How to be trusted in 2017
- 1. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1
How to Be Trusted in 2017
Three Big Questions to Address, Now
Dean Coclin
Chairman Emeritus,
CA/Browser Forum
Jeff Barto
Trust Strategist & Web
Security Advocate, Symantec
- 2. Tips for Your Success
• The live webinar is being recorded for on-demand access. We’ll
provide webinar slides as an attachment to download.
• Submit questions during the live webinar and we’ll respond
during the live Q&A segment.
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 2
Contribute to and follow the conversation on
Twitter with this hashtag; we’re listening:
#BeTrusted2017
- 3. Agenda
• Introductions
• Three Big Questions:
1. What browser changes start rolling out in January 2017?
2. Why are these browser changes happening?
3. How do we prepare now to be trusted in 2017?
• Q&A
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 3
- 4. Today’s Presenters
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 4
Jeff Barto
Trust Strategist & Web Security
Advocate, Symantec
Dean Coclin
Chairman Emeritus, CA/
Browser Forum, Symantec
- 5. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 5
What browser changes start
rolling out in January 2017?
in January 2017 with browser changes?
#1
- 6. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 6
Starting January 2017, Browsers Will Warn
Users of Non-HTTPS Connections
Chrome plans to warn users when
pages are insecure (non-https),
and will warn if an insecure page
asks for a password or credit card
with words “Not Secure”
Firefox plans a similar warning
for sites requiring passwords
Both will quickly transition to a more
noticeable red triangle and “Not Secure”
warnings for ALL non-https websites
- 7. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 7
Chrome Warnings and User Experience
Treatment of HTTP pages with
password or credit card form fields:
Current (Chrome 53) login.example.com
Jan. 2017 (Chrome 56) login.example.comNot secure
Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
- 8. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 8
Firefox Warnings and User Experience
When passwords are requested over http:
http-password.badssl.com
DevEdition 46+
http-password.badssl.com
DevEdition 45
Source: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please
- 9. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 9
HTTPS Coming to a Domain Near You
CA Security Blog Post, Nov. 21, 2016:
https://casecurity.org/2016/11/21/the-
web-is-moving-from-http-to-https/
Gov.UK website:
https://www.gov.uk/service-manual/
technology/using-https
- 10. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 10
Powerful Features Only with HTTPS
- 11. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 11
Why are these browser
changes happening?
#2
- 12. Cybercriminals Are Hurting Businesses and
Consumers Worldwide
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 12
Source: Symantec Website Security Threat Report, 2016
https://www.symantec.com/security-center/threat-report
- 13. Trust Indicators Need to Become More Intuitive
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 13
Symbols That Are Consistent, Universal, Global
No Learning Curve!
- 15. People Want Simple, Trustworthy User
Experiences that Convey “It’s Safe Here”
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 15
Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’
is available to download at Go.Symantec.com/Be-Trusted
- 16. Related Predictions
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 16
Certificate usage will continue to
grow! 9 - 12 Million in 12 months
Fueled by https initiatives (search ranks,
powerful features, negative browser UI)
SNI servers will show
increased growth
SHA-1 usage will
decline dramatically
(and so will XP!)
Phishing using DV certs
will continue to increase
Chrome will be on the
bleeding edge of changes
and enforcements
- 17. #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 17
How do we prepare now
to be trusted in 2017?
#3
- 18. Apply Our ‘Be Trusted Framework’
Credibility Control Performance
Elevate your search
ranking with a more
trustworthy presence via
site-wide HTTPS
encryption
Maintain user experience
control by preventing ISPs
and Wi-Fi hot spots from
inserting ads on your web
pages
Ad injections are not
optimized for load time
which will slow down HTTP
sites
Demonstrate your
organization’s legitimacy by
using OV & EV certificates
Eliminate vulnerabilities,
malware, and other breach
risks
Get HTTP2’s performance
enhancements – only
available to secured
websites
Give consumers more
confidence with the Norton
Secure seal – on the first
and every page your
visitors see
Maintain brand reputation
and convey digital business
trustworthiness
Deploy certificates which
use ECC algorithm – to
mitigate and lessen
computational overhead
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 18
- 19. Start with Encryption …
• On every page requiring a
password or allowing payments:
– Invoke HTTPS
– Deploy SSL on servers delivering
those pages and content
• Form and embark on your plan to
move to SSL/HTTPS site-wide
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 19
- 20. … then Go Beyond
Encryption
Authentication
Validation
Be
Trusted
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 20
Simple Website Security Math
- 21. Make the Right Choice
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 21
Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’
is available for download at Go.Symantec.com/Be-Trusted
- 23. 23#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted
https://go.symantec.com/be-trusted
Let’s Answer Your Questions
- 24. Visit Our Content Hub
#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 24
https://go.symantec.com/be-trusted
• Get complimentary best
practices and How-To info
• Participate in live
discussions and webinars
• Read and share blogs from
our website security experts
• Choose and purchase SSL/
TLS certificates that are
right for your organization