14 Jun Chrome Kicking Up Website Authenticity: SSL Certs and HTTPS
In the last couple of years, Google has begun to wield the tremendous power they have over internet advertising, internet searches, and online video to help promote a healthier environment of security and a more user-friendly browsing experience on the web. This effort has taken the form of advocacy, training, and, most recently, the more aggressive move of implementing sanctions against websites who do not take part in security best practices.
Earlier this year, as a part of their participation in the Coalition for Better Ads, Google began enforcing compliance rules for how websites can display and deliver advertisements to their visitors. Websites who maintain pop-ups, auto-playing ads, and invasive full-page advertisements will now face consequences beyond user complaints. Google will issue warnings, AdSense/AdWords suspensions, and, in the case of repeated offenders, full bans from their advertising platforms.
While Google’s decisions around advertisements focus mainly on user experience, they’ve also taken on another equally important goal – the improvement of internet security as a whole. To accomplish this, Google has announced that they will soon implement in-browser warnings that will label sites that are not using HTTPS as “unsecured.”
If you’re not familiar with HTTPS, it is a more secure protocol for the transfer of data between sites and users’ devices. HTTPS utilizes two tools, TLS and SSL, which encrypt the data as it transfers from the user’s device to the website. This technique makes it extremely difficult for the data to be intercepted. Traditionally, HTTPS has been used for payment portals, banks, hospital patient logins, and the like, though more and more websites have embraced HTTPS as the technology has improved. Websites as regularly used as YouTube, Facebook, and Netflix are now able to implement HTTPS without any degradation of speed or accessibility.
If you feel like you’ve seen warnings about unsafe sites before, you wouldn’t be wrong; warnings for unsecured sites have been used by Google in the past to indicate websites that they believed were malicious or impostor sites. While it might seem severe to put sites that aren’t using HTTPS on the same warning as sites that are actively malicious, the way that malware, ransomware, and private data spying has progressed in recent years seems to indicate that Google is making the right move.
By taking a firm stance on HTTPS, Google is helping to make it the norm, which ultimately results in a safer internet for everyone. Although it does put the onus of change on businesses who do not currently run sites on HTTPS, the process to implement HTTPS has never been easier.
How Small Businesses Can Beat the Par and Get Ahead on HTTPS
While the implementation of HTTPS on your company site is probably best left to your web dev team, getting what you need to enable it is, surprisingly, more a manner of business than programming. Before you can implement HTTPS, you’ll need to get your hands on what is frequently referred to as an “SSL certification” or “SSL cert.”
An SSL cert can be seen as a temporary voucher from a trustworthy third party, known as a certificate authority, that a website can display in order for users’ devices to verify that the website is what it says it is. When a user visits a website, their browser will check the certificate against credible certificate databases. If it matches, the browser will usually display an icon indicating that the site is secure. Some browsers, like Safari, Chrome, and Firefox, will also allow you to click the icon to receive further information about the certificate, in case you wish to verify its legitimacy further.
As to how you can procure a trusted certificate for your business, there are actually many options. Most web hosting and web development platforms have partnerships with certificate authorities and can issue you a certificate as a part of their services packages. However, many businesses may be able to get better deals on certificate leases by purchasing directly from the major certificate authorities and certificate resellers.
According to research done by W3Techs in 2017, the world’s three leading certificate authorities are Comodo, IdenTrust, and Symantec, followed closely by GoDaddy. Symantec, already a well-established name in computer security, grew considerably in market influence following its purchase of VeriSign, a brand which many everyday users recognize as a result of their seemingly ubiquitous presence in eCommerce transaction management. These leading brands issue and verify certificates belonging to websites all over the world, and they also supply many of the certificates resellers and website development platforms have to offer.
If your company’s website isn’t HTTPS already, getting what you need can be as easy as reaching out to a company like Symantec. For basic SSL certificates from Symantec, prices can be less than half a grand, with tons of optional features you can add in as a benefit of buying directly from the certificate authority. If you run a webstore, many of the most popular eCommerce platforms re-sell SSL certificates for remarkably low prices as a benefit for their platform’s users.
Higher-end SSL certificate packages come with vulnerability consulting, subdomain coverage, and more. Keep in mind, though, that HTTPS isn’t a magic bullet; SSL and TLS can only protect information that is in-transit. You’ll need to be sure that your web dev team is maintaining local security and doing due diligence on the information that customers are providing you (if you’ll be taking payments and information from customers.)
A Safer Internet Depends on Responsible Web Use
In the end, no matter what initiatives major players on the web undertake, a safer, more productive internet will always boil down to cooperation between companies and consumers and personal responsibility with one’s websites and data. Inventive security standards like HTTPS are just tools to empower security-minded companies and consumers; without devotion to maintaining safe practices online, the best tools will hardly do anything at all. Thankfully, the incentives are high for everyone on the web. A safer web equals less stress, higher profits, and better products.