Development and future
of the
SSL market
in
Central and Eastern Europe
Arkadiusz Szczurowski
Table of content:
●
About us
●
SSL saturation worldwide: current situation
●E-commerce security in CEE
●
Validation types popularity
●Vendors: global and local CA
●
Financial Institutions in the region
●Endusers awareness
●
Summary: Threats and opportunities
About us:
SSLGURU.COM is a website designed to help consumers and companies who want a high level of online security. Our innovative SSL products are made for every level of e-business.
We provide all types of SSL certificates. On our website you can find SSL technology to secure domain names (one or more), emails, files, etc.
SSLGURU.COM also delivers highly functional tools that effectively help you manage SSL certificates. Clients and partners are welcome to use our advanced API SSL and
SSL saturation worldwide: current situation
E-commerce security in CEE
Every year we probe some of the e-commerce markets to check SSL technology
penetration. Here are some numbers from annual "Polish e-shops security report"
Page:
% of https
Log in
26
Registration
31
Purchase
36
All 3
23
Source: ”Polish e-shops security report” SSLGURU.com
In 2012 out of 462 tested e-shops:
39 %
of them had any kind of SSL
installed
9%
had weak cipher (1024 bits or less)
6%
E-commerce security in CEE
We are now conducting testsfor the 2013 edition of the report. Here are some preliminary results after 238 shops were tested. Almost all of tested websites have some sort of SSL technology implemented. The problem is a quality of certificates and their installation. 43% of certificates is issued for subject other then domain owner, most often external e-shop platform that provided complete
Validation types popularity
Domain validation is dominating e-commerce market: 195 e-shops are using it. Second, comes Organization Validation: 38 e-shops. We encountered only one Extended Validation certificate so far. Most popular are one and two years validity periods.
Vendor Popularity
Among e-shops in the region the
most popular CA are
Rapid
and
Alpha
. Popularity of those vendors is
caused by a high distribution of the
biggest local hosting providers.
Rising share of local CA such as
Certum
and
Domeny.pl
is worth
noticing.
It is disturbing that almost 10% of
e-shops relays on self-signed
certificates.
Financial Institutions in the region
Source: SSLGURU.com analysys of 145 small banks in CEE region
We have analyzed the websites of 145 small
banks in the CCE region in order to survey
the market. Nearly
25% of the analyzed small
banks had already implemented EV
certificates
. Most of them rely on
Organization Validation (OV) certificates that
will not display the green bar in the upper
left hand side of the browser. It is also worth
to mention that the
OV validation process is
not strict enough for highly trusted
institutions
such as banks. There are a few
banks that are using a
DV level certificate
that provides absolutely no confirmation
of
the website owners identity.
Financial Institutions in the region
Source: SSLGURU.com analysys ofSELF-SIGN
MISMATCH
F-lowest grade
End User awarness
We conducted surveys on events
and conferences between different
audiences to investigate what the
actual end-users know about SSL
technology. While casual users did
not recognize different types of
validation nor do they have a
working knowledge of how the
certificates work,
they understand
that the graphic signs like the green
address bar, padlocks, and
Summary: Threats and opportunities
At the beginning of 2013 the world is
paying a lot of attention to online security
concerns. Facebook, Twitter, and Evernote
have admitted to being
hacked. In the
United States a big topic of conversation is
the hacking operations that took part in
China and cost the US economy billions of
dollars. Because of this
privacy and
security are now more commonly
recognized as very important issues for
business and government.
Summary: Threats and opportunities
So what lies ahead?
We expect growth of the security market worldwide. Especially growing markets like CEE present big
potential for security companies. Despite the financial crisis, sectors like e-commerce and e-banking are expanding rapidly. So is the sector of cyber-crimes.
The threat of hackers, phishing, and data theft are
growing every year. Hence the growing need for secure
and reliable transactions.
Security solution providers
will have a key role in the market.
Source: APWG- Global Phishing Survey: Trends and Domain Name Use in 1H2012 http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2012.pdf