How to be trusted in 2017
1 like372 views
The document discusses webinar insights on browser changes starting January 2017, specifically the warnings for non-https connections to enhance security. It emphasizes the importance of transitioning to https to build trust, as cybercriminal activities threaten both businesses and consumers. The recommended preparation involves applying a 'be trusted framework' characterized by credibility and security enhancements.
How to be trusted in 2017
- 1. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1 How to Be Trusted in 2017 Three Big Questions to Address, Now Dean Coclin Chairman Emeritus, CA/Browser Forum Jeff Barto Trust Strategist & Web Security Advocate, Symantec
- 2. Tips for Your Success • The live webinar is being recorded for on-demand access. We’ll provide webinar slides as an attachment to download. • Submit questions during the live webinar and we’ll respond during the live Q&A segment. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 2 Contribute to and follow the conversation on Twitter with this hashtag; we’re listening: #BeTrusted2017
- 3. Agenda • Introductions • Three Big Questions: 1. What browser changes start rolling out in January 2017? 2. Why are these browser changes happening? 3. How do we prepare now to be trusted in 2017? • Q&A #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 3
- 4. Today’s Presenters #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 4 Jeff Barto Trust Strategist & Web Security Advocate, Symantec Dean Coclin Chairman Emeritus, CA/ Browser Forum, Symantec
- 5. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 5 What browser changes start rolling out in January 2017? in January 2017 with browser changes? #1
- 6. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 6 Starting January 2017, Browsers Will Warn Users of Non-HTTPS Connections Chrome plans to warn users when pages are insecure (non-https), and will warn if an insecure page asks for a password or credit card with words “Not Secure” Firefox plans a similar warning for sites requiring passwords Both will quickly transition to a more noticeable red triangle and “Not Secure” warnings for ALL non-https websites
- 7. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 7 Chrome Warnings and User Experience Treatment of HTTP pages with password or credit card form fields: Current (Chrome 53) login.example.com Jan. 2017 (Chrome 56) login.example.comNot secure Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
- 8. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 8 Firefox Warnings and User Experience When passwords are requested over http: http-password.badssl.com DevEdition 46+ http-password.badssl.com DevEdition 45 Source: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please
- 9. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 9 HTTPS Coming to a Domain Near You CA Security Blog Post, Nov. 21, 2016: https://casecurity.org/2016/11/21/the- web-is-moving-from-http-to-https/ Gov.UK website: https://www.gov.uk/service-manual/ technology/using-https
- 10. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 10 Powerful Features Only with HTTPS
- 11. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 11 Why are these browser changes happening? #2
- 12. Cybercriminals Are Hurting Businesses and Consumers Worldwide #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 12 Source: Symantec Website Security Threat Report, 2016 https://www.symantec.com/security-center/threat-report
- 13. Trust Indicators Need to Become More Intuitive #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 13 Symbols That Are Consistent, Universal, Global No Learning Curve!
- 14. Inconsistency Across Browsers #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 14
- 15. People Want Simple, Trustworthy User Experiences that Convey “It’s Safe Here” #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 15 Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available to download at Go.Symantec.com/Be-Trusted
- 16. Related Predictions #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 16 Certificate usage will continue to grow! 9 - 12 Million in 12 months Fueled by https initiatives (search ranks, powerful features, negative browser UI) SNI servers will show increased growth SHA-1 usage will decline dramatically (and so will XP!) Phishing using DV certs will continue to increase Chrome will be on the bleeding edge of changes and enforcements
- 17. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 17 How do we prepare now to be trusted in 2017? #3
- 18. Apply Our ‘Be Trusted Framework’ Credibility Control Performance Elevate your search ranking with a more trustworthy presence via site-wide HTTPS encryption Maintain user experience control by preventing ISPs and Wi-Fi hot spots from inserting ads on your web pages Ad injections are not optimized for load time which will slow down HTTP sites Demonstrate your organization’s legitimacy by using OV & EV certificates Eliminate vulnerabilities, malware, and other breach risks Get HTTP2’s performance enhancements – only available to secured websites Give consumers more confidence with the Norton Secure seal – on the first and every page your visitors see Maintain brand reputation and convey digital business trustworthiness Deploy certificates which use ECC algorithm – to mitigate and lessen computational overhead #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 18
- 19. Start with Encryption … • On every page requiring a password or allowing payments: – Invoke HTTPS – Deploy SSL on servers delivering those pages and content • Form and embark on your plan to move to SSL/HTTPS site-wide #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 19
- 20. … then Go Beyond Encryption Authentication Validation Be Trusted #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 20 Simple Website Security Math
- 21. Make the Right Choice #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 21 Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available for download at Go.Symantec.com/Be-Trusted
- 22. Research Illustrates the Value of Trust #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 22
- 23. 23#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted https://go.symantec.com/be-trusted Let’s Answer Your Questions
- 24. Visit Our Content Hub #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 24 https://go.symantec.com/be-trusted • Get complimentary best practices and How-To info • Participate in live discussions and webinars • Read and share blogs from our website security experts • Choose and purchase SSL/ TLS certificates that are right for your organization