2017 was an incredible year for web encryption and the Let’s Encrypt program was a clear leader in this progress.
As Josh Aas, executive director for the Internet Security Research Group, recently wrote on the Let’s Encrypt blog: “[In 2017, We] more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million… Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year.”
Encryption is clearly valuable asset for many organizations and individuals. But its popularity has also made it a lucrative tool for cyber criminals, who use encryption to mask malicious behavior.
Last year, a report from Zscaler revealed that 54% of the threats blocked by their product line hid in SSL traffic. Plus, the cloud security company counted 600,000 malicious activities using SSL per day. In addition, an A10 Networks report revealed that roughly 41% of cyber attacks used encryption to evade detection. Now, it’s grown to over half.
Let’s Encrypt recently discussed their initiatives for the new year. However, as we enter 2018, it’s important we promote encryption and understand it’s weaknesses at the same time. “It’s commendable how far Let’s Encrypt has come,” said Hari Nair, director of product management for Venafi. “They are well and truly on the way to fulfilling their mission: encrypting the web.”
Nair offered his insights into Let’s Encrypt’s 2018 positions. Overall, he is pleased with their progress, but urges caution with some of the goals:
“Overall, Let’s Encrypt’s success accelerates the commoditization of certificates,” concluded Nair. “Both Venafi and Let’s Encrypt place immense value in the management of machine identities, I’m looking forward to what the next year brings.”
What are your encryption initiatives in 2018?