Upload
zeev-shetach
View
112
Download
1
Embed Size (px)
Citation preview
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1
How to Be Trusted in 2017 Three Big Questions to Address, Now
Dean Coclin Chairman Emeritus, CA/Browser Forum
Jeff Barto Trust Strategist & Web Security Advocate, Symantec
Tips for Your Success
• The live webinar is being recorded for on-demand access. We’ll provide webinar slides as an attachment to download.
• Submit questions during the live webinar and we’ll respond during the live Q&A segment.
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 2
Contribute to and follow the conversation on Twitter with this hashtag; we’re listening:
#BeTrusted2017
Agenda
• Introductions
• Three Big Questions:
1. What browser changes start rolling out in January 2017?
2. Why are these browser changes happening?
3. How do we prepare now to be trusted in 2017?
• Q&A
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 3
Today’s Presenters
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 4
Jeff Barto Trust Strategist & Web Security
Advocate, Symantec
Dean Coclin Chairman Emeritus, CA/
Browser Forum, Symantec
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 5
What browser changes start rolling out in January 2017?
in January 2017 with browser changes?
#1
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 6
Starting January 2017, Browsers Will Warn Users of Non-HTTPS Connections
Chrome plans to warn users when pages are insecure (non-https),
and will warn if an insecure page asks for a password or credit card
with words “Not Secure”
Firefox plans a similar warning for sites requiring passwords
Both will quickly transition to a more noticeable red triangle and “Not Secure”
warnings for ALL non-https websites
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 7
Chrome Warnings and User Experience
Treatment of HTTP pages withpassword or credit card form fields:
Current (Chrome 53) login.example.com
Jan. 2017 (Chrome 56) login.example.comNot secure
Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 8
Firefox Warnings and User Experience
When passwords are requested over http:
http-password.badssl.com
DevEdition 46+
http-password.badssl.com
DevEdition 45
Source: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 9
HTTPS Coming to a Domain Near You
CA Security Blog Post, Nov. 21, 2016: https://casecurity.org/2016/11/21/the-web-is-moving-from-http-to-https/ Gov.UK website: https://www.gov.uk/service-manual/technology/using-https
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 10
Powerful Features Only with HTTPS
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 11
Why are these browser changes happening?
#2
Cybercriminals Are Hurting Businesses and Consumers Worldwide
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 12
Source: Symantec Website Security Threat Report, 2016 https://www.symantec.com/security-center/threat-report
Trust Indicators Need to Become More Intuitive
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 13
Symbols That Are Consistent, Universal, Global
No Learning Curve!
Inconsistency Across Browsers
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 14
People Want Simple, Trustworthy User Experiences that Convey “It’s Safe Here”
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 15
Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available to download at Go.Symantec.com/Be-Trusted
Related Predictions
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 16
Certificate usage will continue to grow! 9 - 12 Million in 12 months
Fueled by https initiatives (search ranks, powerful features, negative browser UI)
SNI servers will show increased growth
SHA-1 usage will decline dramatically
(and so will XP!)
Phishing using DV certs will continue to increase
Chrome will be on the bleeding edge of changes
and enforcements
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 17
How do we prepare now to be trusted in 2017?
#3
Apply Our ‘Be Trusted Framework’
Credibility Control Performance Elevate your search ranking with a more trustworthy presence via site-wide HTTPS encryption
Maintain user experience control by preventing ISPs and Wi-Fi hot spots from inserting ads on your web pages
Ad injections are not optimized for load time which will slow down HTTP sites
Demonstrate your organization’s legitimacy by using OV & EV certificates
Eliminate vulnerabilities, malware, and other breach risks
Get HTTP2’s performance enhancements – only available to secured websites
Give consumers more confidence with the Norton Secure seal – on the first and every page your visitors see
Maintain brand reputation and convey digital business trustworthiness
Deploy certificates which use ECC algorithm – to mitigate and lessen computational overhead
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 18
Start with Encryption …
• On every page requiring a password or allowing payments: – Invoke HTTPS – Deploy SSL on servers delivering
those pages and content
• Form and embark on your plan to move to SSL/HTTPS site-wide
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 19
… then Go Beyond Encryption
Authentication
Validation
Be Trusted
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 20
Simple Website Security Math
Make the Right Choice
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 21
Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available for download at Go.Symantec.com/Be-Trusted
Research Illustrates the Value of Trust
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 22
23 #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted
https://go.symantec.com/be-trusted
Let’s Answer Your Questions
Visit Our Content Hub
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 24
https://go.symantec.com/be-trusted
• Get complimentary best practices and How-To info
• Participate in live discussions and webinars
• Read and share blogs from our website security experts
• Choose and purchase SSL/TLS certificates that are right for your organization