4 areas of web security for business | Kinetic Knowledge

So, Why Does Google Want Us To Use SSL?

SSL Defined by Kinetic KnowledgeFirst Define SSL

To start, SSL stands for Secure Socket Layers. Typically, when you look at the URL of a web page in your browser you see HTTP://URL.com. The ‘HTTP’ stands for ‘Hyper Text Transfer Protocol’, which is techie for ‘how information is shared between a browser and the website server it connects to’.

Add an ‘S’, make it HTTPS://URL.com and you have ‘Hyper Text Transfer Protocol Secure’, which secures information shared between a browser and the website. ‘SSL’ or that ‘S’ is the standard technology for establishing that secure connection between browser and website server.

SSL protects website visitors, in some cases even you (for instance when logging in), when they visit your website! It is not website security , for instance where things like firewalls and nefarious IP address identification & blocking matter.

But What Does SSL Really Do?

When the link between browser and website server is ‘SSL’ it ensures that all information passed between the two remains private and integral. Or when a page is only ‘HTTP:’ it is possible that third party computers can get between that browser and website connection and see the information exchanged to the website server. A huge issue, for instance if a visitor to your website is passing sensitive data like credit card information into a data entry form or a credit card purchase form. When SSL is used the information becomes encrypted or unreadable to all but the website host server receiving the information.

So Why Is Google After Us All To SSL our website pages?

Nowadays Google’s Chrome browser adds an icon upper left to distinguish sites with SSL from those without. Some would argue the folks at Google are good samaritans doing their best to inform and motivate safety online. Others would argue keeping everyone safe is good for Google’s business. It’s likely no one would argue that safety online is good, but how to motivate website owners to protect their visitors?! Try the insecure icon Google Chrome now uses to point out the site is not HTTPS:// in order to help motivate website owners. And certainly it is good for those of us who’d like to use the Internet without concern for our own information theft.

And so Google’s influence has become a driving factor in SSL adoption. Especially because they announced it was going to add the use of SSL as a ranking signal for comparing website pages. They didn’t say where the weight of the signal sits in what is universally believed to be as many as 200 ranking signals, but we can probably assume (at least) for E- Commerce websites it’s high. For the balance of websites maybe not so much yet, BUT if not it is going to become highly weighted for all sites soon.

Detail: starting in 2017 Google Chrome (the browser) is adding a prominent locked icon (upper left) to its browser for when a page is ‘HTTPS’, regardless of whether or not it is e- commerce capable. When not, the icon says “insecure”. There are  a number of different SSL certificates you can choose from, some determined by need, some related to hosting and each offer various levels of trust at different costs with varied execution requirements. 

Will SSL Suffice So Far As Web Security Goes?

SSL is not equal to all the security one needs! What’s more, SSL is about protecting visitors to a website and not the website owner itself. NOTE: there is no security absolute! Keep in mind, the security threat landscape always evolves. Security is about risk reduction, not risk elimination because the risk will never be zero.

Security is a continuous process; it is as much about securing and hardening a local environment, the user’s online behavior and personal internal processes, as it is physically tuning and configuring website connections and installations. Security stems from three things: people, process, and technology. They’ve got to work in synchronous harmony to truly minimize the risks at hand. More soon!!