Baytouch's position on the enhanced web security standards

Tuesday, 9 Febuary 2015

At Baytouch, we take our systems’ security and protection of our clients’ data with the utmost seriousness so this briefing details how web security is evolving and being enhanced, because it might catch some of our clients unawares.

With the increasing focus on web security across the board, commercial companies are aiming to maintain the public’s confidence in secure online systems that are the heart of our commercial and personal lives as well as prevent unwarranted prying on our web activities by security agencies the world over, so it seems overnight that there is a concerted effort going on by many stakeholders to ramp up web security.

Java updates

With Java which is used within our systems as a platform agnostic enabling program for the check out/check in, version control and edit-in-line functionality, the authors, Oracle Corpration, release regular updates and the browser providers almost immediately "demand" you implement the update. There may have been leeway in the past to run with older versions but this is no longer the case, so in order to be able edit Microsoft Office documents through a web browser which Baytouch has facilitated with Java - the only other technology to do this with would be Microsoft's ActiveX which limits browser support where Microsoft's IE is no longer all-dominant on the web.

SSL Certifcates and the move from SHA-1 to the SHA-2 standard

And there are other changes we are undertaking behind the scenes to do with the SSL certificates that protect our websites.

To cut to the chase, Google is driving the move to stronger keys, which cost (us) more if we want the "green bar" in the browser (see link below) and any ordinary website without an SSL key be demoted in Google's search rankings to oblivion.

Furthermore, if you are using Google Chrome, you will find over a period of the next year or so that they will actually deprecate weak SSL certificates by flagging them in Chrome, then eventually preventing you from getting on to a weakly SSL-protected website.

As this article clearly articulates:

    "By rolling out a staged set of warnings, Google is declaring a slow-motion emergency, and hurrying people to update their websites before things get worse. That's a good thing, because SHA-1 (a "crackable" encryption key set) has got to go, and no one else is taking it as seriously as it deserves."

Technical, we know, but rest assured, Baytouch is fully up to speed with what is happening and is taking the appropriate steps to implement and secure our clients' websites to the highest standards.

For their part, clients and users of Baytouch systems, and many others, must appreciate that the days of running 6+ year old PC operating systems - we're looking at you, XP FP3 users - and the now outdated browsers IE7 and IE8 ceasing to be supported early next year, are now history.

If you want unfettered access to Internet resources, you will be forced to upgrade your systems far more frequently and keep in step with all upgrades available for your particular PC setup, Java, browser, operating system, et al.

So there we have it, clients complaining that their access to Baytouch systems has ceased with security error warnings might be that they need to upgrade some element of their system.

In the meantime, if you have any questions or concerns, please don't hesitate to contact Baytouch.