Businesses face an increasingly complex set of threats to their Web applications—from malware and advanced persistent threats (APTs) to disgruntled employees and unintentional data leaks. Although there is no single security measure than can prevent all threats, there are some that provide broad-based mitigation to a number of threats. The use of SSL encryption and digital certificate-based authentication is one of them. Changes in the way we deliver services, the increasing use of mobile devices, and the adoption of cloud computing compounded by the ever-evolving means of stealing information and compromising services leave Web applications vulnerable to attack.
SSL encryption can protect server-to-server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss. A later chapter provides a step-by-step guide to assessing your needs, determining where SSL encryption and digital certificate-based authentication may be helpful, planning for the rollout of SSL to Web applications, and establishing policies and procedures to manage the full life cycle of SSL certificates. In this chapter, we turn our attention to the combined risk of losing data and losing customer trust.