(WEB HOST INDUSTRY REVIEW) – Building trust online is a major challenge for businesses – and is all the more important given that some high-profile Web properties has led visitors to malware.
In his Wednesday presentation, “Protecting Your Cloud: Security, Trust, and Opportunities”, VeriSign trust services senior vice president Fran Rosch discussed the many ways in which companies can build trust into their hosted services. A great deal of the problems for organizations lie in the downloading of malicious code by a PC. Rosch noted that there were a handful of ways in which security has become more difficult: third-party ad networks, social networking, and phoney anti-virus software.
The anti-virus tactic usually involves a pop-up informing the user that a threat has been detected, and that they can download a free (or paid) application to eliminate the malware. Turns out that this download either includes malware, or targets the – sometimes gullible – users to buy other software applications. In some cases, Rosch noted, “It’s so hard to uninstall… that the only way may be to re-install the operating system.”
It’s also hard to remember that black hat hackers keep up with the latest paradigms, including social media. They know that people conduct themselves differently when they’re on sites like Facebook. For instance, one tactic was using a cartoon puppy that downloaded malware when clicked – and users would wilfully distribute it to their network of friends, likely because they assumed that it was just a silly, harmless thing.
So, misplaced trust is a key factor. “We have inherent trust in some websites,” Rosch said. It’s easy to assume that CNN or the New York Times are safe sites, but it’s not always wise. These sites and many more have fallen victim to third-party ad networks that deliver links to malware. The New York Times, for instance, had to rethink its advertising practices after individuals appearing to be from Vonage bought ads on its website, and started serving advertising that looked like it was from Vonage, but sent visitors to malware.
Where VeriSign fits into the building of trust is that it provides the technical capabilities to defend websites against threats, but also through identity authorization services that assure site visitors that they are on the site they think they’re on. “We’re not just SSL certificates; we have this brand power that can really drive business,” Rosch said.
