Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Secure Websites Are Now the Norm: Is Yours Trusted?

Trust is difficult to quantify. While it is a word we are all familiar with and use practically every day, the internet provides many challenges for those of us looking to trust where we can disclose our personal information and fully understand with whom we are communicating to give that trust. Welcome to the world of certificate authorities (CAs) and internet browsers.

Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge are the most well-known browsers we use to make purchases, view health records, pay taxes and so much more. What many users do not know is there is a system in place in which browsers trust CAs and include them in their products. This enables encrypted web connections.

Perhaps you have noticed the green lock icon in the address bar while surfing the internet. This is possible because a CA has issued a certificate to the entity controlling the website and that CA is trusted by the browser. Some degree of technical magic takes place behind the scenes where this trust is confirmed, and the lock is displayed.

Merchants need to secure their domain or site in order to collect sensitive data (payment card information or personally identifiable information) - and this is also required for compliance with key compliance mandates, such as the Payment Card Industry Data Security Standard or the General Data Protection Regulation.

How does a CA become trusted by a browser? Each browser maintains a root store policy that is publicly available on its respective company web pages. These policies outline the requirements a CA must complete to gain and maintain trust. Generally, an independent, third-party audit must be completed to confirm all the requirements have been met. Once the audit is complete without issues, the CA must apply to each browser's root store, per the inclusion requirements. Yearly audits continue to maintain trust. From the start of the process as a new CA until ultimately being added to the browser root store can take years. Trust is not easily attained. It is, however, quickly lost without diligence.

The importance of digital certificates continues to grow, as Google helps lead the push for a fully encrypted internet. Beginning this summer, the Google Chrome browser will show websites without certificates to be "Not Secure" in the address bar. If you have a website, be sure to get a digital certificate to avoid it displaying this message and likely losing trust from your users.

CAs must maintain trust with other parties as well. A community of security researchers and interested parties regularly discuss CA activities. And there are public discussion groups which address topics such as mis-issued certs, policy updates and best practices. The Mozilla Dev Security Policy group is a notable example. Through policies, browser manufacturers require that CAs follow these discussions to maintain trust. They are also required to report issues and confer about remediation steps/schedules for issues that have been identified.

The Trustwave CA story is one with a long history. It has been a trusted CA for more than 10 years. Trustwave is Webtrust audited every year. It is a founding member of the Certificate Authority/Browser (CA/B) Forum and is an active participant in industry best practice discussions.

Learn more about Trustwave digital certificates.