TLS 1.3 Adoption in the Enterprise: Growing Encryption Use Extends to New Standard
Abstract: In August 2018, the IETF published its TLS 1.3 transport encryption standard, 10 years after the previous TLS 1.2 version came out. The new version is not without controversy, given the mandate to use the Diffie Helman Ephemeral perfect forward secrecy key exchange and the encryption of the certificate itself. This mandate makes it much harder for enterprises to passively monitor traffic to inspect for malware, data breaches and malicious activity as well as troubleshoot performance problems. Given these implications, this research project sought to gauge awareness of and adoption plans for the new TLS 1.3 specification among IT and more specifically security professionals. Although it's no surprise that a majority of respondents expressed serious reservations about the new standard, it is surprising that many enterprises are either already in the process of enabling TLS 1.3 within their infrastructure, or are planning to do so within the next 6 months. The research also delves into what's driving the fast adoption, strategies for enabling TLS 1.3, and overall encryption practices and trends. |
Author:
|