SlideShare a Scribd company logo

How to be trusted in 2017

Zeev Shetach
Zeev Shetach

A Symantec webinar about the changes on browsers that will happen in January and how not to suffer from them!

Related slideshows

Html5 security
Html5 securityHtml5 security
Html5 security
 
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
 
Sucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get Hacked
 
1 of 24
Download to read offline
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1 How to Be Trusted in 2017 Three Big Questions to Address, Now Dean Coclin Chairman Emeritus, CA/Browser Forum Jeff Barto Trust Strategist & Web Security Advocate, Symantec
Tips for Your Success •  The live webinar is being recorded for on-demand access. We’ll provide webinar slides as an attachment to download. •  Submit questions during the live webinar and we’ll respond during the live Q&A segment. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 2 Contribute to and follow the conversation on Twitter with this hashtag; we’re listening: #BeTrusted2017
Agenda •  Introductions •  Three Big Questions: 1.  What browser changes start rolling out in January 2017? 2.  Why are these browser changes happening? 3.  How do we prepare now to be trusted in 2017? •  Q&A #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 3
Today’s Presenters #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 4 Jeff Barto Trust Strategist & Web Security Advocate, Symantec Dean Coclin Chairman Emeritus, CA/ Browser Forum, Symantec
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 5 What browser changes start rolling out in January 2017? in January 2017 with browser changes? #1
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 6 Starting January 2017, Browsers Will Warn Users of Non-HTTPS Connections Chrome plans to warn users when pages are insecure (non-https), and will warn if an insecure page asks for a password or credit card with words “Not Secure” Firefox plans a similar warning for sites requiring passwords Both will quickly transition to a more noticeable red triangle and “Not Secure” warnings for ALL non-https websites
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 7 Chrome Warnings and User Experience Treatment of HTTP pages with password or credit card form fields: Current (Chrome 53) login.example.com Jan. 2017 (Chrome 56) login.example.comNot secure Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 8 Firefox Warnings and User Experience When passwords are requested over http: http-password.badssl.com DevEdition 46+ http-password.badssl.com DevEdition 45 Source: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 9 HTTPS Coming to a Domain Near You CA Security Blog Post, Nov. 21, 2016: https://casecurity.org/2016/11/21/the- web-is-moving-from-http-to-https/ Gov.UK website: https://www.gov.uk/service-manual/ technology/using-https
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 10 Powerful Features Only with HTTPS
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 11 Why are these browser changes happening? #2
Cybercriminals Are Hurting Businesses and Consumers Worldwide #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 12 Source: Symantec Website Security Threat Report, 2016 https://www.symantec.com/security-center/threat-report
Trust Indicators Need to Become More Intuitive #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 13 Symbols That Are Consistent, Universal, Global No Learning Curve!
Inconsistency Across Browsers #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 14
People Want Simple, Trustworthy User Experiences that Convey “It’s Safe Here” #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 15 Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available to download at Go.Symantec.com/Be-Trusted
Related Predictions #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 16 Certificate usage will continue to grow! 9 - 12 Million in 12 months Fueled by https initiatives (search ranks, powerful features, negative browser UI) SNI servers will show increased growth SHA-1 usage will decline dramatically (and so will XP!) Phishing using DV certs will continue to increase Chrome will be on the bleeding edge of changes and enforcements
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 17 How do we prepare now to be trusted in 2017? #3
Apply Our ‘Be Trusted Framework’ Credibility Control Performance Elevate your search ranking with a more trustworthy presence via site-wide HTTPS encryption Maintain user experience control by preventing ISPs and Wi-Fi hot spots from inserting ads on your web pages Ad injections are not optimized for load time which will slow down HTTP sites Demonstrate your organization’s legitimacy by using OV & EV certificates Eliminate vulnerabilities, malware, and other breach risks Get HTTP2’s performance enhancements – only available to secured websites Give consumers more confidence with the Norton Secure seal – on the first and every page your visitors see Maintain brand reputation and convey digital business trustworthiness Deploy certificates which use ECC algorithm – to mitigate and lessen computational overhead #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 18
Start with Encryption … •  On every page requiring a password or allowing payments: –  Invoke HTTPS –  Deploy SSL on servers delivering those pages and content •  Form and embark on your plan to move to SSL/HTTPS site-wide #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 19
… then Go Beyond Encryption Authentication Validation Be Trusted #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 20 Simple Website Security Math
Make the Right Choice #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 21 Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available for download at Go.Symantec.com/Be-Trusted
Research Illustrates the Value of Trust #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 22
23#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted https://go.symantec.com/be-trusted Let’s Answer Your Questions
Visit Our Content Hub #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 24 https://go.symantec.com/be-trusted •  Get complimentary best practices and How-To info •  Participate in live discussions and webinars •  Read and share blogs from our website security experts •  Choose and purchase SSL/ TLS certificates that are right for your organization

