Don’t Rely on SSL Encryption to Protect Your Organization’s Data

Does your organization use Secure Sockets Layer (SSL) 3.0 encryption for data protection? Doing so is a common practice among companies in many different industries.

But since last year, we at TitanFile have not supported the use of SSL 3.0 protocol and its earlier versions.

To protect your files, TitanFile uses a 256-bit encryption key and algorithms that U.S. government departments rely on to store Top Secret documents.

The SSL encryption method is outdated and no longer acceptable for merchants and payment processors, according to the Payment Cards Industry (PCI) Security Standards Council (SSC) – a global organization responsible for data security standards.

“No version of SSL meets PCI SSC’s definition of ‘strong cryptography,’” a bulletin that SSC posted to its website on Feb. 13, 2015 says. The announcement makes PCI the first regulatory body to publicly announce that SSL 3.0 – and its earlier versions – cannot protect data.

We wholeheartedly support this decision, and hope many organizations make the correct choice to find reliable encryption software.

SSL Data Breaches

The SSC’s decision to denounce SSL is partly the result of two data breaches in 2014:

  1. Heartbleed

Google’s security team discovered Heartbleed in April 2014. The bug steals Internet users’ cookies and passwords. As SSL encryption could not fight the bug, 17% of the world’s “secure” web servers were vulnerable to data breaches. OpenSSL, which protects web connections for online banking and credit card payments, was Heartbleed’s main target.

  1. POODLE

Google’s security team announced it discovered POODLE (Padding Oracle On Downgraded Legal Encryption) in October 2014. The attack explicitly targets SSL 3.0 and its earlier versions to access encrypted data. In fact, disabling SSL 3.0 is method to fight POODLE.

Data Security Recommendations for Your Organization

Based on PCI’s decision, an article in The National Law Review urges organizations to use other encryption methods.

Here are some actions the article recommends, which we find useful:

  • Work with IT professionals and those responsible for your website to learn if your organization uses any version of SSL
  • Disable SSL if it’s in use and immediately upgrade to a strong cryptographic protocol
  • Consider seeking out a reputable security firm to identify your organization’s encryption vulnerabilities and recommend how they be fixed

Your organization – be it large or small – should feel confident that data and files are securely stored. SSL can’t create this confidence.

>>Looking for secure file sharing software to protect your organization’s large and important documents? Contact TitanFile today to learn more or start your plan.

Enjoy this blog? You’ll also like: