Web Insecurity: Security Costs vs Benefits: Should companies deploy SSL to deal with Firesheep?

[terriko]

SSL
by jeff_golden.

Yesterday, I talked about why end-users don't care about security and how that actually makes a certain amount of sense for them since the cost of behaving more securely can overwhelm the cost of an actual breach.

However, what I didn't talk about is whether this is true for companies. A single security breach in a single user account maybe doesn't cost a company much, but if breaches get common enough that they start losing users, it could be a problem with a much higher cost.

While users trying to protect themselves from curious folk with firesheep are counseled to use a VPN, website owners can choose to do encryption right from their end using SSL. But it was thought that SSL was computationally costly and even environmentally costly due to the supposed need for extra electricity and machines.

But who's been looking at what those costs actually are?

Read the rest at Web Insecurity

Comments

[heather_dev]

This is unsettling indeed. I deal with plenty of people who are happy to ignore warnings and common sense, so unfortunately I'm not all that surprised by the number of people ignoring the messages sent from LosHuertos in the original article. :/