Is SSL causing security problems?

An article from Secure Computing magazine discusses how the increase of SSL encrypted communications is making it more difficult to stop malware from entering a company's network and keeping data from leaving the company network without authorization.

While SSL encryption provides privacy and protection to both corporate and individual user information, the lack of visibility into network traffic flows that it brings can also make it difficult for network administrators to enforce corporate acceptable-use policies.

Additionally, SSL prevents IT organisations from ensuring that threats such as viruses, spam and malware are stopped before they reach enterprise resources.

Regulatory and other compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of SSL encryption.

This article explores the drivers behind the increase in SSL usage and the methods by which enterprises are dealing with SSL today. It also introduces a new solution that improves upon current SSL deployments by removing the problems that existing methods create.

SSL: The handshake that requires scrutiny - [Secure Computing Magazine]

Originally posted on Thu Jul 12, 2007