We’ve recently enabled SSL on each of our client’s corporate websites to serve them over secure HTTPS connections.
What is SSL and why is it a good thing?
SSL stands for “Secure Socket Layer” and is a security measure added to websites to encrypt traffic between the server and the user’s web browser. It prevents tampering by third parties, effectively stopping “man in the middle” attacks, and encrypts all communications between the webserver and the browser.
Web traffic usually passes through numerous computers and nodes on its way to its destination, and each of these increases the chance of a 3rd party intercepting the traffic and reading its contents.
Websites using SSL – like ours – will have pages served over HTTPS instead of HTTP. In addition, modern browsers include further visual clues such as an image of a padlock as seen in Chrome, Firefox and Edge.
SSL is typically applied to sites which handle private information such as credit card data, or sensitive information including names, addresses and phone numbers. So why have we added it to our client corporate websites and investor microsites?
Perhaps the better question is why wouldn’t we add SSL to our client websites?
Encrypting the web as a concept is gaining momentum and you can see the upward trend of sites with SSL enabled by default over at built with where the red line represents the top 1m sites in the world:
As you can see, more and more websites are offering secure connections as standard, including those who do not handle any sensitive data, for the simple reason that SSL obscures web traffic from those who might be snooping and provides additional privacy for everyone.
As we’ve already highlighted, web browsers give visual clues for secure websites, and these can help to build trust with audiences. Seeing that a site is secure provides reassurances and demonstrates a level of awareness and professionalism towards website security and privacy.
Additionally, and in a move that is surely going to prompt more website owners to enable SSL, an upcoming Google Chrome update will see the browser highlight sites that aren’t secure. Currently non-secure is the “standard” and secure sites are labelled as such. In future you can expect Google Chrome to include a prominent “Not Secure” message next to the address bar. As you might appreciate, it’s the sort of message that promotes negative thought and reaction.
Another benefit of SSL is how search engines treat secure websites. Google has been pushing for SSL for some time and rewards websites using HTTPS with a boost in their search engine rankings.
The main disadvantage with SSL is usually perceived as cost. Thankfully, recent initiatives such as Lets Encrypt provide easy to install and renew SSL certificates at no charge, meaning cost is no longer a barrier. Let’s Encrypt have also partnered with various webserver solution providers to embed themselves and make enabling SSL easier than ever, so what are you waiting for? We’re pleased to have taken the plunge and hope to see many others following suit.