Jan 30, 2019 SOURCE: PR NewsWire

New EMA Research Examines the Adoption of TLS 1.3 in the Enterprise

BOULDER, Colo., Jan. 30, 2019 /PRNewswire-PRWeb/ -- Enterprise Management Associates (EMA(TM)), a leading IT and data management research and consulting firm, has released a new research report titled "TLS 1.3 Adoption In the Enterprise: Growing Encryption Use Extends to New Standard," based on criteria defined by Paula Musich, research director of security and risk management at EMA. This report sought to gauge awareness of and adoption plans for the new TLS 1.3 specification published by the IETF in August, 2018 as RFC 8446, and to better understand how enterprises are adapting to the growing use of encryption overall.

The TLS 1.3 specification was published in August 2018, ten years after its predecessor 1.2 became an IETF standard. The new standard lowers latency and improves the privacy of end-to-end communication, but it comes at a cost for enterprises. This is because it replaces the existing static RSA key exchange with the Diffie Helman Ephemeral (DHE) perfect forward secrecy key exchange, which requires that a monitoring solution has access to the ephemeral key for each session, rather than a static key per server. Although perfect forward secrecy existed in TLS 1.2, it was optional. In TLS 1.3, it is required. This makes it much harder for enterprises to passively monitor traffic to inspect for malware, data breaches, and malicious activity, as well as troubleshoot availability or performance issues on the network.

Some industry groups have expressed serious reservations over the ability to decrypt and inspect traffic for troubleshooting and possible malware using TLS 1.3. The good news, however, is that a healthy percentage of respondents in the survey are either already in the throes of enabling TLS 1.3 or plan to enable it in the near future, with 73 percent of respondents indicating that they have already begun enabling TLS 1.3 for inbound connections or are planning to enable it within the next six months. At the same time, 74 percent of respondents have either begun TLS 1.3 enablement for internal connections or plan to enable it for internal traffic within the next six months.

"There's no question that security practitioners are concerned about the security implications of TLS 1.3 and the potential to miss malware and attackers hidden in encrypted traffic, but that's not stopping enterprises from enabling TLS 1.3 in the near term," said Musich.

Some other key data points this research sheds light on includes:

    --  One of the biggest drivers behind the quick enablement of the new TLS
        1.3 standard is the early adoption of TLS 1.3 by major web services, web
        server, and browser vendors, including Apple, CloudFlare, Google, and
        Microsoft.
    --  When asked what their top three concerns were over the adoption of TLS
        1.3 by major web server and browser vendors with respect to their effect
        on internal web application and services development, 21 percent
        indicated they were most concerned about the increased development
        lifecycle time and cost.
    --  In terms of top security worries, twenty-seven percent of respondents
        indicated they were most concerned about losing visibility into the data
        center, while 24 percent were most concerned about losing visibility
        into the core of the network.
    --  Ninety-five percent of respondents indicated that their security
        architectures will need to change in order to accommodate TLS 1.3 and
        its perfect forward secrecy mandate.
    --  The survey asked respondents how concerned their organizations were that
        their existing security monitoring practices/technologies will miss
        malware hidden in encrypted files. Thirty-five percent of all
        respondents said they were either very or extremely concerned, while 36
        percent said they were somewhat concerned.

Despite publicized concerns about its implications for existing security architectures and the operational constraints it puts on troubleshooting problems on the network, however, security practitioners appear to be ready to embrace the new TLS 1.3 standard. The report delves into the strategies enterprises are implementing or plan to implement to enable this new standard.

A detailed analysis of the research findings are available in the report, "TLS 1.3 Adoption In the Enterprise: Growing Encryption Use Extends to New Standard."

Highlights from the report will be revealed during the February 28 Webinar, TLS 1.3 Adoption in the Enterprise: Growing Encryption Use Extends to New Standard.

About Enterprise Management Associates (EMA)
Founded in 1996, EMA is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals, and IT vendors at http://www.enterprisemanagement.com.

SOURCE Enterprise Management Associates, Inc.

Related News

GlobalSign Unveils Next Generation PKI Platform, 'Atlas,' to Ease Complicated PKI Management from Overburdened Enterprise IT and Security Teams

Department of Homeland Security Selects MetTel for Managed Security Services and as Primary Internet Access Provider

Team Cymru First Cybersecurity Partner to Join MANRS to Improve Routing Security and Keep the Internet Safe

China's Strong Internet Use Spurs New Opportunities in Enterprise SaaS, Digital Advertising

QuForce Emerging as World’s Leading Community for Post-Quantum Cryptography Experts, Academics and Enthusiasts

BullGuard Launches 2021 Premium Protection, Internet Security and Antivirus with Dynamic Machine Learning and Multi-Layered Protection

Internet of Things (IoT) Security: Technologies and Global Markets

Industrial Internet Consortium Chairs Share Plans for Future Industry Guidance

View all News

Latest Procurements

Herbicide resistance status of grain and cotton cropping regions - strategic insights for RDE

Market Sounding - Defence Infrastructure Panel – Construction Major Works

To assist the Commonwealth of Australia (Commonwealth), represented by the Department of Defence, in considering the potential establishment of a standing offer for the undertaking of major construction works described...

LONG TERM COMMONWEALTH LEASE IPSWICH QLD AND SURROUNDING AREAS

Exceptional Leasing Opportunity COMMONWEALTH LEASE

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Tambour Ltd.

Ingelnet de Colombia

Aerodynamic Metals Pte. Ltd.

View All Companies