Make no mistake: Your network environment is under constant attack. Nefarious individuals or groups are constantly searching for weaknesses in your data security measures in order to get at the valuable information behind your virtual doors. While we are all fairly aware of the daily (or even multiple-daily) updates our anti-virus software makes, there are other vulnerabilities in data security software that require more manual intervention, and sadly sometimes get left until the last minute—or even when it’s too late.
Despite ample warnings and urgings to replace aging Secure Socket Layer (SSL) protocol with Transport Layer Security (TLS) years ago, many enterprises put off this update until a couple of nasty creatures, namely POODLE and BEAST, stormed through their systems and wreaked havoc, exposed data, and cast shadows of doubt on those enterprises’ data security policies. While those companies who were burned by these intrusions certainly instituted TLS as part of their recovery, data security experts believe there are still businesses using SSL. Furthermore, some enterprises that quickly updated to TLS 1.0 stopped there, with the unfortunate reality being that TLS 1.0 has been deprecated.
Similarly, SHA1 certificates have been deemed undesirable and many web entities and applications will no longer accept them after January 2017. Even now, if you pay attention to the address bar in your browser, you may see a pop-up warning about that particular web site’s certificate being SHA1. After the first of next year, functionality may immediately halt, or additional manual steps may be needed to access deprecated websites or operate software using SHA1 certificates. Some are dreading when the calendar turns to January 1, 2017 and referring to the situation as “mini-Y2K” or “Y2K17.” The potential impact for enterprises not on SHA2 certificates could be substantial.
Conversely, just as some cling to SSL until the last possible moment, you can be assured that if there is an extra day to be wrung out of a SHA1 certificate, that exception will be twisted dry. This makes as much sense as turning off your anti-virus, or at a minimum, having it on but not letting it update. Threats evolve daily. Your data security defenses must keep pace.
What can you do? Clearly, if your network has SSL or TLS 1.0, an immediate upgrade is mandatory. Likewise, if any of your communications/data security software utilizes SHA1 certificates, seek out updated versions that can use SHA2 certificates and do so prior to Y2K17. To ensure the best security for data you send and receive, look for data security applications that not only use the latest standards, but are also easily updated as security standards evolve. Applications such as bTrade’s TDXchange not only operate on the current standards, but are easily upgraded to “future-proof” your MFT environment. TDXchange is also FIPS 140-2 certified, which separates it from the pack and makes it one of the most secure MFT solutions in the world.