5 Ways to Build Trust AA

Symantec Guide:5 ways to increase online salesby building customer trust

101101001011010010110100100010100101101001011100100001001011 01001010100001101010101100101101111111111000 0010100101100100101101011010010 0010100101101000010010000100101101001010100001101010101010010110 111111111100000101001011010010100101101001011010010110100101101001 00010100101101001011101001010010000100101101001010100001101010101010 01011 01111111111000001010010110100101001011010010110100101101001011010010001010010110100101110100101101010010010000

5

$

0101101

5$

2 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust

Contents

5 ways to increase online sales by building customer trust

Introduction 3

Preventing third-parties from viewing communications 4

Mitigating the risk of customer data exposure 5

Providing SSL on all web-accessible servers 5

Demonstrating validated identity 6

Use SSL certificates from a security leader 7

Build trust 7

5$


5 ways to increase online sales by building customer trust

With consumers facing a steady stream of news reports about corporate data

breaches, major retailers hacked for credit card information, nation state sponsored

cyber attacks, and the Heartbleed Bug vulnerability in OpenSSL it is understandable

if they are hesitant about online commerce.

Fortunately, businesses have an opportunity to build trust with potential customers by demonstrating a clear understanding

of customers privacy concerns and implementing controls to protect customer data. There are key ways businesses can

use Secure Sockets Layer (SSL) certificates to build trust with consumers.

There is a clear need for security controls that protect customer data, particularly the need for end-to-end encryption of

communications over the Internet. In addition to implementing security controls, it is best to provide clear indications that

those controls are in place. SSL technologies form the foundation of five key practices that implement security controls

and provide evidence that such controls are active.

The five recommended practices are:

1 Preventing third parties from viewing communications2 Mitigating the risk of customer data exposure3 Providing SSL on all Web-accessible servers4 Demonstrating validated identity5 Using SSL certificates from a security leader

Together, these five practices demonstrate a commitment to protect your

customers data and help to establish the trust necessary for online

communications and commerce.

5$


Preventing third parties from viewing communications

To prevent others from monitoring communications, it is important

to encrypt any data transferred between browsers and Web servers

and from servers to servers. If someone were able to intercept traffic

between your customers and one of your servers, all they would

have is apparently random text.

For example, an email message with the text:

The last draft of the strategic plan is attached. Do not circulate.

Appears as:

SSL certificates enable encryption with no effort on the

part of the customer. Support for SSL is ubiquitous in

modern browsers, making support among customer

browsers widely available.

M0niJp2vfKd0ikGzGZW+fTwiH0DHakfhlpOcIwZ Scr5LnTZbDe/hckFRS6x9jaNWS3+ZAICYzPk0ESRZTryIt6zfwjxMdu9XQ9Imsq6TP6TO6yQE5F/GnYjjCJQ3vfYQk92/VmdR0vMPZhKC7ZvTgLhZzDySxUHGCUZYGhSk6F6c2bMLDkp9GoPPoG7Ig9Z9ig8OEg/4CuNmxIpCG/Vec6kISRhl4AJdUrZf+i1Z2H2vmFXti40gwJpwu7YgRPG2qPkh6+7txWt8l3CVriofLW9YgAHDtxfQC4J53Q/sMz0URPT0or6hGw1hagrLd9SJfYxeYnQqLIPgoIYw7mU4Z22Fjb+houBcXxyHgHrQ4vMLTaX8TzJB0hzO1OWHB/1toHbPV4b4TTqkK3k0gMN/sUFTTLxPqDSX+wIIIoRZ0hE8h4QVF25PIar58fPO8/PqUSugfpSDMY9bQgQA==

STEP 1

5$


Mitigating the risk of customer data exposure In addition to encrypting data as it is transmitted from your servers

to your customers browsers, private and confidential data at rest in

your data center requires encryption.

The motivation for encrypting data at rest is that attackers might be able to breach other security defenses and access

your servers. If that occurs, attackers might have access to private and confidential data. If the data is encrypted, it will be

of no use to attackers.

