When a small nonprofit declares a goal as lofty as encrypting the entire web, it can expect to be met with skepticism.
But a San Francisco-based organization – The Internet Research Group (ISRG) – appears to be making some substantial progress toward its vision of making the internet a more private place to be, one site at a time.
ISRG’s Let’s Encrypt campaign is helping to encrypt the web by making it easier for millions of sites to move from the unsecured HTTP protocol to the encrypted HTTPS protocol. The nonprofit is accomplishing this by acting as a certificate authority, which verifies the authenticity of a site and issues the certificate needed to make that site work with a user’s Web browser. While commercial groups offer these authorization services, Let’s Encrypt stands apart in providing them for free, supported by sponsorships from several leading tech companies. All told, Let’s Encrypt has aided in the encryption of approximately 3.8 million sites to date.
Encryption makes web traffic, communications and other data much more difficult to intercept and interpret, so it should be a fundamental part of the modern Web. And the Let’s Encrypt certification authority service can help organizations of any size achieve the encryption they need on the public-facing web, making traffic more private.
However, it’s important to understand that this is not the be-all-end-all solution for deploying encryption within most organizations. Full-lifecycle encryption – where data stays encrypted at rest on data services, in transit and in the cloud – is a must for any group that works with sensitive data.
Properly implementing encryption across a full data lifecycle and ensuring that it functions effectively is easier said than done. There are several common pitfalls when it comes to making encryption work, including choosing the right configuration and FedRAMP. But there are also numerous solutions for overcoming them.
Lunarline offers a range of services to help organizations achieve the encryption they need, from cyber security courses on encryption management to assessment services evaluating encryption effectiveness.