I heard my 12 year old boy exclaim to me in an exasperated voice when he asked to go a music site to listen to some music. I peppered him with questions as though I was interviewing someone for a job. What is the site? Do you see any security seals on it? How do we know if the site safe? By the time I was done grilling my son about the credibility of the site (“blah blah blah” to my son at this point) he exclaimed in frustration, “…but Mom…”
In that moment I understood the schizophrenic nature of the Internet itself. On the one hand, we appreciate the way the Internet can expand us in virtually every aspect of our lives – directly and intimately. And yet we seem to sense that the more dependent we become on our online network, the less secure we think our online interactions are becoming.
How we learn who to trust in the online world is at the heart of how we continue to use the Internet.
But trust is a BIG word – not easily won but very easily lost. And in the online world today, we know enough to know that there are many more threats are out there eroding our trust faster than our ability to even understand the nature of these new threats. We question whether sites are secure or whether hackers can steal sensitive information. We wonder whether we will be a victim of a drive by download attack. We rightly fuss that our computers will get destroyed by some virus. So we must proceed with caution especially when it seems like the bad guys are gaining the upper hand.
Can we learn to trust on the Internet?
I optimistically think we can. It’s not just wishful thinking on my part but reflects the reality of how the Internet is evolving to be more secure and to be more trusted. More secure because we are incorporating better security practices with better solutions that mitigate some threats. And it is more becoming more trusted because there is a new maturity surrounding group of specialized security companies called Certification Authorities. They are, in effect, the unsung Trust Police of the Internet.
What exactly then is a Certification Authority?
To get a definition, I start where every good tech wannabe geek starts, at Wikipedia; “In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates … for use by other parties. It is an example of a trusted third party.”
I continue my hunt, Webopedia gives this explanation. “…a trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual’s claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be.”
Now that’s more like it. Note that the main idea is that CAs are organized and built to create online trust. They issue digital certificates that attest to different elements of trust – site identity, site security and even whether content or information can be authenticated. In essence, CA’s are guys that do the heavy lifting in online authentication working to ensure that identities are verified.
Nor can any software company claim to be a CA as becoming a CA requires significant infrastructure to authenticate digital interactions. Plus becoming a CA means that you adhere to best practices and security standards reflective of the highest standards around and are subject to regular audits.
So it is this rarified breed of software companies that are doing important work by creating the basis for online authentication. They are creating the “Authentication layer” of the Internet to deal with the exponential need to authenticate all this online “stuff”. We want to authenticate our online surroundings and that’s where CAs come in. Today, CAs are already at the center of authenticating online interactions. When you see a gold padlock on a secure page, a CA has verified that the transaction is encrypted. When you see the address bar go green in IE7 that means a CA has authenticated the identity of the site owner.
These indicators are important in that they authenticate critical aspects of our online transactions. Other new ways to authenticate “stuff” are also being introduced. For instance, Comodo CA has a trust mark called HackerProof that authenticates that the site is safe from hackers. There is even a way to authenticate that web content to ensure that what you see is authentic.
More and more digital authentication is being introduced into how we browse and shop. CAs are leading the way in building this authentication layer enabling all of us to truly live in a trusted internet.