ho- to video by kinetic knowledge

Why Does Google Want Us To Use SSL?

SSL Defined by Kinetic KnowledgeDefine SSL

SSL stands for Secure Socket Layers. Typically when you look at a web page URL in your browser you see HTTP://URL.com. The ‘HTTP’ stands for ‘Hyper Text Transfer Protocol’, which is techie for ‘how information is shared between a browser and the website server’ connected so that someone can visit your website.

Add an ‘S’ to make it HTTPS://URL.com and you NOW have ‘Hyper Text Transfer Protocol Secure‘, which secures information shared between a browser and the website. ‘SSL’ or that ‘S’ is the standard technology for establishing a secure connection between browser and website server. This became particularly relevant in 2014 when the ‘Heartbleed bug‘ became public knowledge. It allowed people (= hackers or spies) with ill intent to listen in on traffic or an ability to read the data exchanged. The bug was patched, but the incident was a huge wake-up call that encrypting user information over the internet is necessary; Google actions suggest that it should NOT be an option because SSL protects all website visitors. In some cases, it protects even you when logging in to your own website! SSL is not website security, for instance where firewalls identify nefarious IP addresses and block them from visiting the site.

But What Does SSL Really Do?

When the link between browser and website server is ‘SSL’ it ensures that all information passed between the two remains private and integral. Or when a page is only ‘HTTP:’ it is possible that third party computers can get between that browser and website connection and see the information exchanged to the website server. A huge issue, for instance if a visitor to your website is passing sensitive data like credit card information into a data entry form or a credit card purchase form. When SSL is used the information becomes encrypted or unreadable to all but the website host server receiving the information.

Why Is Google After Us All To SSL our website pages?

Nowadays Google’s Chrome browser adds an icon upper left to distinguish sites with SSL from those without. Some would argue the folks at Google are good samaritans doing their best to inform and motivate safety online. Others would argue keeping everyone safe is good for Google’s business. It’s likely that no one would argue that safety online is anything but good; so the question becomes how to motivate website owners to set about protecting their visitors?! Solution: try the insecure icon (i) Google Chrome now uses to point out that a site is not HTTPS:// in order to help motivate these same website owners. And certainly it is good for those of us who’d like to use the Internet without concern for our own information theft.

And so Google’s influence has become a driving factor in SSL adoption. Especially because they announced it was going to add the use of SSL as a ranking signal for comparing website pages. They didn’t say where the weight of the signal sits in what is universally believed to be as many as 200 ranking signals, but we can probably assume (at least) for E- Commerce websites it’s high. For the balance of websites maybe not so much yet, BUT if not it is going to become highly weighted for all sites soon.

Detail: starting in 2017 Google Chrome (the browser) is adding a prominent locked icon (upper left) to its browser for when a page is ‘HTTPS’, regardless of whether or not it is e- commerce capable. When not, the icon says “insecure”. There are  a number of different SSL certificates you can choose from, some determined by need, some related to hosting and each offer various levels of trust at different costs with varied execution requirements. 

Will SSL Suffice So Far As Web Security Goes?

SSL is not equal to all the security one needs! What’s more, SSL is about protecting visitors to a website and not the website owner itself. NOTE: there is no security absolute! The security threat landscape always evolves. Security is about risk reduction, not risk elimination because the risk will never be zero. Check out The 4 Areas Of Security Businesses Need To Manage to see more on this. 

Security is a continuous process; it is as much about securing and hardening a local environment, the user’s online behavior and personal internal processes, as it is physically tuning and configuring website connections and installations. Security stems from three things: people, process, and technology. They’ve got to work in synchronous harmony to truly minimize the risks at hand. More soon!!