More Related Content

How to be trusted in 2017

  • 1. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1 How to Be Trusted in 2017 Three Big Questions to Address, Now Dean Coclin Chairman Emeritus, CA/Browser Forum Jeff Barto Trust Strategist & Web Security Advocate, Symantec
  • 2. Tips for Your Success •  The live webinar is being recorded for on-demand access. We’ll provide webinar slides as an attachment to download. •  Submit questions during the live webinar and we’ll respond during the live Q&A segment. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 2 Contribute to and follow the conversation on Twitter with this hashtag; we’re listening: #BeTrusted2017
  • 3. Agenda •  Introductions •  Three Big Questions: 1.  What browser changes start rolling out in January 2017? 2.  Why are these browser changes happening? 3.  How do we prepare now to be trusted in 2017? •  Q&A #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 3
  • 4. Today’s Presenters #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 4 Jeff Barto Trust Strategist & Web Security Advocate, Symantec Dean Coclin Chairman Emeritus, CA/ Browser Forum, Symantec
  • 5. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 5 What browser changes start rolling out in January 2017? in January 2017 with browser changes? #1
  • 6. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 6 Starting January 2017, Browsers Will Warn Users of Non-HTTPS Connections Chrome plans to warn users when pages are insecure (non-https), and will warn if an insecure page asks for a password or credit card with words “Not Secure” Firefox plans a similar warning for sites requiring passwords Both will quickly transition to a more noticeable red triangle and “Not Secure” warnings for ALL non-https websites
  • 7. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 7 Chrome Warnings and User Experience Treatment of HTTP pages with password or credit card form fields: Current (Chrome 53) login.example.com Jan. 2017 (Chrome 56) login.example.comNot secure Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
  • 8. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 8 Firefox Warnings and User Experience When passwords are requested over http: http-password.badssl.com DevEdition 46+ http-password.badssl.com DevEdition 45 Source: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please
  • 9. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 9 HTTPS Coming to a Domain Near You CA Security Blog Post, Nov. 21, 2016: https://casecurity.org/2016/11/21/the- web-is-moving-from-http-to-https/ Gov.UK website: https://www.gov.uk/service-manual/ technology/using-https
  • 10. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 10 Powerful Features Only with HTTPS
  • 11. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 11 Why are these browser changes happening? #2
  • 12. Cybercriminals Are Hurting Businesses and Consumers Worldwide #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 12 Source: Symantec Website Security Threat Report, 2016 https://www.symantec.com/security-center/threat-report
  • 13. Trust Indicators Need to Become More Intuitive #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 13 Symbols That Are Consistent, Universal, Global No Learning Curve!
  • 14. Inconsistency Across Browsers #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 14
  • 15. People Want Simple, Trustworthy User Experiences that Convey “It’s Safe Here” #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 15 Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available to download at Go.Symantec.com/Be-Trusted
  • 16. Related Predictions #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 16 Certificate usage will continue to grow! 9 - 12 Million in 12 months Fueled by https initiatives (search ranks, powerful features, negative browser UI) SNI servers will show increased growth SHA-1 usage will decline dramatically (and so will XP!) Phishing using DV certs will continue to increase Chrome will be on the bleeding edge of changes and enforcements
  • 17. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 17 How do we prepare now to be trusted in 2017? #3
  • 18. Apply Our ‘Be Trusted Framework’ Credibility Control Performance Elevate your search ranking with a more trustworthy presence via site-wide HTTPS encryption Maintain user experience control by preventing ISPs and Wi-Fi hot spots from inserting ads on your web pages Ad injections are not optimized for load time which will slow down HTTP sites Demonstrate your organization’s legitimacy by using OV & EV certificates Eliminate vulnerabilities, malware, and other breach risks Get HTTP2’s performance enhancements – only available to secured websites Give consumers more confidence with the Norton Secure seal – on the first and every page your visitors see Maintain brand reputation and convey digital business trustworthiness Deploy certificates which use ECC algorithm – to mitigate and lessen computational overhead #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 18
  • 19. Start with Encryption … •  On every page requiring a password or allowing payments: –  Invoke HTTPS –  Deploy SSL on servers delivering those pages and content •  Form and embark on your plan to move to SSL/HTTPS site-wide #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 19
  • 20. … then Go Beyond Encryption Authentication Validation Be Trusted #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 20 Simple Website Security Math
  • 21. Make the Right Choice #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 21 Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available for download at Go.Symantec.com/Be-Trusted
  • 22. Research Illustrates the Value of Trust #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 22
  • 23. 23#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted https://go.symantec.com/be-trusted Let’s Answer Your Questions
  • 24. Visit Our Content Hub #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 24 https://go.symantec.com/be-trusted •  Get complimentary best practices and How-To info •  Participate in live discussions and webinars •  Read and share blogs from our website security experts •  Choose and purchase SSL/ TLS certificates that are right for your organization