TL; DR: Offering enterprise-level security services, GlobalSign protects the Internet of Everything — servers, computers, users, applications, websites, mobile devices, and other IoT devices. Behind a global push for a safer Internet browsing experience, GlobalSign works with teams to issue, deploy, and manage large volumes of SSL certificates, which build brand reputation and consumer trust for providing a safe and secure browsing experience. GlobalSign’s products evolve as security standards and search engines reflect the growing number of online threats.
Many Internet users don’t know exactly what the lock icon and green bar in their web browser represent — but they know their presence is important.
Consumers want online protection and recognize when businesses provide a secure, trusted connection to their website. GlobalSign simplifies the security process for companies wanting to communicate and sell products safely.
As web browsers are making those security features increasingly prominent — and more severely punishing insecure content — GlobalSign is preparing to stay ahead of the growing demand for SSL certificates and tools to keep them up to date.
SSL certificates boost customer confidence that your site is safe to browse. Only 3% of online shoppers said they would give their credit card information to a website without a padlock icon, according to the CA Security Council’s 2015 Consumer Trust Survey.
Companies large and small benefit from SSL certificates, according to GlobalSign Vice President of Product Management Doug Beattie, and the company adapts their security solutions to meet those various needs.
“Everybody needs certificates, so we’re heavily devoted to providing solutions to those in the enterprise market, small- to medium-sized business, as well as Fortune 100 companies,” he said. “There’s a constantly moving baseline that we have to keep up with and stay ahead of for our customers’ benefit.”
SSL and TLS: How Privacy and Security Translate Into Brand Trust
SSL, or Secure Sockets Layer, certificates are small data files that enable secure connections between web browsers and web servers. Depending on the type of certificate used, a site visitor will see a green bar with the brand name or a lock icon in the address bar. Both signs indicate the data exchanged is encrypted and protected from anyone listening in, so to speak. This is especially important when using open hotspots in public areas.
“Requesting and installing SSL certificates is a very standard process website administrators do frequently as a part of setting up web servers,” Doug said.
When the secure connection is established, the application protocol will change from HTTP to the more protected HTTPS — meaning all traffic between the browser and server is encrypted.
Each year, Certificate Authorities (CAs) like GlobalSign undergo rigorous security audits to be included in browsers and operating systems as trusted CAs. As a publicly trusted CA, GlobalSign can issue certificates in accordance with industry rules and regulations to secure websites.
Typically, SSL certificates — also known as TLS certificates — protect credit card transactions, data transfers, and login credentials. Beyond protecting vulnerable information, however, TLS certificates increase search engine rankings, build customer trust, and improve conversion rates. Across the industry, Doug has noticed a trend of major web browsers and operating system vendors pushing all websites, regardless of content, toward HTTPS.
“They’re changing browser UI to motivate website owners and hosting companies to secure all the sites,” he said. “Even sites that are just static content and don’t have user IDs or passwords, nor credit card information, are going to receive a different UI indicator if they don’t use TLS, and that will diminish the site’s trust.”
Certificate Transparency: How GlobalSign Adapts to Evolving Standards
Commercial certificate authorities must follow a set of requirements and regulations established by the CA/Browser Forum, or CAB Forum. The rules adapt with technology and security threats, Doug said, changing how CAs provision certificates, validate users, and include particular information in certificates.
Recently, CAs have been encouraged to be more transparent in what certificates they issue. They should publish their certificates to Certificate Transparency (CT) logs, which are publicly accessible, according to Doug. GlobalSign is currently publishing the majority of their certificates to CT logs — well before the Google-mandated October 2017 deadline.
“We’re really innovative in that area, where we’ve taken the initiative and the advanced steps to be as open and transparent as possible,” Doug said. “That’s just one thing we’ve done recently to change our baseline and be more transparent to the Internet and let people know what sites we’ve issued certificates to.”
