The vast majority of websites do not use SSL encryption because of the cost and technical difficulty, according to Symantec's APJ manager of cyber security strategy Nick Savvides.
Although SSL authenticates the site to visitors and provides assurance that data is protected from examination or modification in transit, "97% of web sites have no basic security," he said. "People only really want to adopt it when they really have to."
So with the goal of achieving 100% use of SSL by 2018, Symantec has introduced its Encryption Everywhere program to address both these obstacles.
|
|
Hosters are also relieved of the associated administrative chores though Symantec-provided automation with WHMCS and cPanel. This covers new and existing customers and sites, and extends to situations where certificates must be revoked and replaced in bulk, as happened after the Heartbleed affair.
Companies using other software can also participate because Symantec is providing an open API and wants to help distribute any integrations (eg, with Odin) that use the API.
Encryption Everywhere is built on a freemium model. While there is no charge for the SSL certificate, paid security services such as scanning sites for malware and vulnerabilities will be offered as as upgrades. Hosting companies will take a cut of this revenue.
It seems there is a need for such added services. Savvides said 75% of websites have unpatched vulnerabilities, 16% of them critical. "We have a bigger web security problem than we think," he observed.
The first hosting companies to join Symantec's program are CertCenter, Hostpoint, InterNetX, SSLMarket and TrustAsia.
