SBRaaS … SHE’LL BE RIGHT as a SERVICE

Written By Dalia Habbak

Does anyone know why most public cloud providers only support up to TLS 1.2 for their cloud storage data-in-motion encryption? I mean as opposed to the latest and greatest TLS?

There is a traditional understanding that a trade-off between security and performance exists. However, with the latest TLS version 1.3, both security and performance are enhanced.

From a security perspective, TLS 1.3 has “cipher suites signing” plus removal of legacy symmetric encryption algorithms. From a performance perspective, TLS 1.3 handshake is simply “FASTER”. The client provides its cipher suites, then the server chooses one of them. End of story.

Yes, “FASTER” means a fraction of a second faster. However, in certain industries, microseconds are terminal.

Finally, the RFC for TLS 1.3 has been out since 2018 and I really cannot see a reason for not supporting it in the manner mentioned above. What do you think?

Dalia Habbak
Previous

Consulting Without Training … A Car With No Wheels
Next

Heard of AI? … How about Artificial DNA?