With the pandemic locking everyone at home, many started looking for side hustles, including creating websites. However, without proper security measures, it might not take long for a business to shatter.
Building a strong company begins with security. Although there’s often a misconception that only huge enterprises are at risk, felons don’t discriminate – small businesses are also targets.
To secure a website and create trust between a company and a customer, it’s important to offer a secure and private connection. This can be done by choosing the right hosting provider with unlimited service offerings and implementing SSL certificates to each page of the website.
So, we’ve asked the Co-Founder and the CEO at Securely (a company that specializes in digital certificate lifecycle management), Dror Belleli, to give us more insights about digital certificates, their importance in cybersecurity, and what happens when they expire.
How did Securely originate? What has your journey been like so far?
Securely Ltd was established in 2016 following a joint venture between Gal Alton and Dror Belleli, which started in 2010. During that time, we provided consulting IT services to many Israeli organizations. We have noticed our customers are experiencing system downtime of services and servers due to the expiration of SSL certificates. In late 2010, we released our first product, Digital certificate Management (DCM), to monitor SSL certificates and collect MS-CA certificates.
It was a great success, and after a short period, we managed to install DCM at several financial companies in Israel. In 2015, almost all of the Israeli banks and insurance companies used our product to control the SSL inventor. In time and based on market demands, we added additional functionally to support full lifecycle management of digital certificates, including issuance, revocation, renewal, and more.
The next step was to have some success overseas. So, we installed DCM at three Brazilian banks together with a local partner in 2015. One of them was Bradesco, which is considered one of the three largest banks in Brazil. After this success, we started our overseas activities, and today, we have customers in Israel, the USA, Brazil, Germany, Slovakia, and India.
In 2017, we rebranded our product from DCM to C-View, and we came up with a new product based on newer technologies. Today, we are planning to expand to other countries in Europe and increase our market share in the USA, Latin America, and the far east.
Can you tell us more about your C-View solution? What features make it stand out?
C-View provides centralized management of certificates and Public Key Infrastructure (PKI) which gives full visibility of the certificate’s location and status. This solution enables the organization to follow the cryptography security policy and comply with relevant regulations. Lifecycle management includes issuing, revoking, renewing, and monitoring the expiration of certificates. Integration with existing DevOps within the company is enabled by using C-View lifecycle REST API.
You describe simplifying and spreading the use of PKI solutions as one of your goals. Could you elaborate on that?
During years of experience, we notice that many organizations lack knowledge regarding the internal PKI and how to manage it correctly. Many IT guys look over the PKI as a black box. When we developed the C-View solution, we aimed to simplify the way specialists, or any other related employees work with the internal PKI.
Could you briefly explain what PKI solutions entail?
A Public Key Infrastructure (PKI) is a set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, revoke digital certificates, and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities, such as eCommerce, Internet banking, and confidential email. It is required for activities where simple passwords are an inadequate authentication method and the more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. The C-View solution is a software layer that manages the PKI.
Do you think the pandemic altered the way organizations approach cybersecurity?
Indeed, since the pandemic, many organizations had to deal with the transfer of workers to remote work. As a result, everyone had to invest a great deal in the cyber field both in terms of remote-control tools and protection tools that would provide security.
When it comes to customized cybersecurity systems, is this something businesses of all sizes should invest in, or is it only a necessity for large enterprises?
In my opinion, all organizations with access to the World Wide Web (WWW) must take care of the security of their data and identifications. There are hundreds of thousands of organizations in the world that are not enterprises and are considered small (SMBs) but hold important information about their customers. So, there isn't another option than to invest in cybersecurity solutions.
What are the main problems that come up when digital certificates are expired or invalid?
Here are the three main issues arising from expired or invalid certificates:
- Insecure website. SSL certificates ensure secure connections between a server and other web entities and approve that you are communicating with a validated website server. Once it expires, the website is no longer safe and secure, and it is vulnerable to cyberattacks.
- Brand name damage. Digital certificates are a cornerstone in building a trust-based relationship between your business and your customers. Once your SSL certificate expires, the browser will immediately flag your domain and warn any visitor accessing your website. This will dramatically reduce the traffic to your website. In addition, expired SSLs can lead to service outages which in turn damage both your reputation, customer trust, and revenue stream.
- Man-In-The-Middle attacks. When an SSL certificate expires, attackers can place themselves in the middle of a user’s browser or a web server, impersonating either one of them while these two try to communicate with each other. This creates a dangerous situation where the server is sure it is exchanging information with the user’s browser, and vice versa. Yet, the attacker is right in the middle and is able to view and harvest the sensitive data for malicious purposes. Such data often includes passwords, sensitive files, payment information, and PII among others.
Talking about casual Internet users, what security measures do you think everyone should use?
I would advise any casual Internet user to avoid using short and simple passwords and try adopting a Multi-Factor Authentication (MFA) approach. This way, you will reduce the risk of someone stealing your identity.
What does the future hold for Securely?
We plan to expand and distribute our solution worldwide. It's also our goal to help many organizations manage their digital certificate infrastructure simply and efficiently with fewer problems.