how to be trusted in 2017

#BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted 1

How to Be Trusted in 2017 Three Big Questions to Address, Now

Dean Coclin Chairman Emeritus, CA/Browser Forum

Jeff Barto Trust Strategist & Web Security Advocate, Symantec

Tips for Your Success

•  The live webinar is being recorded for on-demand access. We’ll provide webinar slides as an attachment to download.

•  Submit questions during the live webinar and we’ll respond during the live Q&A segment.


Contribute to and follow the conversation on Twitter with this hashtag; we’re listening:

#BeTrusted2017

Agenda

•  Introductions

•  Three Big Questions:

1.  What browser changes start rolling out in January 2017?

2.  Why are these browser changes happening?

3.  How do we prepare now to be trusted in 2017?

•  Q&A


Today’s Presenters


Jeff Barto Trust Strategist & Web Security

Advocate, Symantec

Dean Coclin Chairman Emeritus, CA/

Browser Forum, Symantec


What browser changes start rolling out in January 2017?

in January 2017 with browser changes?

#1


Starting January 2017, Browsers Will Warn Users of Non-HTTPS Connections

Chrome plans to warn users when pages are insecure (non-https),

and will warn if an insecure page asks for a password or credit card

with words “Not Secure”

Firefox plans a similar warning for sites requiring passwords

Both will quickly transition to a more noticeable red triangle and “Not Secure”

warnings for ALL non-https websites


Chrome Warnings and User Experience

Treatment of HTTP pages withpassword or credit card form fields:

Current (Chrome 53) login.example.com

Jan. 2017 (Chrome 56) login.example.comNot secure

Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html


Firefox Warnings and User Experience

When passwords are requested over http:

http-password.badssl.com

DevEdition 46+

http-password.badssl.com

DevEdition 45

Source: https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please


HTTPS Coming to a Domain Near You

CA Security Blog Post, Nov. 21, 2016: https://casecurity.org/2016/11/21/the-web-is-moving-from-http-to-https/ Gov.UK website: https://www.gov.uk/service-manual/technology/using-https


Powerful Features Only with HTTPS


Why are these browser changes happening?

#2

Cybercriminals Are Hurting Businesses and Consumers Worldwide


Source: Symantec Website Security Threat Report, 2016 https://www.symantec.com/security-center/threat-report

Trust Indicators Need to Become More Intuitive


Symbols That Are Consistent, Universal, Global

No Learning Curve!

Inconsistency Across Browsers


People Want Simple, Trustworthy User Experiences that Convey “It’s Safe Here”


Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available to download at Go.Symantec.com/Be-Trusted

Related Predictions


Certificate usage will continue to grow! 9 - 12 Million in 12 months

Fueled by https initiatives (search ranks, powerful features, negative browser UI)

SNI servers will show increased growth

SHA-1 usage will decline dramatically

(and so will XP!)

Phishing using DV certs will continue to increase

Chrome will be on the bleeding edge of changes

and enforcements


How do we prepare now to be trusted in 2017?

#3

Apply Our ‘Be Trusted Framework’

Credibility Control Performance Elevate your search ranking with a more trustworthy presence via site-wide HTTPS encryption

Maintain user experience control by preventing ISPs and Wi-Fi hot spots from inserting ads on your web pages

Ad injections are not optimized for load time which will slow down HTTP sites

Demonstrate your organization’s legitimacy by using OV & EV certificates

Eliminate vulnerabilities, malware, and other breach risks

Get HTTP2’s performance enhancements – only available to secured websites

Give consumers more confidence with the Norton Secure seal – on the first and every page your visitors see

Maintain brand reputation and convey digital business trustworthiness

Deploy certificates which use ECC algorithm – to mitigate and lessen computational overhead


Start with Encryption …

•  On every page requiring a password or allowing payments: –  Invoke HTTPS –  Deploy SSL on servers delivering

those pages and content

•  Form and embark on your plan to move to SSL/HTTPS site-wide


… then Go Beyond Encryption

Authentication

Validation

Be Trusted


Simple Website Security Math

Make the Right Choice


Excerpt from ‘Why Website Security That’s Good Enough Soon Won’t Be’ is available for download at Go.Symantec.com/Be-Trusted

Research Illustrates the Value of Trust


23 #BeTrusted2017 | More Resources: https://go.symantec.com/be-trusted

https://go.symantec.com/be-trusted

Let’s Answer Your Questions

Visit Our Content Hub


https://go.symantec.com/be-trusted

•  Get complimentary best practices and How-To info

•  Participate in live discussions and webinars

•  Read and share blogs from our website security experts

•  Choose and purchase SSL/TLS certificates that are right for your organization

how to be trusted in 2017

Internet