Secure data exchange with SSL

Written By: Ontrack

Date Published: 12 September 2014 00:00:00 EDT

Secure data exchange with SSL

SSL is a method for securing data exchange by creating a digital tunnel that doesn't allow third-party access. This secure data tunnel can be operated in a public network, such as the Internet. So, who needs SSL and why do they need it?

SSL stands for Secure Socket Layer. This technology is associated with the network principal of TCP/IP, which integrally uses the Internet. With SSL, information flows through the tunnel between two sites, two remote devices or two pieces of remote equipment on a remote site, whereby a site is accessing a network of equipment, such as those which exist in many companies. SSL is usually enabled on any firewall equipment on a network or “site” that manages the acceptance of certain types of data inflow and outflow based on the permissions granted.

Who should use SSL?

Previously, SSL was used mainly by e-commerce sites, banks and large companies. The rise of cyber crime meant that SSL became widely used anywhere that a password is likely to be used, regardless of the type of service or information. Of course, most enterprise websites on the Internet don’t use this system as the data is rarely sensitive. This is different to accessing an Extranet from the Internet, which is already quite well understood. Outside the classic e-commerce scenario where there is a secured shop, secured SSL protection may be required when a company wants to implement a CRM (Customer Relationship Management) using traditional web hosting. The spread of technologies adapted to the web, such as HTML5 that is now used to develop many applications including smartphones and tablets, also means that any business may have potential interest in the principle of SSL usage as this simplifies a part of their security issues.

Why SSL?

In the case of CRM, the use of SSL is justified as CRM data usually contain a lot of strategic elements related to the business, its customers and suppliers. It’s a veritable Extranet that the company would prefer to secure using credentials. SSL is both a security certificate and a formal authentication of the company that owns the server to which you are connecting; we say much about the company that owns the service rather than the host which is hosting the server and, in terms of the Cloud within the SaaS (Software as a Service) model, the two are closely linked. A secure link on a server with a certificate can’t be hijacked by a third party. In some cases, the SSL certificate is also installed on the connecting client’s system so that the transaction can also ensure that the customer is who they claim to be; the principle idea of the certificate, which is issued to each person is so that they can make their statement online from their own computer, clearly illustrates the use of the security certificate and its importance. This is all in addition to a functioning password.

What are the weakness of SSL?

Currently, SSL is the most secure universal method. In fact, version 1.0 of the TLS (Transport Layer Socket) is version 3.1 of SSL. There is indeed some possible weaknesses, as was the case on thousands of servers in 2014 where there was a bug in the implementation of the security protocol on the server and not within the protocol itself. This was only for certain types of servers and, of course, NOT ALL servers with SSL, which was widely misinterpreted by the mainstream press. Additionally, a maintenance release of the server software from this implementation solved the problem within a matter of hours.

Finally, the question that remains unsolved is “How do I implement SSL?” In these circumstances, it means implementing a certificate that is obtained through an entity that will require you to pay a certain price for the certificate you require, and moreover, that will ask you for anything that legally identifies you. And how does the final SSL appear? The emblem is the famous padlock that accompanies another equally famous “https” in the address of the shop or the secure online service.

For more information on our services, visit our Data Recovery page or get in touch with our specialists.


KLDiscovery Ontrack Limited, Nexus, 25 Farringdon Street, London, EC4A 4AB, United Kingdom (see all locations)