- NG Firewall
- Solutions by Industry
- Solutions by Issue
As a way to encrypt and thus keep web traffic away from prying eyes, the Secure Sockets Layer protocol has been the go-to option for e-commerce firms and others on the internet for many years now. But, as cybercriminals continue to find holes in SSL and as issues with the underpinning technology arise, its future as the default web traffic protection mechanism appears to be in doubt. Still, with the right tools and know-how in place, SSL remains and will likely continue to be one of the best ways to safeguard traffic online.
The notion of SSL as an always-secure option received a major blow in 2014, upon the initial discovery of Heartbleed. A nickname for a specific vulnerability, Heartbleed was an issue with the code underlying the popular OpenSSL encryption standard that allowed cybercriminals to still gain access to the underlying information that was encrypted. All told, at least 500,000 websites were affected by Heartbleed, and this issue was around for years before it was widely discovered, CNET reported.
"At least 500,000 websites were affected by Heartbleed."
Just a year after Heartbleed came another major issue with SSL encryption. In 2015, various researchers discovered that they could force some websites running on older browsers to divert to an older, less secure version of SSL that is relatively easy to break, ZDNet reported. Dubbed FREAK, the exploit affected more than 33 percent of all sites that were using SSL at that time, according to researchers from the University of Michigan.
While both Heartbleed and FREAK point to issues with SSL itself, web encryption can be problematic even when everything is working properly. Increasingly, many cybercriminals are using SSL to hide their actions, leveraging encryption as a cover. Since many firms assume that encrypted traffic is inherently secure, it passes unencumbered. But, by 2017, Gartner believes that around half of all network attacks will be hidden in SSL.
Based on both its recent vulnerabilities and its popularity among cybercriminals, SSL may not seem to be an ideal option for companies looking to safeguard sensitive web traffic. But, SSL is still quite useful and will likely remain so for some time.
For starters, most websites don't have SSL in place at all, which means they have little if anything protecting the privacy and security of users and their information. Around 65 percent of all web traffic in North America was unencrypted in April 2015, but over 67 percent of North American internet activity will likely be protected by encryption by the end of 2016, Fortune reported.
While SSL is not without its faults, it remains – and will likely continue to remain – the easiest and most cost-effective way for websites to protect user information from prying eyes. Plus, sites that use SSL now appear higher in Google search results versus their unencrypted peers.
"Encryption today isn't what it used to be," wrote ZDNet contributor Zack Whittaker. "It's not as expensive and cumbersome to implement. Encryption isn't just for the online corporate elite, which used to shell out thousands of dollars for a security certificate. Today, it's stronger, more advanced, and generally a lot easier to implement — and crucially, it's cheaper than ever. In some cases, it costs nothing."
As events over the past few years have illustrated, SSL is not without its faults. But, as web traffic encryption becomes easier to implement and as tools to overcome its shortcomings are released, SSL will continue to remain one of the best ways to safeguard the web, thus ensuring the continued usefulness of SSL for years to come.