A new technology, called Keyless SSL, promises to quell security concerns among financial firms which have been reluctant to share their Secure Sockets Layer (SSL) keys across cloud platforms.
CloudFlare, a web security startup, announced today that a Keyless SSL development would allow organisations to not disclose their SSL tokens – used by companies to guarantee that their sensitive data is encrypted when being passed over a network.
The Keyless SSL technology is an advancement of the Transport Layer Security (TLS) protocol, which ensures the privacy of communication between websites and browsers. When a visitor accesses a secure site, such as financial portals, many tasks take place behind the scenes to make sure that all of the transactions and activities remain safe and private, including an exchange of unique SSL keys.
According to CloudFlare CEO Matthew Prince, for financial companies certain regulations pose problems for the exchange of SSL keys due to their sensitive nature.
For example, if the user accessing a financial site is based in a country far away from the data centre hosting the SSL keys, a big delay may occur as the browser tries to communicate with the organisation’s website.
CloudFlare have therefore created a keyless method whereby an additional server can stand in and request the necessary SSL key details from the host server and forward that information to the browser. In this way SSL keys do not need to leave the server on which they are hosted, and the original security protocols will still apply.
“Because this system keeps long-lived SSL private keys on-premise, it provides the same protection to those keys as conventional on-premise SSL solutions. This provides the security and performance benefits of managing SSL traffic in the cloud,” explained Jian Jiang, Independent Academic Researcher at UC Berkeley.
Prince and his team have been developing the Keyless SSL for over two years which will be available exclusively to CloudFlare customers.
Read the CloudFlare Keyless SSL release here.