Customers generally prefer to not publish certificate data for privacy concerns, but Doug said the push for transparency will increase security and awareness. Doug said companies or individuals who prefer their certificates not be publically posted should voice their concerns on the Certificate Transparency discussion forums.
“As the industry evolves and everybody becomes required to publish to CT logs, domain owners can monitor these logs and look for certificates issued to their domains,” he said. “Domain owners can monitor the logs almost in real time and identify possibly fraudulent certificates issued to their domains. If they see one issued from a CA they didn’t authorize or somebody trying to get a certificate for a domain they shouldn’t be, they can take immediate action.”
Preparing to Meet High-Volume Certificate Issuing Needs
With an overwhelming movement toward adopting TLS across the Internet, Doug said the market for certificates is exploding from tens of millions to hundreds of millions or even billions of certificates that will be needed to secure websites in a short time.
GlobalSign’s most recent initiative has been rolling out their high-volume platform, which will be capable of issuing thousands of certificates per second, according to Doug.
“We see a huge market growth over the next couple of years,” he said. “We’re spending a lot of time and resources to analyze and identify who is going to be needing these and building out an infrastructure to support the issuance of billions of certificates every year.”
Browser Punishments and the Global Push for a More Secure Internet
As with so much online, Google is a major influencer in the push for a secure Internet, Doug said. With SSL certificate status impacting search results and user interfaces in Google Chrome, hosting and service providers are beginning to secure customer sites by default.
Depending on the type of SSL certificate used, Chrome shows the padlock icon or even a green bar to show a site’s trustworthiness. Currently, unencrypted sites not given any special UI treatment other than, perhaps, an icon for information. Moving forward, Doug expects HTTP sites to be treated negatively, which will continue to drive adoption rates for HTTPS.
“We expect that in 2017, the browser behaviors for HTTP sites are going to become more and more negative — to a point where you might see a red X in the address bar,” Doug said. “Users will wonder what’s wrong with your site.”
Securing Internet-of-Things Devices With PKI
Earlier in 2016, a record-setting DDoS attack against DNS provider Dyn brought down the likes of Amazon, Netflix, PayPal, and Twitter.
The attack was coordinated through a large number of Internet-of-Things devices, such as cameras and baby monitors, that had been infected with malware. IoT devices are rapidly hitting the market but are extremely vulnerable to attack.
“We’re seeing a lot of appliances and devices that need to be secured that aren’t,” Doug said. “This is driving a lot of investment into building security into products that are currently lacking.”
Ensuring Privacy by Encrypting Emails
Looking toward the future, Doug expects hosted email accounts to seek Secure/Multipurpose Internet Mail Extensions, or S/MIME, technology. GlobalSign’s PersonalSign certificates can be used for S/MIME to allow users to digitally sign and encrypt their messages, ensuring privacy and preventing tampering with sensitive information.
“When you start counting up the email accounts from Microsoft, Yahoo, Google, and everybody else, you’re talking about billions of users that may need certificates,” Doug said.
Collaborative Culture Contributes to Safe Commerce and Content
Boasting major customers, such as Ford, Microsoft, Netflix, and HSBC, GlobalSign has issued more than 25 million certificates worldwide.
Primarily focused on enterprise customers, including educational institutions, local and federal government agencies, and non-profit organizations, GlobalSign makes it easy and cost-effective for customers to deploy and manage large numbers of certificates.
Enterprise customers using the Managed SSL (MSSL) platform, where organization information and domains are pre-validated, can receive certificates nearly instantly. They receive discounts when certificates are purchased in bulk or when they take advantage of one of GlobalSign’s unique certificate or hostname licensing models. GlobalSign’s centralized management platform monitors and manages the certificates’ expiration dates and security levels and notifies users of upcoming certificate renewels.
From an office in small, coastal Portsmouth, New Hampshire, Doug and other GlobalSign employees gather and contribute ideas, whether they work on sales, product management, or support teams.
“We have an open environment where we have collaborative work areas,” he said. “This open concept work area promotes the cross-functional exchange of ideas and builds closer, more productive product teams.”