5 ways to build trust aa
DESCRIPTION
For new managersTRANSCRIPT
-
Symantec Guide:5 ways to increase online salesby building customer trust
101101001011010010110100100010100101101001011100100001001011 01001010100001101010101100101101111111111000 0010100101100100101101011010010 0010100101101000010010000100101101001010100001101010101010010110 111111111100000101001011010010100101101001011010010110100101101001 00010100101101001011101001010010000100101101001010100001101010101010 01011 01111111111000001010010110100101001011010010110100101101001011010010001010010110100101110100101101010010010000
5
$
0101101
-
5$
2 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust
Contents
5 ways to increase online sales by building customer trust
Introduction 3
Preventing third-parties from viewing communications 4
Mitigating the risk of customer data exposure 5
Providing SSL on all web-accessible servers 5
Demonstrating validated identity 6
Use SSL certificates from a security leader 7
Build trust 7
-
5$
3 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust
5 ways to increase online sales by building customer trust
With consumers facing a steady stream of news reports about corporate data
breaches, major retailers hacked for credit card information, nation state sponsored
cyber attacks, and the Heartbleed Bug vulnerability in OpenSSL it is understandable
if they are hesitant about online commerce.
Fortunately, businesses have an opportunity to build trust with potential customers by demonstrating a clear understanding
of customers privacy concerns and implementing controls to protect customer data. There are key ways businesses can
use Secure Sockets Layer (SSL) certificates to build trust with consumers.
There is a clear need for security controls that protect customer data, particularly the need for end-to-end encryption of
communications over the Internet. In addition to implementing security controls, it is best to provide clear indications that
those controls are in place. SSL technologies form the foundation of five key practices that implement security controls
and provide evidence that such controls are active.
The five recommended practices are:
1 Preventing third parties from viewing communications2 Mitigating the risk of customer data exposure3 Providing SSL on all Web-accessible servers4 Demonstrating validated identity5 Using SSL certificates from a security leader
Together, these five practices demonstrate a commitment to protect your
customers data and help to establish the trust necessary for online
communications and commerce.
-
5$
4 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust
Preventing third parties from viewing communications
To prevent others from monitoring communications, it is important
to encrypt any data transferred between browsers and Web servers
and from servers to servers. If someone were able to intercept traffic
between your customers and one of your servers, all they would
have is apparently random text.
For example, an email message with the text:
The last draft of the strategic plan is attached. Do not circulate.
Appears as:
SSL certificates enable encryption with no effort on the
part of the customer. Support for SSL is ubiquitous in
modern browsers, making support among customer
browsers widely available.
M0niJp2vfKd0ikGzGZW+fTwiH0DHakfhlpOcIwZ Scr5LnTZbDe/hckFRS6x9jaNWS3+ZAICYzPk0ESRZTryIt6zfwjxMdu9XQ9Imsq6TP6TO6yQE5F/GnYjjCJQ3vfYQk92/VmdR0vMPZhKC7ZvTgLhZzDySxUHGCUZYGhSk6F6c2bMLDkp9GoPPoG7Ig9Z9ig8OEg/4CuNmxIpCG/Vec6kISRhl4AJdUrZf+i1Z2H2vmFXti40gwJpwu7YgRPG2qPkh6+7txWt8l3CVriofLW9YgAHDtxfQC4J53Q/sMz0URPT0or6hGw1hagrLd9SJfYxeYnQqLIPgoIYw7mU4Z22Fjb+houBcXxyHgHrQ4vMLTaX8TzJB0hzO1OWHB/1toHbPV4b4TTqkK3k0gMN/sUFTTLxPqDSX+wIIIoRZ0hE8h4QVF25PIar58fPO8/PqUSugfpSDMY9bQgQA==
STEP 1
-
5$
5 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust
Mitigating the risk of customer data exposure In addition to encrypting data as it is transmitted from your servers
to your customers browsers, private and confidential data at rest in
your data center requires encryption.
The motivation for encrypting data at rest is that attackers might be able to breach other security defenses and access
your servers. If that occurs, attackers might have access to private and confidential data. If the data is encrypted, it will be
of no use to attackers.
