IT staff fret over SSL insecurity

Nine out of ten network professionals see the invisibility of encrypted Secure Sockets Layer (SSL) traffic as posing a significant risk to their companies, a new survey has claimed.

Compiled by security vendor Blue Coat Systems during its recent US product roadshows, the survey of 300 staff also found that 64 percent considered it difficult to comply with regulatory requirements while using SSL technology.

A survey of European security and IT staff turned up similar results, with 97 percent of respondents agreeing that SSL was now a major risk issue. Eighty-two percent admitted they had no idea as to the nature of the traffic running through SSL connections from company premises.

The problem with SSL is its encryption, which sets up a secure tunnel between two points, usually one internal, and one – a web application say – sitting on the outside of the company. Although the technology is widely used in secure remote access, a growing number of applications open SSL sessions on an informal basis, making control difficult.

The company is using the survey results to push its own solution to the problem, a proxying appliance that terminates traffic in such a way that it can be managed using defined policies. This makes it impossible for such sessions to be opened in an uncontrolled or ad-hoc way.

“Enterprises have been completely blind to their users’ SSL traffic, and until now, have been unable to do anything about it,” said Steve Mullaney of Blue Coat. "Our SSL proxy solution now enables enterprises to gain visibility and control over what has previously been invisible to them and protect against serious business risks."

Blue Coat is also promoting the proxying approach as a way of stopping malware such as phishing from entering companies using SSL as a cloak.

This story, "IT staff fret over SSL insecurity" was originally published by


Copyright © 2006 IDG Communications, Inc.

Shop Tech Products at Amazon