Top Banner
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1 How to Be Trusted in 2017 Three Big Questions to Address, Now Dean Coclin Chairman Emeritus, CA/Browser Forum Jeff Barto Trust Strategist & Web Security Advocate, Symantec
24

How to be trusted in 2017

Jan 15, 2017

Download

Internet

Zeev Shetach
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1

How to Be Trusted in 2017 Three Big Questions to Address, Now

Dean Coclin Chairman Emeritus, CA/Browser Forum

Jeff Barto Trust Strategist & Web Security Advocate, Symantec

Page 2: How to be trusted in 2017

Tips for Your Success

•  The live webinar is being recorded for on-demand access. We’ll provide webinar slides as an attachment to download.

•  Submit questions during the live webinar and we’ll respond during the live Q&A segment.

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 2

Contribute to and follow the conversation on Twitter with this hashtag; we’re listening:

#BeTrusted2017

Page 3: How to be trusted in 2017

Agenda

•  Introductions

•  Three Big Questions:

1.  What browser changes start rolling out in January 2017?

2.  Why are these browser changes happening?

3.  How do we prepare now to be trusted in 2017?

•  Q&A

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 3

Page 4: How to be trusted in 2017

Today’s Presenters

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 4

Jeff Barto Trust Strategist & Web Security

Advocate, Symantec

Dean Coclin Chairman Emeritus, CA/

Browser Forum, Symantec

Page 5: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 5

What browser changes start rolling out in January 2017?

in January 2017 with browser changes?

#1

Page 6: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 6

Starting January 2017, Browsers Will Warn Users of Non-HTTPS Connections

Chrome plans to warn users when pages are insecure (non-https),

and will warn if an insecure page asks for a password or credit card

with words “Not Secure”

Firefox plans a similar warning for sites requiring passwords

Both will quickly transition to a more noticeable red triangle and “Not Secure”

warnings for ALL non-https websites

Page 7: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 7

Chrome Warnings and User Experience

Treatment of HTTP pages withpassword or credit card form fields:

Current (Chrome 53) login.example.com

Jan. 2017 (Chrome 56) login.example.comNot secure

Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

Page 8: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 8

Firefox Warnings and User Experience

When passwords are requested over http:

http-password.badssl.com

DevEdition 46+

http-password.badssl.com

DevEdition 45

Source: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please

Page 9: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 9

HTTPS Coming to a Domain Near You

CA Security Blog Post, Nov. 21, 2016: https://casecurity.org/2016/11/21/the-web-is-moving-from-http-to-https/ Gov.UK website: https://www.gov.uk/service-manual/technology/using-https

Page 10: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 10

Powerful Features Only with HTTPS

Page 11: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 11

Why are these browser changes happening?

#2

Page 12: How to be trusted in 2017

Cybercriminals Are Hurting Businesses and Consumers Worldwide

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 12

Source: Symantec Website Security Threat Report, 2016 https://www.symantec.com/security-center/threat-report

Page 13: How to be trusted in 2017

Trust Indicators Need to Become More Intuitive

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 13

Symbols That Are Consistent, Universal, Global

No Learning Curve!

Page 14: How to be trusted in 2017

Inconsistency Across Browsers

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 14

Page 15: How to be trusted in 2017

People Want Simple, Trustworthy User Experiences that Convey “It’s Safe Here”

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 15

Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available to download at Go.Symantec.com/Be-Trusted

Page 16: How to be trusted in 2017

Related Predictions

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 16

Certificate usage will continue to grow! 9 - 12 Million in 12 months

Fueled by https initiatives (search ranks, powerful features, negative browser UI)

SNI servers will show increased growth

SHA-1 usage will decline dramatically

(and so will XP!)

Phishing using DV certs will continue to increase

Chrome will be on the bleeding edge of changes

and enforcements

Page 17: How to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 17

How do we prepare now to be trusted in 2017?

#3

Page 18: How to be trusted in 2017

Apply Our ‘Be Trusted Framework’

Credibility Control Performance Elevate your search ranking with a more trustworthy presence via site-wide HTTPS encryption

Maintain user experience control by preventing ISPs and Wi-Fi hot spots from inserting ads on your web pages

Ad injections are not optimized for load time which will slow down HTTP sites

Demonstrate your organization’s legitimacy by using OV & EV certificates

Eliminate vulnerabilities, malware, and other breach risks

Get HTTP2’s performance enhancements – only available to secured websites

Give consumers more confidence with the Norton Secure seal – on the first and every page your visitors see

Maintain brand reputation and convey digital business trustworthiness

Deploy certificates which use ECC algorithm – to mitigate and lessen computational overhead

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 18

Page 19: How to be trusted in 2017

Start with Encryption …

•  On every page requiring a password or allowing payments: –  Invoke HTTPS –  Deploy SSL on servers delivering

those pages and content

•  Form and embark on your plan to move to SSL/HTTPS site-wide

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 19

Page 20: How to be trusted in 2017

… then Go Beyond Encryption

Authentication

Validation

Be Trusted

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 20

Simple Website Security Math

Page 21: How to be trusted in 2017

Make the Right Choice

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 21

Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available for download at Go.Symantec.com/Be-Trusted

Page 22: How to be trusted in 2017

Research Illustrates the Value of Trust

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 22

Page 23: How to be trusted in 2017

23 #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted

https://go.symantec.com/be-trusted

Let’s Answer Your Questions

Page 24: How to be trusted in 2017

Visit Our Content Hub

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 24

https://go.symantec.com/be-trusted

•  Get complimentary best practices and How-To info

•  Participate in live discussions and webinars

•  Read and share blogs from our website security experts

•  Choose and purchase SSL/TLS certificates that are right for your organization


Related Documents
Can google-be-trusted-spanish

Can google-be-trusted-spanish

Category: Documents
How to Hack B1 Trusted Operating Systems

How to Hack B1 Trusted Operating Systems

Category: Documents
How to Build a Trusted Database System on Untrusted Storage

How to Build a Trusted Database System on Untrusted Storage

Category: Documents
To be a trusted source of information and entertainment To ... be a trusted source of information and entertainment ... small staff it’s impossible for us to be everywhere at once,

To be a trusted source of information and entertainment To.....

Category: Documents
SlideBatch - Be a Trusted Resource

SlideBatch - Be a Trusted Resource

Category: Business
How to add *.intertekconnect.com to the Trusted Sites List ... · How to add *.intertekconnect.com to the Trusted Sites List To add *.intertekconnect.com to the Trusted Sites Lists:

How to add *.intertekconnect.com to the Trusted Sites List.....

Category: Documents
Can Crompton be trusted with Hillsborough criminal enquiries?

Can Crompton be trusted with Hillsborough criminal...

Category: Documents
Can media be trusted?

Can media be trusted?

Category: Education
Proud to be the trusted source of quality IT researchstatic.infotech.com/corporate/vendor_comp_method.pdf · Proud to be the trusted source of quality IT research for 21,000+ IT professionals

Proud to be the trusted source of quality IT...

Category: Documents
Pray the Gospel with Luketalltrees.yolasite.com/resources/Praying_Luke/Pray the Gospel with Luke.pdfour thinking of crazy miraculous prayers, you can be trusted. You must be trusted.

Pray the Gospel with...

Category: Documents
Why Data Centers Need to be Trusted Advisors (SlideShare)

Why Data Centers Need to be Trusted Advisors (SlideShare)

Category: Technology
IDC, Social Buying Meets Social Selling: How Trusted Networks ...

IDC, Social Buying Meets Social Selling: How Trusted...

Category: Documents