When using encryption, it is important to minimize the risk that if one encrypted message or file is compromised, the risk
is increased that other messages might also be compromised. To address this concern, an important feature of key
generation software is perfect forward secrecy. Perfect forward secrecy is available in an encryption system when random
public keys are generated on a per session basis and uses non deterministic algorithms to compute those keys. Consider
using encryption systems that support perfect forward secrecy.
Providing SSL on all web accessible servers IT departments are dynamic. Server configurations
change, networks are reconfigured, and devices
are added and removed from the network.
In addition, virtualization and cloud computing make it a simple matter
to instantiate or destroy virtual machines. One way to help ensure the
authenticity of servers within your organization is to ensure all servers
within a domain are protected with SSL certificates
STEP 2
STEP 3
-
5$
6 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust
Demonstrating Validated Identity It is fairly easy for attackers to create fake Websites that appear
legitimate. This process of spoofing sites can be used to trick users
into providing login credentials, private information, or other
information useful to the attackers. To help demonstrate the validity
of sites, SSL certificate vendors have created a standard for extended
validation (EV) certificates.
EV certificates require additional authentication steps than conventional SSL certificates. Some low service SSL certificate
providers might provide certificates as long as there is an active email address at the same domain as requested in the SSL
certificate application. This security level might be sufficient for low risk sites, such as personal Websites, but business sites
should require more stringent authentication procedures.
EV SSL certificates provide clear visual cues to demonstrate the legitimacy of the site, such as the green bar indicator in a
browser address line. Additional information is available as well, as Figure 1 illustrates.
Figure 1: Extended validation certificates provide evidence that the business has demonstrated
more stringent authentication procedures than normally required
STEP 4
-
5$
7 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust
Use SSL certificates from a security leader SSL certificate vendors are essentially vouching for
the authenticity of SSL certificate holders.
There is more to providing SSL certificates than simply generating and
distributing certificates. Vendors must protect their infrastructure and
certificate information. Unfortunately, some SSL vendors have been
breached. It is important to use certificates from a vendor with a known and
respected brand and one that follows the highest authentication practices.
Build Trust The public is justifiably concerned about privacy and data
breaches.
Businesses can build trust with customers by deploying established security controls, including
those based on SSL, and by demonstrating their commitment to protecting the interests of
their customers. These five practices help to leverage the benefits of SSL to both establish and
then maintain that trust.
STEP 5
-
5$
8 I Symantec Corporation Symantec Guide: 5 ways to increase online sales by building customer trust
About Symantec
Symantec Corporation (NASDAQ: SYMC) is an information protection expert that
helps people, businesses and governments seeking the freedom to unlock the
opportunities technology brings - anytime, anywhere. Founded in April 1982,
Symantec, a Fortune 500 company, operating one of the largest global data-intelligence
networks, has provided leading security, backup and availability solutions for
where vital information is stored, accessed and shared. The companys more than
20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune
500 companies are Symantec customers. In fiscal 2013, it recorded revenues of
$6.9 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.
-
For specific country offices and contactnumbers, please visit our website. For product
information in the AsiaPacific region, call:
Australia: +61 3 9674 5500New Zealand: +64 9 9127 201
Singapore: +65 6622 1638Hong Kong: +852 30 114 683
Taiwan: +886 2 2162 1992Or email: [email protected]
SymantecSymantec Website Security Solutions Pty Ltd
3/437 St Kilda Road, Melbourne,3004, ABN: 88 088 021 603
Symantec Guide: 5 ways to increase online sales by building customer trust
No part of the contents of this white paper may be
reproduced or transmitted in any form or by any means
without the written permission of the publisher.
Copyright 2014 Symantec Corporation. All rights
reserved. Symantec, the Symantec Logo, the Checkmark
Circle Logo and the Norton Secured Logo are trademarks
or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names
may be trademarks of their respective owners.
Symantec Guide:5 ways to increase online salesby building customer trust
101101001011010010110100100010100101101001011100100001001011 01001010100001101010101100101101111111111000 0010100101100100101101011010010 0010100101101000010010000100101101001010100001101010101010010110 111111111100000101001011010010100101101001011010010110100101101001 00010100101101001011101001010010000100101101001010100001101010101010 01011 01111111111000001010010110100101001011010010110100101101001011010010001010010110100101110100101101010010010000
5
$
0101101