Customers are spending more time online than ever before, researching, browsing and buying. They need to trust the websites they visit and the businesses they interact with; they need to trust that their personal information is secure and that it’s being handled correctly. This has made website security critical to business success.
How many SSL/TLS certificates do we have and when do they expire? Do you have a clear and auditable way of tracking all SSL/TLS certificates across the organization? Do you know how many certificate authorities you buy from? Can you keep track of all your expiry dates? Centralizing SSL/TLS management keeps your sites safer because it helps you detect rogue certificates and makes sure you have ample warning before a certificate expires. Once you have all your data in one place, it’s also easier to buy in bulk, thereby reducing costs.
Are your private intranet sites and services safe?
Since November 2015, you are no longer able to get an SSL or TLS certificate for a reserved IP address or internal server name; and in October 2016, all publicly trusted SSL/TLS certificates with an internal name or reserved IP address will be revoked and/or blocked by browser software. Do you know what you’re going to do? Have you thought about the transition? Have you looked into tools, such as Symantec’s Private Certificate Authority, which allow you to issue intranet certificates without worrying about the change in regulations?
Are your mobile sites and apps secure? “With consumers constantly on the go, they prefer iPhones over iPads after work and at the weekends people’s digital behavior is changing and this provides new opportunities for fraudsters to hide in the noise,” says Stephen Moody, European solutions director at ThreatMetrix. With more people using smartphones and tablets, the demand for apps has spiked. Along with websites, they provide a vital way for customers to interact with organizations online. Unfortunately they also pose security and reputation risks when not managed properly. Website security needs to expand to take in code signing and malware scanning to ensure customers aren’t put at risk by any of the online touch points you offer.