So let’s define SSL, which stands for Secure Socket Layers. SSL is not website security, for instance where firewalls identify nefarious IP addresses and block them from visiting the site. Nope, SSL encrypts or protects a web visitors’ connection from their browser to a website.
It used to be that when you looked at a URL in your browser you would see this: HTTP://WWW.URL.COM. The ‘HTTP’ stands for ‘HyperText Transfer Protocol’. That’s techie- speak for ‘how information is shared between a person’s browser and the website server, but it does NOT include encryption. Better yet, it is the connection someone makes via their browser to your website.
Now add an ‘S’ to make that HTTPS://WWW.URL.COM and you have ‘HyperText Transfer Protocol Secure‘, which encrypts information shared between the browser and website server. ‘SSL’ or that ‘S’ is the standard technology for establishing a secure connection between a human’s browser and the website server.
This kind of security became particularly relevant in 2014 when the ‘Heartbleed bug‘ became public knowledge. It allowed nefarious people (= hackers or spies) to listen in on traffic; it enabled an ability to read the data exchanged. The bug was patched, but the incident determined that encrypting user information over the internet was & is necessary. In fact, Google feels that it should NOT be an option because SSL protects all website visitors. In some cases, it protects YOU when logging in to your own website!
But What Does SSL Really Do?
When the link between browser and website server is ‘SSL’ it ensures that all information passed between the two remain private. When a page does not have SSL or maybe only ‘HTTP’ it is possible that third-party computers can get between the browser to website connection and see any information exchanged. It’s a huge issue, for instance, if a visitor to a website means to log in or if they share sensitive data like credit card information. When SSL is used the information becomes encrypted or unreadable to all but the website host server receiving the information.
Why Is Google After Us All To SSL Our Website Pages?
Nowadays Google’s Chrome browser adds an icon upper left to distinguish sites with SSL from those without. Some would argue the folks at Google are doing their best to inform and motivate safety online. Others might argue keeping everyone safe is good for Google’s business. It’s likely that no one would argue safety online is anything but good. Then how do you motivate website owners to set about protecting their visitors with SSL?! Solution: try the insecure icon (i) or even warning messages Google’s browser uses to point out that a site is not HTTPS: If people are reluctant to visit the website because of those warnings it will certainly help to motivate website owners to get their SSL. And certainly, it is good for those of us who’d like to use the Internet safely, without concern for our own information theft.
Google’s influence has become a driving factor in SSL adoption. They even announced they were going to add the use of SSL as a ranking signal when comparing website pages. They didn’t say where the weight of the signal sits in what is universally believed to be as many as 200 ranking signals, but we can probably assume that (at least) for E-Commerce websites it’s very high. There are a number of different SSL certificates one can choose from: some determined by need, some related to hosting, and each offering different levels of trust at different costs with varied execution requirements.
Will SSL Suffice So Far As Web Security Goes?
SSL is NOT all the security one needs! SSL is about protecting visitors to a website and NOT for the website owner herself. In fact, there is no one security absolute! The security threat landscape always evolves. Security is about risk reduction, never risk elimination because the risk will never be zero. See ‘The 4 Areas Of Security Businesses Need To Manage‘ to see more on this. Security is a continuous process; it is as much about securing and hardening a local environment, the user’s online behavior, and personal internal processes, as it is physically tuning and configuring website connections and installations. Security stems from three things: people, process, and technology. They’ve got to work in synchronous harmony to truly minimize the risks at hand!!