SAN FRANCISCO, 09 September 2011 - When you work in computer security, reputation is everything. Certificate authentication authority (CA) GlobalSign on Monday suspended issuance of any new certificates pending the result of an investigation into a claim by a hacker that its security had been compromised. Their swift response maintains their reputation as a leading CA and positions them as an optimal choice for anyone looking for a CA for their business.
What Do Certificate Authorities Do?
A certificate authority issues a number of certificates that certify a secure environment for websites, code, documents, objects, email, or any other form of electronic communication or programming. The most common product that a small business would be familiar with is an SSL certificate, which GlobalSign defines as "SSL/TLS encryption and identity assurance for websites".
SSL stands for "Secure Sockets Layer" and TSL stands for "Transport Layer Security." Both are communications protocols for secure transmission of information over the Internet, and are most commonly used for transmission of order, payment, and identity information. A compromise of the underlying certificate authority could mean that all of this information is also compromised. This is why GlobalSign is taking the situation very seriously and not issuing new certificates until the situation is thoroughly investigated.
A seal or sign that a website is protected by such a certificate usually goes hand-in-hand with the purchase of a certificate product. In their promotional video below, GlobalSign talks about their Website Passport and reasons why businesses should have this kind of protection on their websites.
Should I Consider a Certificate for My Website?
If you engage in any form of payment on your website, you should absolutely consider this for your business. Most certificate authorities, including GlobalSign, cite higher conversion rates as a direct result of installing a security certificate and corresponding trust seal on their website.
According to this independent paper from Milena Head and Khaled Hassanein at the DeGroote School of Business, consumers "have significant experience in the traditional market, but may not be as familiar with or comfortable in the online marketplace. Individual consumers will differ in their 'trusting' personality traits and the pace at which they attain the trust required to start transacting with an online vendor."
What Exactly Happened to Make GlobalSign Suspend New Certificates?
A hacker who goes by the handle "Comodohacker" has claimed that he has access to GlobalSign's systems as well as those of three similar companies. He broke into another certificate authority, DigiNotar, on Monday. Due to other hacks against Diginotar in the past, most browsers no longer accept DigiNotar certificates. According to an update given to us by Steve Waite, their chief marketing officer, GlobalSign has appointed Fox-IT for help with the investigation, due to their previous involvement in investigating the DigiNotar hack.
Sign up for Computerworld eNewsletters.