Cyber Security Elements by NSS

Research Shows 50 Percent of Organizations Using GlobalSign SSL Configuration Checker

The research evaluated thousands of website URLs of organizations that utilized the GlobalSign SSL Configuration Checker; many of these organizations were looking to assess the strength and quality of their SSL configurations. Statistics revealed that in the first quarter of 2013 over 6,000 sites used the tool to evaluate the effectiveness of their SSL, and 269 of those sites used the remediation guidance provided by GlobalSign to improve and, in some cases, strengthen the security of their sites within a matter of minutes.

Upon visiting GlobalSign’s SSL Configuration Checker, powered by Qualys SSL Labs, organizations enter their website addresses and instantly receive a letter grade for their configuration. The grading system has three steps. First, the site’s SSL certificate is examined to confirm that it is trusted and valid. If a server fails this step it is automatically given a zero. Next, the server configuration is tested in three categories:

1) protocol support,
2) key exchange support and
3) cipher support.

Finally, a score between 0 and 100 is assigned to the site. The grading scale is as follows:

• score ≥ 80 A
• 65 ≤ score ≤ 79 B
• 50 ≤ score ≤ 64 C
• 35 ≤ score ≤ 49 D
• 20 ≤ score ≤ 34 E
• score

The research revealed that 50 percent of 269 websites that used the GlobalSign SSL Configuration Checker strengthened the effectiveness of their SSL configuration grades in 30 minutes or less. Fifteen percent improved from a B, C, D or F to an A grade in less than two hours.
Notable statistics for the 269 improved websites:

• 172 organizations improved their grade to an A overall – 63%
• 13 organizations improved their F grade to an A, B, or C – 42%
• 95 organizations improved their B grade to an A – 35%

“The improvement in website security is certainly encouraging for us to see, but this is the absolute tip of a very big, fast-moving and dangerous iceberg,” said Ryan Hurst, chief technology officer of GlobalSign. “Administrators can use the SSL Configuration Checker to greatly improve and remediate the security of poorly configured sites, but it is the awareness of this free and easy tool that we are trying to drive. Both small and large organizations with websites must adopt best practices, but first they have to identify the strengths and weaknesses of their sites’ SSL configuration.”
Alexa 100 Sites Evaluated:

In addition to the findings derived from inbound SSL Configuration Checker use, GlobalSign evaluated the SSL effectiveness of the Alexa Top 100 websites. The research revealed the following:

• Over half (51%) of the websites received an A.
• Twenty-five percent received a B and 5 percent scored a C.

These grades are proof that while just over half of the world’s top sites, and the enterprises behind them, are providing effective security, there is ample room for improvement.

Overall SSL Configuration Checker Evaluation results of the Alexa Top 100:

Click here to see the original article.