HTTPS adoption has more than tripled over the last year. The message about the value of SSL-encrypted connections is being heard loud and clear. However, that increase was from the startling low figure of 2.9 percent adoption. We’ve a way to go yet.
At the time of writing, HTTPS adoption stands at 9.6 percent. If the trend continues, which is by no means certain, well over half of sites will support HTTPS in a couple of years, but I think it’s still worth taking the time to explain why HTTPS adoption is a good thing for sites of all types, not just eCommerce stores, banks, and other handlers of sensitive data.
HTTP is the protocol of the web: it’s how browsers interact with servers, and how web pages find their way to users, shoppers, and readers. HTTPS is HTTP over SSL. The system built around SSL, more properly known as TLS, offers two major advantages: identity validation and encryption. Certificate authorities validate the identity of people who apply for a certificate attached to a domain, and that certificate is used to encrypt information travelling across the network.
But why would you want to encrypt information in the first place? A more pertinent questions is why wouldn’t you want to encrypt it. Data that flows over the internet unencrypted is subject to surveillance and interference by third parties.
A few years ago, implementing HTTPs was technically complex and potentially expensive. Today, for most smaller sites, it’s quick, simple, and free. But if that’s not enough, here are some more reasons.
It’s Good For Users
The obvious benefit of using HTTPs is that users can be sure no one can monitor their data while it transits the network — properly implemented SSL encryption is, for most real-world scenarios, unbreakable.
If a site is delivered over HTTPS, users have confidence the data they receive is sent by an entity that has legitimate control over the domain. That might not seem especially important, but it allows users to trust that the information they receive is the information that you intended to send.
Which brings us to the second benefit: users can trust that the content hasn’t been altered. When data is sent in the clear, anyone with access to the network between the user and the server can intercept the connection and alter the data. That includes the guy sitting next to them in a coffee shop and opportunistic bandwidth providers who like to inject their own advertising into other people’s web pages.
It’s Good For Site Owners
Offering encrypted and identity-validated HTTPS gives a site credibility. It assures users that the site’s owners care about security and privacy.
But there’s a more tangible benefit. Google likes sites that provide HTTPS. They like HTTPS so much that, all else being equal, web pages delivered over an encrypted connection are given an SEO bump relative to their non-secure competition.
Furthermore, browser manufacturers will soon change the way browsers refer to sites without SSL. Historically, if a site didn’t offer an HTTPS connection, browsers wouldn’t say anything about it. It was the default. Secure sites got the padlock and the green address bar (depending on the level of identity validation) but non-secure sites weren’t called out.
That’s going to change: over the next few months, browser developers will begin to show prominent warnings for any site that doesn’t offer HTTPS. They’ll be called out as insecure.
Given that there are many benefits to implementing HTTPS, and that it’s both free and easy to implement the minimum level of protection, which is all most blogs and content sites really need, it makes sense to choose security.
Editor’s Note: This blog article was written by an outside contributor – a guest blogger – for the purpose of offering a wider variety of content for our readers. However, the opinions and recommendations expressed in this guest blog are solely those of the contributor, and do not necessarily reflect those of The Security Awareness Company, LLC. If you are interested in writing something for us, please do not hesitate to contact us: firstname.lastname@example.org.