This research study confirmed some ideas that we already suspected: TLS 1.3 impairs monitoring and negatively impacts network security, and many organizations are slowly implementing it as they update and replace technical infrastructure.
BOULDER, Colo. (PRWEB) November 16, 2022
Enterprise Management Associates (EMA™), a leading IT and data management research and consulting firm, has released a new research report, “TLS 1.3’s Fourth Anniversary: What Have We Learned About Implementation and Network Monitoring?,” authored by Christopher M. Steffen, managing research director of security and risk management at EMA, and Ken Buckler, research analyst covering security and risk management at EMA.
The IETF finalized its TLS 1.3 standard for network encryption in 2018, backed by heavy promotion of the new standard from major web server and browser vendors. During this same year, EMA surveyed IT practitioners and technology decision-makers to gauge their awareness of this major change in the industry standard for network encryption, their plans to implement it within their networks, and how they planned to deal with the visibility issues it causes. The findings were outlined in EMA’s 2019 “TLS 1.3 Adoption in the Enterprise: Growing Encryption Use Extends to New Standard” report. The surprise discovery in this research was that enterprises were planning swift adoption of the new standard, despite their concerns about the downsides it posed for existing network and security operations.
“This research study confirmed some ideas that we already suspected: TLS 1.3 impairs monitoring and negatively impacts network security, and many organizations are slowly implementing it as they update and replace technical infrastructure,” said Steffen. “Practitioners are well aware of the privacy benefits that implementing TLS 1.3 brings to their users and customers, but there are significant costs – monetarily and from a risk perspective – that must also be considered.”
For this new research, EMA revisited the adoption of the TLS 1.3 standard by going back to IT networking professionals, security experts, and business leaders to discover what they have learned throughout the implementation process and the benefits they have gained through their adoption and usage. The survey also examined organizations that have yet to adopt TLS 1.3 and the concerns that have shaped their decisions and strategies.
EMA polled 208 technology and business leaders in North America representing organizations from more than ten different industry verticals. Nearly all of the conclusions that were found in the 2019 report still hold true in 2022, including:
- Visibility and monitoring considerations remain the biggest obstacle to adoption.
- Resource and implementation costs are significant.
- Remote work, regulatory and vendor controls, and improved data security are drivers.
Some of the key findings include:
- 89% of enterprises were concerned that TLS 1.3 would disrupt existing network and security monitoring functions
- 85% of enterprises listed data security as the greatest benefit to their TLS 1.3 implementation
- 26% of enterprises believe that they have suffered a security breach due to visibility difficulties associated with TLS 1.3
- 87% of enterprises had to make changes to their network architecture to accommodate TLS 1.3
A detailed analysis of the research findings is available in the report, “TLS 1.3’s Fourth Anniversary: What Have We Learned About Implementation and Network Monitoring?”
Founded in 1996, EMA is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help their clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals, and IT vendors at http://www.enterprisemanagement.com.