Symantec’s Michael Klieman Talks "Encryption Everywhere" — How New Freemium Service Provides Security Without Sacrificing Speed

Symantec’s Michael Klieman Talks "Encryption Everywhere" — How New Freemium Service Provides Security Without Sacrificing Speed

TL; DR: 97% of websites have no basic security in place, leaving criminals with free reign on your personal information, which can lead to potential financial ruin. Fortunately, Symantec has launched Encryption Everywhere, a new program aimed at ensuring every legitimate website is secure by 2018 by providing hassle-free, fully integrated SSL certificates to hosts to incorporate into any new website or renewel. For businesses with their reputations on the line, Encryption Everywhere is an excellent choice thanks to industry-leading Symantec’s friction-less approach, infrastructure, and customer service.

The current Internet landscape is like a safe without a combination. If a thief can gain access to its contents, what good is a safe without any real security measures in place? Criminals have been having a field day without encryption in place to thwart their malicious efforts.

Founded in 1982, Symantec carries the reputation as the industry leader in making the web a safer place to do business. That’s why the Mountain View, California-based company developed Encryption Everywhere to further their goal of securing every legitimate website by 2018. While non-profit Let’s Encrypt has made important headway on that cause, Symantec can provide higher-level certificates and efficient customer support, making them an established solution for serious businesses and web hosting partners.

Image of Symantec's Security Operations Center

The ability to provide higher-level SSL certificates sets Encryption Everywhere apart from non-profit Let’s Encrypt.

The need for Internet-wide encryption is readily apparent. In February of 2015, American health insurance company Anthem Inc. was hit with a massive breach in which 80 million patient and employee records were compromised. Among the information divulged were names, birthdays, Social Security numbers, health-care ID numbers, home and email addresses, employment information, and income data.

Anthem failed to properly encrypt their records, and Bloomberg News reported criminals, likely of Chinese origin, took full advantage using malware to mimic the company’s IT infrastructure. In response to the incident, Anthem Inc. offered free credit monitoring to anyone affected. We know how many records were taken, but the loss of public confidence in the company is immeasurable.

While Anthem’s case is an extreme example, security breaches are reported on a regular basis by companies of all sizes. According to Symantec, an estimated 90% of large organizations and 74% of small- and medium-sized enterprises have faced security breaches.

Symantec’s Call To Arms For Internet Security

We recently sat down with Michael Klieman, Symantec’s Senior Director of Product Management and User Experience, at HostingCon Global in New Orleans. He made it clear that the lack of encryption on the Internet is a serious hurdle to making the web a safer place to do business.

Portrait of Michael Klieman and statistic

Symantec’s Michael Klieman believes Encryption Everywhere can help make the web a safer place for everyone.

“97% of all websites don’t use any form of basic encryption,” Michael said. “75% of websites have vulnerabilities and a lot of those are critical vulnerabilities — and they are known, easy exploits for hackers. Hackers are hard at work trying to steal people’s information. Last year there were half a billion pieces of personal information that had been stolen.”

Cybercrime was once limited to theft of financial or personal information, but now every online interaction is a potential target.

There’s no reason encryption shouldn’t be part of every website — from bloggers to mom-and-pop retailers and major names in eCommerce. Protecting customers’ data isn’t the only reason web hosts should be concerned with a lack of encryption. Search engines have begun using encryption levels as part of their ranking criteria, and site owners and web hosts could soon face fines for lacking basic security measures.

Service and Infrastructure Set Encryption Everywhere Apart

Funded in part by powerhouse companies such as Mozilla, Cisco, Google, and Facebook, the non-profit Let’s Encrypt really is doing admirable work by providing basic SSL certificates to site owners. Symantec provides basic certificates to hosts, who can inturn provide fully integrated SSL encryption to any new or renewing customer.

For website owners, that’s essentially an automatic security implementation with no setup or extra fees if their host chooses to include this feature in their packaged offering. What makes Symantec stand out for those participating in eCommerce is their customer service and connections with some of the world’s largest hosting providers.

Companies using Symantec’s Norton Shopping Guarantee saw an 8% uptick in sales after trying it, making it a no-brainer for eCommerce sites.

“When it comes to implementation, actually getting (security) up and running, it’s something we’re in the business of doing,” Michael said.

Monitors at Symantec's Security Operations Center

Symantec has the infrastructure and expertise to help secure businesses of all sizes.

