1. /
  2. Trust on the Internet

Trust on the Internet
Securing the future starts with us.

Trust on the Internet

Ensuring trust on the Internet is the key to doing business on the Web, today, and in the future. From gathering information to performing transactions, it is more important than ever that people’s experience online is one of confidence and safety.
The challenges we face today are not those of technology, but of how technology is being implemented, and the practices that support it. The threat landscape will continue to change in focus from year to year, but the driving principles of how to apply technology, and how to do business in a secure fashion are guiding principles for Symantec.
Symantec is leading the drive to adopt and enforce stricter standards for PKI security and SSL implementation. Symantec partners with leading developers and security forums all over the globe, constantly auditing ourselves and our partners to answer the questions, “How can we improve Trust on the Internet?” and “What methods support our mission?

PKI for SSL

PKI
PKI is the key to the future of trust on the Internet. PKI is the only technology that can meet the rapidly growing need for online security and trust, allowing people to connect with confidence and safely share information online now and in the future. Unlike alternative technologies and trust models, PKI provides a single platform that delivers the economies of scale necessary for future growth; ensures trust between parties on first contact; and protects the confidentiality and integrity of data in transit. However, the future of the PKI ecosystem depends on the willingness and ability of all stakeholders—including CAs, browser developers, subscribers, and relying parties—to come together and do the right thing to preserve trust on the Internet.
As the #1 provider of trust online*, Symantec uses PKI to enable the worldwide deployment and use of certificates by Symantec, its affiliates, their respective customers, subscribers, and relying parties. Symantec is leading the drive to adopt and enforce stricter standards across the PKI ecosystem. By implementing a world-class certificate infrastructure and protecting it with robust security measures, Symantec and all other CAs can provide the greatest assurance possible that their certificates—and the organizations that use the certificates—are genuine and secure.
* source: Netcraft SSL Survey, 1/2012

Certificate Authority Best Practices

Now more than ever, it is critical to partner with a CA that has infrastructure security measures in place to defend itself, and your data, from emerging cyber-threats. Symantec, the #1 provider of SSL, is leading the drive to adopt and enforce stricter standards across the PKI ecosystem. By implementing a world-class certificate infrastructure and protecting it with robust security measures, Symantec and all other CAs can provide the greatest assurance possible that their certificates—and the organizations that use the certificates—are genuine and secure. (Based on Netcraft web analysis conducted in May 201
The Symantec CA operates from a security-first policy because protecting people and information is not just a business. It is our mission. We strongly believe that security by convenience is no security at all. Developing and maintaining a strong security posture is not easy. It takes time and experience; you can’t build a global trust model overnight. But in times like these, it is absolutely necessary.
Symantec secures more than one million web servers worldwide, more than any other Certificate Authority. 75% of the 500 largest e-commerce sites in North American and 93 of the 100 largest financial institutions worldwide that employ SSL certificates use Symantec.* These organizations trust Symantec because of our unwavering commitment to security.
 * includes Symantec subsidiaries, affiliates, and resellers
** https://otalliance.org/resources/SSL/CABestPractices.html

Always on SSL

People are spending more time and sharing more personal information online than ever, but website security practices have not kept up. Millions of users are being unknowingly exposed to threats simply by visiting unsecured web pages, and tools like Firesheep make it incredibly easy for an attacker to “sidejack” user accounts without knowing their passwords. Organizations can no longer afford to remain complacent; the industry has reached a tipping point where it must change in order to preserve end-to-end trust and consumer confidence, and to mitigate the risk of costly data security breaches.
Always On SSL is a necessary website security measure that protects users from arrival to login to logout, making it safer to search, share and shop online. Always On SSL is the only effective way to stop Firesheep and other HTTP session hijacking attacks.* Many of the world’s biggest websites, including Facebook, Google, PayPal, and Twitter, have successfully implemented Always On SSL.
As the leader in online trust, Symantec secures more than one million Web servers worldwide and can help you implement Always On SSL for your website to reduce risk and increase consumer confidence. 93 of the 100 largest SSL-using financial institutions in the world and 75 percent of the 500 largest e-commerce sites in North America rely on Symantec to secure their websites.** Symantec's authentication practices, audited annually by KPMG, are based on rigorous reputation qualification measures to establish online credibility
 * https://otalliance.org/resources/AOSSL/OTA_Always-On-SSL-White-Paper.pdf
** includes Symantec subsidiaries, affiliates, and resellers

SSL for Apps

SSL/TLS is the technology for creating secure connections. Correctly enabled, it can ensure confidentiality, authentication and data integrity. Today more and more services are offered through non-browser applications, on both desktops as well as increasingly on mobile devices. However, there are a number of common errors when implementing SSL/TLS in non-browser applications.
The train of trust begins with the programmers and developers. Security is only as good as its implementation. As the original and industry-leading certificate authority, Symantec is dedicated to supporting and enabling strong security practices. The SSL/TLS protocol, when properly implemented, provides strong confidentiality and integrity for communications, as well as authentication of one or both endpoint identities; however it must be used according to standards and best practices. SSL/TLS has been the key to trust on the Internet for more than a decade, and it will continue to provide excellent protection against evolving cyber security threats.

Resources

More questions?
Tips for App devlopers