When using encryption, it is important to minimize the risk that if one encrypted message or file is compromised, the risk

is increased that other messages might also be compromised. To address this concern, an important feature of key

generation software is perfect forward secrecy. Perfect forward secrecy is available in an encryption system when random

public keys are generated on a per session basis and uses non deterministic algorithms to compute those keys. Consider

using encryption systems that support perfect forward secrecy.

Providing SSL on all web accessible servers IT departments are dynamic. Server configurations

change, networks are reconfigured, and devices

are added and removed from the network.

In addition, virtualization and cloud computing make it a simple matter

to instantiate or destroy virtual machines. One way to help ensure the

authenticity of servers within your organization is to ensure all servers

within a domain are protected with SSL certificates

STEP 2

STEP 3

5$


Demonstrating Validated Identity It is fairly easy for attackers to create fake Websites that appear

legitimate. This process of spoofing sites can be used to trick users

into providing login credentials, private information, or other

information useful to the attackers. To help demonstrate the validity

of sites, SSL certificate vendors have created a standard for extended

validation (EV) certificates.

EV certificates require additional authentication steps than conventional SSL certificates. Some low service SSL certificate

providers might provide certificates as long as there is an active email address at the same domain as requested in the SSL

certificate application. This security level might be sufficient for low risk sites, such as personal Websites, but business sites

should require more stringent authentication procedures.

EV SSL certificates provide clear visual cues to demonstrate the legitimacy of the site, such as the green bar indicator in a

browser address line. Additional information is available as well, as Figure 1 illustrates.

Figure 1: Extended validation certificates provide evidence that the business has demonstrated

more stringent authentication procedures than normally required

STEP 4

5$


Use SSL certificates from a security leader SSL certificate vendors are essentially vouching for

the authenticity of SSL certificate holders.

There is more to providing SSL certificates than simply generating and

distributing certificates. Vendors must protect their infrastructure and

certificate information. Unfortunately, some SSL vendors have been

breached. It is important to use certificates from a vendor with a known and

respected brand and one that follows the highest authentication practices.

Build Trust The public is justifiably concerned about privacy and data

breaches.

Businesses can build trust with customers by deploying established security controls, including

those based on SSL, and by demonstrating their commitment to protecting the interests of

their customers. These five practices help to leverage the benefits of SSL to both establish and

then maintain that trust.

STEP 5

5$


About Symantec

Symantec Corporation (NASDAQ: SYMC) is an information protection expert that

helps people, businesses and governments seeking the freedom to unlock the

opportunities technology brings - anytime, anywhere. Founded in April 1982,

Symantec, a Fortune 500 company, operating one of the largest global data-intelligence

networks, has provided leading security, backup and availability solutions for

where vital information is stored, accessed and shared. The companys more than

20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune

500 companies are Symantec customers. In fiscal 2013, it recorded revenues of

$6.9 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.

For specific country offices and contactnumbers, please visit our website. For product

information in the AsiaPacific region, call:

Australia: +61 3 9674 5500New Zealand: +64 9 9127 201

Singapore: +65 6622 1638Hong Kong: +852 30 114 683

Taiwan: +886 2 2162 1992Or email: [email protected]

[email protected]

SymantecSymantec Website Security Solutions Pty Ltd

3/437 St Kilda Road, Melbourne,3004, ABN: 88 088 021 603

Symantec Guide: 5 ways to increase online sales by building customer trust

No part of the contents of this white paper may be

reproduced or transmitted in any form or by any means

without the written permission of the publisher.

Copyright 2014 Symantec Corporation. All rights

reserved. Symantec, the Symantec Logo, the Checkmark

Circle Logo and the Norton Secured Logo are trademarks

or registered trademarks of Symantec Corporation or its

affiliates in the U.S. and other countries. Other names

may be trademarks of their respective owners.

Symantec Guide:5 ways to increase online salesby building customer trust

101101001011010010110100100010100101101001011100100001001011 01001010100001101010101100101101111111111000 0010100101100100101101011010010 0010100101101000010010000100101101001010100001101010101010010110 111111111100000101001011010010100101101001011010010110100101101001 00010100101101001011101001010010000100101101001010100001101010101010 01011 01111111111000001010010110100101001011010010110100101101001011010010001010010110100101110100101101010010010000

5

$

0101101

5 Ways to Build Trust AA

Documents

Transcript of 5 Ways to Build Trust AA