As part of our ongoing commitment to cybersecurity and ensuring the highest standard of data protection, we keep track of when current protocols for cybersecurity become outdated and adapt accordingly. Recently, we have released new endpoints for our web services that utilize the most up to date versions of the TSL protocols, replacing our old endpoints https://ws.serviceobjects.com and https://wsbackup.serviceobjects.com with new endpoints of https://sws.serviceobjects.com and https://swsbackup.serviceobjects.com.
We have updated these endpoints on our end, from mentions and code on our developer guides to our blogs, so that our information remains accurate and up to date. It may seem like a minor change, but there are important ramifications behind this update, all in the name of security. This article discusses the process that this update affects, why this update is necessary, and how you can ensure that you are using our services securely.
The Encryption Process
The act of encryption involves scrambling data before sending it over the web, making it nearly impossible to decode unless it is decrypted at the data’s destination.
The encryption protocol used here is known as SSL, or Secure Sockets Layer. This protocol involves the data being jumbled before being sent over the web, and being unscrambled after the server it was sent to provides proper authentication, otherwise known as a handshake. This protocol is used by HTTPS, or Hypertext Transfer Protocol Secure, to ensure that the data remains secure versus normal HTTP links.
SSL was the initial protocol, but over time a different protocol was released known as TLS or Transport Layer Security. At the time of the release of TLS 1.0 version it was virtually indistinguishable from SSL, then in its 3.0 stage, and the term SSL was commonly used interchangeably to describe this type of protocol. However, SSL has not continued to update while TLS has released new versions, such as 1.2 and more recently 1.3, so this is no longer accurate.
The New Endpoints and How to Use Them
We have made this update to our endpoints because we are deprecating our support for TSL 1.0/SSL 3.0. These versions of TLS/SSL are outdated and do not provide the level of security that fits our expectations anymore, unlike TLS 1.2 and 1.3. Our new endpoints support up to TLS 1.3, and we recommend that your systems are updated to utilize at least TLS 1.2 to gain the security benefits of these new endpoints.
You will also need to update the old webservice endpoints to the new endpoints. If you are using HTTP instead of HTTPS, this update will not affect you, but you will not be gaining the benefits of the secure encryption that HTTPS provides with TLS. We highly recommend using HTTPS over HTTP because, when data is sent in clear text over with HTTP without any encryption, it is very insecure and leaves your data vulnerable on the web.
This issue is particularly important when you are transferring sensitive data such as Personal Identifiable Information (PII), which includes credit card numbers, social security numbers, financial account records, names, addresses, phone numbers and even emails and more. HTTPS is the standard for keeping important data secure, and you need to use it if you want your data to remain safe.
Need Help?
If you are having any difficulties making the switch, or if you are experiencing any issues after updating, you can reach out to our Support team or call us at 1-805-963-1700. Our team is more than willing to help, especially when it comes to providing the highest level of security for our users.