As Google steps up its efforts to ensure a “secure web” in 2017 it adds complexity to each and every business owner’s life. It doesn’t have to give you a headache though, because I will help educate you.
Here’s the What, Why, and How that you need to know without all the confusion, hype, and misinformation that is swirling about.
What You Need to Know
I will stay as non-techie as possible here, but I want to define a few terms that you will see floating around so you know what’s what.
What is SSL?
It stands for secure socket layer. It essentially encrypts information from Point A to Point B. It doesn’t inherently make a site more secure per se because there are many factors that make up security. For instance someone can “securely” transport malicious code across a secure connection. So if you download something malicious across a secure connection you will still have an infected computer (and spew profanities!).
What SSL does do is ensure encryption of sensitive data across the open field of the web thereby thwarting “man in the middle” attacks. No one can spy on or steal the data from here to there.
What is HTTP and HTTPS?
Both are protocols for the web. Every website you visit is using it whether you are aware of it or not. The letters stand for Hypertext Transfer Protocol. The “S” in HTTPS stands for secure.
Why It Matters Now
In September, 2016 Google announced that it will start explicitly labeling HTTP connections as non-secure beginning in January 2017. In addition, Google had previously added encryption as a ranking factor for your site.
There are three reasons for this:
- Authentication: Addresses the issue of verifying ownership of your website.
- Data integrity: Refers to whether or not data on the site has been tampered with while in transit.
- Encryption: Refers to security of communications between client and server to ensure that no one else can read them.
Quoting directly from Google:
Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
Late in January there was a minor widespread panic in entrepreneurial circles on social media about this deadline. [Read more…]