About Thawte

News

Awareness of keys, certificates, critical to keeping data safe

A serious problem that has recently been exposed among businesses, IT departments, and even end users is that despite all efforts to keep sensitive data safe, often times those mechanisms used to protect information are either unknown or poorly maintained. According to a recent study, simply not knowing about what kinds of encryption keys and certificates are being used could cost companies as much as $398 million.

Serious problem, practical solutions
As businesses and consumers increasingly perform online transactions from computers and mobile devices, trusted cryptographic solutions are necessary in order to transmit data safely.

"We rely on keys and certificates to provide the bedrock of trust for all business and government activities, online and in the cloud. Yet criminals are turning our dependence on these trust instruments against us at an alarming rate," said the Ponemon Institute.

Most enterprises are aware of encryption's importance against malicious attacks. Few, however, keep an accurate inventory of deployed solutions such as SSL certificates. Of the 2,342 companies surveyed, more than half were unaware how many encryption keys and certificates they had. Perhaps not surprisingly, all of the respondents reported to have suffered at least one attack on their network resulting from poor encryption key and certificate management.

"Even at the CISO and CIO level, when we ask them 'where are your SSL certificates?' they don't really know," said Ponemon.

There are some practical steps that companies can take to reestablish the quality of their digital safeguards. Following best practices as prescribed by the National Institute of Standards and Technology (NIST), responding to certificate authority (CA) updates and managing the inventory and lifecycle of encryption keys and SSL certificates are all ways Ponemon suggested businesses can stay protected from cybercriminal attacks.

Precautions end users can take
Companies are not the only ones at risk. According to Jerome Sequra, a security researcher, one of the weakest links in the security chain is the end user and it is up to those individuals to check for valid certificates before opening email attachments or downloaded files.

"An attacker can easily find out or guess what antivirus a company is running and craft a piece of malware that will not be detected by it," said Segura. "Because such attacks are very narrow, the sample will not be disseminated around the world, making its discovery less likely."

With the Thawte Trusted Seal, users can take comfort knowing that their information is secured with proven security solutions. Visit Thawte to get equipped with the latest in SSL certificates.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?