1.
@ema_research
TLS 1.3’s Fourth Anniversary:
What Have We Learned About
Implementation and Network
Monitoring?
Christopher M. Steffen, CISSP, CISA
Managing Research Director
CSteffen@enterprisemanagement.com
Ken Buckler, CASP
Research Analyst
KBuckler@enterprisemanagement.com
Sponsored by

2.
Watch the On-Demand Webinar
• TLS 1.3’s Fourth Anniversary: What Have We Learned About
Implementation and Network Monitoring? On-Demand Webinar:
https://info.enterprisemanagement.com/tls1.3-fourth-anniversary-
webinar-ss
• Check out upcoming webinars from EMA here:
https://www.enterprisemanagement.com/freeResearch

3.
@ema_research
@ema_research
Featured Speaker
Chris brings over 20 years of industry experience as a noted information
security executive, researcher, and presenter, focusing on IT
management/leadership, cloud security, and regulatory compliance.
His technical career started in the financial services vertical in systems
administration for a credit reporting company, eventually building the
network operations group, as well as the information security practice
and technical compliance practice for the company before leaving as
the Principal Technical Architect. He was the Director of Information for
a manufacturing company and the Chief Evangelist for several
technical companies, and also held the position of CIO of a financial
services company, overseeing the technology-related functions of the
enterprise. He currently leads the information security, risk, and
compliance management practice for Enterprise Management
Associates (EMA), a leading industry analyst firm that provides deep
insight across the full spectrum of IT and data management
technologies.
Chris holds several technical certifications, including Certified
Information Systems Security Professional (CISSP) and Certified
Information Systems Auditor (CISA), and was awarded the Microsoft
Most Valuable Professional Award five times for virtualization and cloud
and data center management (CDM). He holds a Bachelor of Arts
(Summa Cum Laude) from Metropolitan State College of Denver.
© 2022 Enterprise Management Associates, Inc. 3
Christopher Steffen
Managing Research Director
Information Security, Risk and Compliance Management

4.
@ema_research
@ema_research
Agenda
© 2022 Enterprise Management Associates, Inc. 4
Introduction
1 2 3
Security Trends Organizations
That HAVE
Implemented
TLS 1.3
4
Organizations
That HAVE NOT
Implemented
TLS 1.3
5
Conclusions

5.
@ema_research
@ema_research
Sponsors
5
© 2022 Enterprise Management Associates, Inc. @ema_research

6.
@ema_research
Introduction

7.
@ema_research
@ema_research
Demographics & Methodology
7
Sample Size = 208
© 2022 Enterprise Management Associates, Inc.

8.
@ema_research
Security Trends

9.
@ema_research
@ema_research
What was the primary
motivation to
implement TLS 1.3 in
your organization?
© 2022 Enterprise Management Associates, Inc. 9

10.
@ema_research
@ema_research
© 2022 Enterprise Management Associates, Inc. 10
How concerned is your
organization that TLS 1.3
may disrupt existing
network and security
monitoring functions?

11.
@ema_research
@ema_research
Which of the following
best describes your
security team's view of
network encryption?
© 2022 Enterprise Management Associates, Inc. 11

12.
@ema_research
Organizations That Have
Implemented TLS 1.3
12

13.
@ema_research
@ema_research
Did enabling TLS 1.3 on
your organization's
enterprise network
require a change in
your network/security
architecture?
© 2022 Enterprise Management Associates, Inc. 13

14.
@ema_research
@ema_research
What benefits has your
organization realized by
implementing TLS 1.3
within your enterprise
network?
© 2022 Enterprise Management Associates, Inc. 14

15.
@ema_research
@ema_research
Is business traffic for
employees working
remotely encrypted
using TLS 1.3?
© 2022 Enterprise Management Associates, Inc. 15
Do you require third
parties/vendor/contract
or connections to use
TLS 1.3?

16.
@ema_research
@ema_research
Has your organization
experienced any
security incidents/
breaches as a result of
the loss of visibility due
to the implementation
of TLS 1.3?
© 2022 Enterprise Management Associates, Inc. 16
At any point during your
organization's TLS 1.3
implementation, were
you forced to roll back
the implementation due
to lack of visibility?
Did enabling TLS 1.3 on
your organization's
enterprise network have
a negative impact on
the user experience
from being forced to
decrypt traffic?

17.
@ema_research
Organizations That Have
Not Implemented TLS 1.3

18.
@ema_research
@ema_research
How would you rate
your organization's
security concerns about
implementing TLS 1.3?
© 2022 Enterprise Management Associates, Inc. 18

19.
@ema_research
@ema_research
Has the adoption of TLS
1.3 by most industry
technology vendors
impacted your plans
not to adopt TLS 1.3?
Does TLS 1.3 create
more of an operational
or security issue for your
organization?
How concerned are
you that TLS 1.3 may
break existing security
controls?
© 2022 Enterprise Management Associates, Inc. 19

20.
@ema_research
@ema_research
Did the lack of security
talent/lack of security
resources impact your
decision to NOT
implement TLS 1.3 in
your organization?
© 2022 Enterprise Management Associates, Inc. 20

21.
@ema_research
@ema_research
© 2022 Enterprise Management Associates, Inc. 21
You indicated that your
organization would not
implement TLS 1.3.
Below is a list of
potential issues with
deploying TLS 1.3.
Please rate each
reason according to its
relevance to your
organization.

22.
@ema_research
Conclusions

23.
@ema_research
@ema_research
© 2022 Enterprise Management Associates, Inc. 23
Conclusions
Visibility and monitoring
considerations remain the
biggest obstacle to
adoption.
Resource and
implementation costs are
significant.
Remote work, regulatory
and vendor controls, and
improved data security are
drivers.

24.
@ema_research
@ema_research
Get the Report!
Learn more and download at
http://bit.ly/3VDy3yl
© 2022 Enterprise Management Associates, Inc. 24