What If You Get Bad Reviews | Kinetic Knowledge

So, Why Does Google Want Us To Use SSL?

SSL Defined by Kinetic KnowledgeDefine SSL

To start, SSL stands for Secure Socket Layers. Typically, when you look at the URL of a web page in your browser you see HTTP://URL.com. The ‘HTTP’ stands for ‘Hyper Text Transfer Protocol’, which is techie for ‘how information is shared between a browser and the website server’ that it connects to in order to visit a website.

Add an ‘S’ to make it HTTPS://URL.com and you NOW have ‘Hyper Text Transfer Protocol Secure‘, which secures information shared between a browser and the website. ‘SSL’ or that ‘S’ is the standard technology for establishing a secure connection between browser and website server. This became particularly relevant in 2014 when the ‘Heartbleed bug‘ became public knowledge. This bug allowed people (= hackers or spies) with ill intent to listen in on traffic being transferred. It gave them an ability to read the data. The bug was patched, but the incident was a huge wake-up call that encrypting user information over the internet is necessary; that it should not be an option.

SSL protects website visitors, in some cases even you (for instance when logging in), when they visit your website! It is not website security , for instance where things like firewalls and nefarious IP address identification & blocking matter.

But What Does SSL Really Do?

When the link between browser and website server is ‘SSL’ it ensures that all information passed between the two remains private and integral. Or when a page is only ‘HTTP:’ it is possible that third party computers can get between that browser and website connection and see the information exchanged to the website server. A huge issue, for instance if a visitor to your website is passing sensitive data like credit card information into a data entry form or a credit card purchase form. When SSL is used the information becomes encrypted or unreadable to all but the website host server receiving the information.

Why Is Google After Us All To SSL our website pages?

Nowadays Google’s Chrome browser adds an icon upper left to distinguish sites with SSL from those without. Some would argue the folks at Google are good samaritans doing their best to inform and motivate safety online. Others would argue keeping everyone safe is good for Google’s business. It’s likely that no one would argue that safety online is anything but good; so the question becomes how to motivate website owners to set about protecting their visitors?! Solution: try the insecure icon ( i) Google Chrome now uses to point out that a site is not HTTPS:// in order to help motivate these same website owners. And certainly it is good for those of us who’d like to use the Internet without concern for our own information theft.

And so Google’s influence has become a driving factor in SSL adoption. Especially because they announced it was going to add the use of SSL as a ranking signal for comparing website pages. They didn’t say where the weight of the signal sits in what is universally believed to be as many as 200 ranking signals, but we can probably assume (at least) for E- Commerce websites it’s high. For the balance of websites maybe not so much yet, BUT if not it is going to become highly weighted for all sites soon.

Detail: starting in 2017 Google Chrome (the browser) is adding a prominent locked icon (upper left) to its browser for when a page is ‘HTTPS’, regardless of whether or not it is e- commerce capable. When not, the icon says “insecure”. There are  a number of different SSL certificates you can choose from, some determined by need, some related to hosting and each offer various levels of trust at different costs with varied execution requirements. 

Will SSL Suffice So Far As Web Security Goes?

SSL is not equal to all the security one needs! What’s more, SSL is about protecting visitors to a website and not the website owner itself. NOTE: there is no security absolute! Keep in mind, the security threat landscape always evolves. Security is about risk reduction, not risk elimination because the risk will never be zero.

Security is a continuous process; it is as much about securing and hardening a local environment, the user’s online behavior and personal internal processes, as it is physically tuning and configuring website connections and installations. Security stems from three things: people, process, and technology. They’ve got to work in synchronous harmony to truly minimize the risks at hand. More soon!!