While presenting at the HostingCon earlier this year, some particular figures in my slide deck jumped out at me: 1) Corporations are seeing their information double every two years; and 2) Each day, 600 million emails are sent containing unencrypted confidential data. Those are staggering figures on their own. Put them together, and the need to protect sensitive data online becomes glaringly obvious.
The booming popularity of Secure Sockets Layer (SSL) Certificates and Extended Validation SSL (EV SSL) Certificates reflects the recognition that people and organizations must protect themselves from worsening malware, data breaches and other IT security threats. By validating user and device identity, SSL and EV SSL Certificates reassure users they’re securely connecting to a website run by its genuine operator and not some phisher or other cyberscammer.
I’d like to point out two recent accomplishments in particular that highlight how Symantec keeping pace with demand for SSL and EV SSL:
- Our Certificate Intelligence Center (CIC) offers enterprises holding many SSL Certificates their first opportunity to manage those certificates in a centralized, automated and proactive way.
- On the individual transaction level, we have scaled our operations to handle more than three billion Online Certificate Status Protocol (OCSP) lookups a day – a 50-percent increase in less than a year.
These two items show how Symantec is supporting SSL across the use spectrum, from the enterprise to the individual. The Certificate Intelligence Center (CIC) is a cloud-based service that recognizes how critically important managing SSL Certificates is for enterprises, especially on the skyrocketing number of mobile and cloud-based applications and devices worldwide. It replaces scattered, manual SSL accounting practices that leave enterprises vulnerable to expired SSL Certificates. Most SSL Certificates are deployed on customer-facing applications, so expired certificates can cause substantial embarrassment, service disruptions and lost revenue.
Through the CIC, enterprises for the first time can have a comprehensive, centralized and automated SSL certificate management program. The CIC provides total visibility and control over certificates from any certificate authority. With these new capabilities, enterprises can not only reduce risk, costs and operational inefficiencies, but also maintain customer and partner confidence. Additionally, because SSL and EV SSL Certificates enable strong authentication, email encryption and digital signature applications, enterprises can better secure sensitive data against increasingly frequent, targeted, and severe cyber attacks.
On the individual transaction level, OCSP lookups check in real time whether the website in question has either a valid or revoked SSL Certificate. It does the same for user certificates during authentication actions such as smartcard logon, VPN access or web authentication. SSL Certificate Authorities (CAs) conduct OCSP checks and Symantec is the world’s leading Certificate Authority for both SSL and EV SSL Certificates.
For the second straight year, Symantec Authentication increased its daily OCSP lookups by 1 billion in less than a year. VeriSign hit two billion OCSP lookups in April 2010, up from 1 billion a day in July 2009. Put another way, the number of lookups has leaped from more than 11,500 a second in 2009 to more than 35,000 a second today.