During the week of 14 March, GlobalSign performed at World Hosting Days (also known as WHD Global) in Rust, Germany. The event includes many of our current and future partners and customers in the hosting and cloud industries. This, combined with great networking possibilities, makes it a valuable event to take place each year.
Over the past years we saw an increasing demand for large scale deployment of SSL certificates. Many hosting, cloud and SaaS providers are now exploring the benefits of improved privacy and security, performance and SEO that you get for free when running a website over HTTPS. The most frequently asked questions were around dynamic certificate loading using TLS sessions in web hosting clusters and full automation.
We were pleased to see the presence of many of our peers.
In conversation with them we found that they are starting to see more requests for EV SSL certificates from their end customers. This is partly due to greater market awareness, with customers now recognizing the benefits of differentiating themselves from multiple websites secured with an automated, but limited domain valid SSL certificate.
Encryption by default drive differentiation via EV SSL certificate
In my presentation on Wednesday 16 March, encrypting the entire Internet, adopting the “Secure Everything” ethos, we had a quick glance beyond standard website security.
Websites are Internet services that we all use on a daily basis, but we may not even realize that we use the Internet to the extent that we do. By sending email communications, listening to music, turning on lights, or even changing the temperature. The devices we use in our daily lives are all interconnected and we should not forget the security impact.
To use devices safely within the Internet of Things,
strong authenticated end-to-end encryption is critical. Essentially cloud and SaaS providers will participate in the IoT delivery chain, but what does this mean for them? When encrypting the entire Internet, different solutions are required and millions of certificates need to be issued in a short period of time. At GlobalSign we are ready for our high volume certificate services, but the question is you?
By default encryption is beyond websites
While at WHD, we also decided to run some Twitter polls to see how businesses are reacting to the changing market. In the first two questions we asked businesses how many of their end customers were registered businesses. This is important for a changing market because the Domain Validated (DV) SSL certificate is the same type of certificate that you can purchase to prove unregistered trading.
When some of our customers are asked about the market, they often tell us that they would like to see an increase in Extended Validation (EV) or Organization Valid (OV) SSL certificates, but this is difficult to obtain due to their many customers Did not register their businesses.
How do we check online security?
We also asked Twitter users what activity they felt was most important to ensure data security. Interestingly most of the respondents stated that checking websites for HTTPS was the most important for them. Perhaps this says a lot about the education of the public, as encryption for emails and signing documents was surprisingly no less important. More often than not, it is actually emails and documents that contain the most sensitive information for people and businesses alike.
We asked a similar question in a research survey for WHD attendees that we ran during the event.
In this question we asked them to explain what activities they participate in to ensure personal data security. Similar to our Twitter poll, respondents felt that checking a website was the most common way for HTTPS to ensure security. Encryption of emails and signing emails came down the list, followed by two-factor authentication, followed by signature codes on documents after signing.
Stronger website security and data protection require more education
We found that the biggest challenge facing attendees in offering encryption solutions to customers is customer education (38%). Presumably in giving OV or EV SSL certificates to existing DV SSL certificate customers, the biggest challenge is that customers do not see the added value. It seems that 43% of participants who sell encryption solutions also find that customers are never concerned with encryption unless something really happens to them.
All these responses told me that there is a lack of education among end-users. It seems that users do not understand the level difference of certificates and are not prepared to protect their data unless something happens to them. At this stage, it is already too late, as data has been stolen and their brand is possibly underutilized.