"Evaluating The Use of Encryption Across The World’s Top One Million Sites"
A new study conducted by security researcher and TLS expert Scott Helme evaluates the use of encryption across the world’s top one million sites over the last six months. The study data reveals the need for a control plane to automate the management of machine identities in increasingly complex cloud environments. Helme stated that the data suggests progress has been made in some areas, but more education is needed to ensure that machine identities are used in the most effective way to protect the online world. Helme discovered that the use of TLSv1.2 has declined by 13% over the last six months, with v1.3 in use by almost 50% of sites, more than twice as many sites as v1.2. Helme stated that even though organizations are adopting stronger TLS protocols, they are failing to couple this with a move to stronger keys for TLS machine identities. Helme noted that industry-standard ECDSA keys are now used by just 17% of websites, up from 14% six months ago. Helme stated that 39% of the top one million websites still use slower, less secure RSA keys. Helme also found that growth in the adoption of HTTPS has plateaued at 72%, the same level as in December. Kevin Bocek, VP at Venari, stated that the recent boom in cloud migration means every business needs many more TLS machine identities to secure communication between devices, clouds, software, containers, and APIs.