Skip to main content
banner image
venafi logo

More Venafi 2017 Predictions: SHA-1 Outages, DevOps and Government Surveillance

More Venafi 2017 Predictions: SHA-1 Outages, DevOps and Government Surveillance

Venafi 2017 Predictions
December 19, 2016 | Kevin Bocek

Last week I outlined the first five Venafi predictions for 2017. Before I move on the the next five, I’ll set the stage with a reminder of what we’ve already predicted:

  1. As Certificate Authorities are pushed to do more and go faster, they will make more mistakes
  2. IoT ransomware will become one of the cybercriminal’s attack vectors of choice.
  3. IoT manufacturers will take code signing more seriously.
  4. The number publicly trusted free certificates issued will outnumber those are paid for.
  5. 2017 will see the first approved use of Let’s Encrypt or other free services within the Fortune 500. 

Now on to the next five predictions.

  1. At least one CA will fail to comply with Google’s requirement that every CA publish a transparency log.
    CAs with unscrupulous business practices—like WoSign and StartCom—may refuse to comply with Google’s transparency requirements. With the rising tide of anti-Google sentiment, it would not be surprising to see CAs start to push back against browser maker requirements.
  2. The next year will bring competing approaches to certificate transparency.
    CAs will begin to be ranked by their user community as organizations look for ways to determine who to trust. Some security vendors will lose customers, revenue and overall credibility because they cannot see attackers lurking in encrypted traffic; while other vendors will introduce new solutions to address this concern.
  3. There will be a major outage or attack related to the SHA-1 hashing algorithm.
    As we approach the SHA-1 deprecation deadline, many organizations have yet to complete their migration to SHA-2. For the owners of the more than 1.5 million SHA-1 digital certificates issued since December 2013, failing to migrate could have serious consequences. Outdated websites could become unusable, damaging brand credibility and draining resources. As a result, vulnerable sites could fall victim to cyber attacks.
  4. At least one Western government will replicate the Russian style of mandating citizens to hand over keys and certificates.
    In an effort to combat terrorism and expand surveillance, at least one Western government will follow Russia’s lead and mandate access to encryption keys and certificates. The potential impact of these decisions can’t be overstated—widespread government access to encrypted communications has the potential to demolish Internet privacy and devastate security.

    In the U.S. we’ve seen court orders to compel Apple to subvert iPhone’s security controls. In the UK the Snooper’s Charter seeks to extend law enforcement powers to gain access to encryption keys and introduce encryption backdoors. Encryption is the back bone of secure and private communications on the Internet. It protects online banking, shopping, all manner of consumer services that our economy and critical infrastructure rely on.

    It’s hard to overstate the impact of these decisions; once we allow governments universal access to encryption the likelihood of abuse and misuse skyrockets. It’s time to stand up against governments efforts to hijack privacy and trust online.
  5. 2017 will be the year of DevOpsSec.
    In 2017 at least half of DevOps teams in the Global 5000 will assign one or more team members to focus on making sure security is fast, easy and built-in to every project. For example, while teams have been making sure every container uses HTTPS encryption and digital certificates, no one has been focused on how these powerful security controls are integrated into DevOps and Fast IT projects. The idea that security can be about going fast and safe may prove shocking to hardcore DevOps teams accustomed to flying below the corporate radar!
Like this blog? We think you will love this.
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Kevin Bocek
Kevin Bocek

Kevin is Vice President of Security Strategy & Threat Intelligence at Venafi. He is recognized as a subject matter expert in threat detection, encryption, digital signatures, and key management, and has previously held positions at CipherCloud, PGP Corporation and Thales.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more