For many end users, SSL is most commonly associated with the act of online shopping. Particularly the small padlock that appears while attempting to checkout the items stored in your digital shopping cart. For others, the prefix https found in the address bar signals to them that, in fact, their information is being protected from online eavesdroppers.
Beyond this feature, implementing the use of SSL certificates offers several benefits to organizations, IT, and of course, the users as well. And best of all, the cost associated with procuring a 3rd party SSL certificate from a trusted seller can range from a few hundred dollars annually to, well, nothing. All in all, it's a small price to pay for data confidentiality, integrity, and non-repudiation.
Here are three reasons your organization should use SSL certificates:
1. To encrypt communications and services
Looking beyond ecommerce, a whole host of web-based services can and do benefit from implementing encryption to provide enhanced security for important email messages, keeping text messages private, or used in the creation of a secured tunnel which routes traffic through it over unsecured connections, such as FTP, or when connecting two networks together via VPN. By encrypting these communications end-to-end, confidentiality is introduced which verifies that data sent between two points is protected both ways and not at the mercy of threat actors looking to hijack the stream or intercept the data being transmitted in any decrypted, readable format.
2. For authenticating users and Public-Key Exchange
Certificates can be extended to user accounts and devices as well, providing a unique, secure identifier for each asset. When managed as part of a Public Key Infrastructure (PKI) or even exchanged peer-to-peer, a key pair is used - one public key and its corresponding private key - to authenticate user accounts and/or their devices. Additionally, the use of the key pair allows for non-repudiation, or verification of the user when using digital signatures by signing a message with the sender's private (to which only they have access to) and using the sender's public key, the receiving party can decode the message. This provides integrity to the message and recipients can verify if the message was tampered with or not.
SEE: 10 ways to raise your users' cybersecurity IQ (free PDF) (TechRepublic)
3. To establish a web of trust
When speaking of trusting devices, the term "web of trust" refers to a hierarchy of devices that through each one's verification by the next level above form a chain that provides a way for administrators and users to know that the services being accessed are from the provider they claim to be. Similar to how an employee trusts in their department manager, and the departmental manager trusts in the supervisor above them - they can all be trusted as part of the company as a whole. The public trust has nothing to do directly relating to certificates per se, but has everything to do with the perception that by securing services, user accounts, and devices with SSL certificates and strong encryption, the public will tend to view organization's offerings in a greater light than say, a similar company that does not provide the extra benefits yielded from implementing SSL certificates for competing services.
- Why SSL is part of the problem behind a dramatic increase in malware and ransomware in Q1 2018 (TechRepublic)
- It's HTTPS or bust: How to secure your website (ZDNet)
- In a security push, Chrome will soon mark every HTTP page as "non-secure" (ZDNet)
- A quick guide to SSL/TLS certificates (TechRepublic)
- Register your company website's SSL certificate or face giant Chrome warning page (TechRepublic)
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.