Encryption as the Cornerstone of Digitalization

We had the opportunity to speak with Managing Director Patrycja Schrenk of the PSW GROUP at CloudFest 2023 about the importance of encryption. We also discussed the history of website encryption and the future of the SSL market.

Hello Patrycja, could you briefly introduce to our readers what PSW does and what your main business is?

The PSW GROUP is a German company specialising in IT security solutions and training. The company was founded in 2000 by Christian Heutger and is headquartered in Fulda. PSW GROUP's services include SSL certificates, email certificates, anti-spam and anti-virus solutions, as well as cloud storage and backup services. The PSW GROUP has a particular focus on the needs of small and medium-sized enterprises, offering tailored solutions to meet the specific requirements of customers. Additionally, they provide training on IT security topics and consultancy services.

Looking at the SSL certificate market over the past 10 years, what changes have you observed?

At PSW, we have observed that the SSL certificate market has steadily grown over the past 10 years. Particularly since 2016, when Google announced that websites with SSL encryption would receive a ranking boost, we have seen significant growth. More and more websites and companies are adopting HTTPS encryption to ensure the security of user data and gain the trust of their customers. Simultaneously, SSL certificate technology has evolved with new standards.

Since 2015, there has been the free alternative for SSL certificates, Let's Encrypt. What is your perspective on this?

By introducing Let's Encrypt, SSL certificates are now offered free of charge. This is initially a positive development. However, there are also disadvantages when using Let's Encrypt certificates. The biggest drawback of using a Let’s Encrypt certificate is compatibility with older browsers and systems. Let’s Encrypt certificates are only offered with the lowest validation level "Domain Validation," which can be easier for phishing attacks to exploit. Furthermore, there is now a limitation on the number of Let's Encrypt certificates that can be ordered. Additionally, I wonder if the service will eventually be further restricted and potentially offer a paid premium service.

Can you tell us a bit more about Certification Authorities (CAs)?

A Certification Authority (CA) is an organisation that issues digital certificates confirming the authenticity of identities, organisations, websites, and devices on the internet. The certificates contain information about the certificate holder, as well as the name of the CA that issued the certificate. The CA verifies the identity of the certificate holder and confirms the accuracy of the information contained in the certificate.

Why is Organisational Validation of the SSL certificate so important for e.g. online shops?

Organisational Validation (OV) is a category of SSL certificates that provide a higher level of identity validation than Domain Validation (DV). With OV, CAs must ensure that the identity of the certificate holder actually corresponds to the organisation that requested the certificate. This is done by verifying company documents such as commercial register extracts and other legal documents.

OV is important for online shops as it provides customers with a higher level of trust in the authenticity of the shop and the protection of their sensitive data. The highest level of validation is provided by Extended Validation (EV) certificates. Previously, these SSL certificates were primarily used by banks. Today, EV certificates are increasingly seen on online shops or company websites. Due to the green address bar, it was easy for website visitors to see the identity of the website owner. Unfortunately, this is no longer the case.

Digital signatures have been a trend for several years. Could you also introduce your solution for this?

The PSW GROUP offers digital signatures for various application areas.

With digital signatures, documents such as invoices or contracts can be signed digitally, replacing signatures on paper documents in private or business processes. The signatures are certified according to the requirements of the eIDAS regulation and meet strict standards for identity validation. We have seen significant growth in this area in recent years, as it simplifies the process of contract allocation.

There are a variety of CAs that issue different certificates - comparing them can be challenging. What do you recommend to companies when choosing the right certificate?

I recommend that companies get in touch with our support. Based on their individual requirements, our staff will assist them in selecting the appropriate product.

Thank you very much for your time and have a great time in Rust!

The interview was conducted by Marco Keul, founder of hosttest, during CloudFest 2023 at Europa Park in Rust.

Image: Patrycja Schrenk in the interview