. All other trademarks are property of their respective owners. When all of the costs are totaled, self-signed certificates are clearly the more expensive security option, by hundreds of thousands of dollars annually. Working with a reputable CA like Thawte means that an organization can not only save money, but can also enjoy the peace of mind that comes with knowing its SSL security is backed by the expertise and resources of one of the world’s most trusted security companies. Conclusion Although many IT professionals believe that using self-signed SSL certificates can help their organizations lower security costs, the real numbers tell a different story. From data center infrastructure and physical security, to the hardware and software required for the PKI SSL system, to the personnel needed to manage the certificate lifecycle, the true costs of self-signed SSL security can become very expensive, very fast. Both external- and internal-facing sites need strong SSL protection, and working with a reputable third-party provider like Thawte is the easiest, most cost-effective way to protect customers and other stakeholders with best-in-class SSL security. With Thawte SSL Certificates, organizations of any size can afford to secure their sites and protect their reputations without breaking their bottom lines. • Via phone –– US toll-free: +1 888 484 2983 –– UK: +44 203 450 5486 –– South Africa: +27 21 819 2800 –– Germany: +49 69 3807 89081 –– France: +33 1 57 32 42 68 • Email sales@thawte.com • Visit our website at https://www.thawte.com/log-in To learn more, contact our sales advisors: Protect your business and translate trust to your customers with high- assurance digital certificates from Thawte, the world’s first international specialist in online security. Backed by a 17-year track record of stability and reliability, a proven infrastructure, and world-class customer support, Thawte is the international partner of choice for businesses worldwide.