In 2014, a major security bug known as Heartbleed was reported as having made vulnerable around half a million of the world’s servers using OpenSSL to leaking password information.

At the time, Forbes columnist Joseph Steinberg wrote, “Some might argue that (Heartbleed) is the worst vulnerability found since commercial traffic began to flow on the Internet.”

An issue like Heartbleed in the hands of Let’s Encrypt would require a nearly endless manual deployment of new SSL certificates. This is where a company like Symantec has a clear advantage with cluster support, making it much faster to fix bugs and restore customer confidence in no time.

Symantec also has working partnerships with major hosting providers like 1&1, InterNetX, SSL Store, and Baidu, helping the new encryption service reach more websites.

Symantec Security Is Catered To Every Size Of Business

One of the best features of Symantec’s Encryption Everywhere program is the different tiers available for eCommerce companies of all sizes. Symantec has put marketing research into the mix to provide seamless encryption levels for small, medium, and large companies alike.

“Getting the intelligence to deliver the right kind of product to the appropriate customer base, that’s the thing that will make us successful,” Michael said. “It’s most relevant to the customers, and it will make the hosting providers able to grow their businesses.”

Most major eCommerce sites use acceptable levels of encryption, but Michael said, “there’s a huge gap that is particularly concentrated in the SMB market (small and midsize businesses).” This market is primarily served by hosting providers who, were they to use Encryption Everywhere, would be able to advertise this to site owners.

Image of Norton Shopping Guarantee

Symantec’s Norton Shopping Guarantee provides an added level of trust for consumers using eCommerce websites.

Another popular component is the Norton Shopping Guarantee, which is a 3-part guarantee. The first promise is that customers will get their product or their money back. The second is a price guarantee, that pledges to refund the difference within $100 if the price drops in a 30-day window of making a purchase. Finally, each purchase made under the guarantee includes automatic enrollment in an ID theft protection program that covers up to $10,000 in losses.

Companies using the Norton Shopping Guarantee saw an 8% uptick in sales after trying it, making it a no-brainer for eCommerce sites.

Companies must meet certain requirements to participate in Encryption Everywhere:

  • Must be a hosting provider or sell to a host with at least 200,000 websites under management
  • Agree to an annual sales commitment
  • Enable DNS authentication
  • Participate in quarterly marketing and business planning
  • Bundle the free product into web hosting packages

Trust in your website drives people to feel comfortable with handing over their credit card number and other personal information.

Encryption With Less Friction Translates To Faster Browsing

One of the web’s great juggling acts is finding a balance between security and speed in a browsing experience. After all, milliseconds matter in the world of the web. An advantage of Encryption Everywhere is providing hosts with built-in security, reducing the number of back-and-forths that occur in the authentication process. This cuts back on latency and allows sites to load quickly and securely, reducing headaches for customers while maintaining consumer confidence.

In the past, this process was often complicated. Hosting providers spent inordinate amounts of time integrating different tools and administering manual processes into their businesses. Encryption Everywhere has changed the game by streamlining this into a tiered business model that simplifies security and gives hosts exactly what they need to provide site owners with a safe environment to make money online.

“The program is designed to be as frictionless as possible,” Michael said. “Those folks can just turn on encryption and security and have that be a default part of what they’re offering.”

A Legacy and Reputation You Can Bet Your Business On

As one of the world’s leading security companies, Symantec’s reputation of 30-plus years speaks for itself.

With a laser focus on the customer, the company’s 11,000 employees maintain a high bar to keep the world’s information safe via one of the world’s largest cyber intelligence networks.

An outside look at Symantec's World Headquarters

Symantec’s World Headquarters are located in Mountain View, California.

Symantec secures 40% of all web encrypted traffic, and the company’s SSL certificates are used by 80% of the largest eCommerce sites in North America and 74% of the 500 largest eCommerce sites in Europe. They average 13 billion certificate status checks every day.

With numbers like that, it’s easy to see why so many hosting providers place their trust in a company recognized as a leader in web security.

A Winning Combination For A Previously Unlocked Safe

The goal of having every legitimate website secured by 2018 seems reachable with efforts by companies like Symantec and Let’s Encrypt. Finally, that safe will have its combination, and it won’t be readily known by thieves in search of your personal information.

Every web user wants to quickly navigate the Internet without even thinking about the security of their data. Encryption Everywhere will get them closer to that goal and provide peace of mind for browsers everywhere.

Ryan Frankel

Questions or Comments? Ask Ryan!

Ask a question and Ryan will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.