The improvement in website security is certainly encouraging for us to see, but this is the absolute tip of a very big, fast-moving and dangerous iceberg.
Boston, MA (PRWEB) May 30, 2013
GlobalSign, the enterprise SaaS Certificate Authority (CA), today unveiled findings from its first Quarterly SSL Configuration Evaluation, an analysis showing how effectively global organizations are implementing SSL (Secure Socket Layer) to protect their websites. The research evaluated thousands of website URLs of organizations that utilized the GlobalSign SSL Configuration Checker; many of these organizations were looking to assess the strength and quality of their SSL configurations. Statistics revealed that in the first quarter of 2013 over 6,000 sites used the tool to evaluate the effectiveness of their SSL, and 269 of those sites used the remediation guidance provided by GlobalSign to improve and, in some cases, strengthen the security of their sites within a matter of minutes.
Upon visiting GlobalSign’s SSL Configuration Checker, powered by Qualys SSL Labs, organizations enter their website addresses and instantly receive a letter grade for their configuration. The grading system has three steps. First, the site’s SSL certificate is examined to confirm that it is trusted and valid. If a server fails this step, it is automatically given a zero. Next, the server configuration is tested in three categories: 1) protocol support, 2) key exchange support and 3) cipher support. Finally, a score between 0 and 100 is assigned to the site. The grading scale is as follows:
- score >= 80 A
- score >= 65 B
- score >= 50 C
- score >= 35 D
- score >= 20 E
- score < 20 F
The research revealed that 50 percent of 269 websites that used the GlobalSign SSL Configuration Checker strengthened the effectiveness of their SSL configuration grades in 30 minutes or less. Fifteen percent improved from a B, C, D or F to an A grade in less than two hours.
Notable statistics for the 269 improved websites:
- 172 organizations improved their grade to an A overall – 63 percent
- 113 organizations improved their F grade to an A, B or C – 42 percent
- 95 organizations improved their B grade to an A – 35 percent
“The improvement in website security is certainly encouraging for us to see, but this is the absolute tip of a very big, fast-moving and dangerous iceberg,” said Ryan Hurst, chief technology officer of GlobalSign. “Administrators can use the SSL Configuration Checker to greatly improve and remediate the security of poorly configured sites, but it is the awareness of this free and easy tool that we are trying to drive. Both small and large organizations with websites must adopt best practices, but first they have to identify the strengths and weaknesses of their sites' SSL configuration.”
Alexa 100 Sites Evaluated:
In addition to the findings derived from inbound SSL Configuration Checker use, GlobalSign evaluated the SSL effectiveness of the Alexa Top 100 websites. The research revealed the following:
- Over half (51 percent) of the websites received an A.
- Twenty-five percent received a B and 5 percent scored a C.
These grades are proof that while just over half of the world's top sites, and the enterprises behind them, are providing effective security, there is ample room for improvement.
For more information on the GlobalSign SSL Configuration Checker:
GlobalSign’s SSL Configuration Checker is an online tool that allows any organization to evaluate its site’s strengths and weaknesses by simply entering its domain URL and then clicking submit.
About GlobalSign SSL Configuration Checker
Enterprises benefit from the GlobalSign SSL Configuration Checker by being able to evaluate the strength of their SSL configuration on their web server. SSL is a commonly-used protocol for managing the security of a message transmission on the Internet. Correctly configured SSL improves website performance and strengthens security, preserving the end-user experience and providing better defense against damaging attacks that exploit faulty SSL configurations. The tool offers an overall grade of a website’s SSL configuration, remediation steps and certificate details. The GlobalSign SSL Configuration Checker is powered by Qualys SSL Labs, with GlobalSign using its long-time experience as a CA to provide an in-depth remediation layer to help sites take action in improving their security.
About GMO GlobalSign
GlobalSign has been a trust service provider since 1996. Its focus has been, and always will be, on providing convenient and highly productive PKI solutions for organizations of all sizes. Its core Digital Certificate solutions allow its thousands of authenticated customers to conduct SSL secured transactions, data transfer, distribution of tamper-proof code, and protection of online identities for secure email and access control. Vision and commitment to innovation led to GlobalSign being recognized by Frost & Sullivan for the 2011 Product Line Strategy Award. The company has local offices in the US, Europe and throughout Asia. For the latest news on GlobalSign visit http://www.globalsign.com or follow GlobalSign on Twitter (@globalsign).
GMO Internet Group
GMO Internet Group is a comprehensive provider of industry-leading Internet solutions including domain name registration, cloud-based and traditional hosting, ecommerce, security, and payment processing services that each hold the top share of their respective markets in Japan. Other key business areas for the Group include online securities/FX trading, Internet advertising, search engine marketing and online research, and smartphone game development and publishing. GMO Internet, Inc. is headquartered in Tokyo, Japan. Please visit http://www.gmo.jp/en for more information.