Why Website Security That’s “Good Enough”, Isn’t
|Having an SSL/TLS certificate for your domain has long been a security best practice for website owners, whether you own one domain or dozens, and whether you process transactions or not. SSL/TLS certificates provide a measure of trust for your users and customers, especially when a certificate is issued by a reputable Internet security company, known as a Certificate Authority (CA).
The latest changes to the Google Chrome and Firefox browser rules are making SSL/TLS certificates more important than ever before. In fact, for many companies, having an SSL/TLS certificate will be vital to continued business operations. That’s because as of January 2017, if your site is collecting passwords or credit card information, Chrome will begin labeling sites as “Not secure” if the site is not encrypted. Even if you don’t process financial transactions, this new label will appear clearly in the address bar—and could have a significant impact on user engagement. It won’t be long before all websites will be subject to the same warnings.
While this new advanced website security standard goes into effect with the Chrome 56 release, Chrome is not the only browser discouraging use of unencrypted HTTP. Firefox Developer Edition displays a lock icon with a red strike-through in the address bar when a page containing a password field does not have an HTTPS connection. This feature was added to Firefox Beta in September 2016, setting it on the path to general release.
Ultimately all businesses will be impacted by these new warnings, regardless of the type of content on their websites. Whether a small business, midsize organization, or enterprise, they can also start taking advantage of the benefits of a secure site now, including higher search engine rankings, the ability to leverage HTTP/2 performance enhancements, and the ability to prevent third-party ad inserts, resulting in a better user experience.
The solution for domain owners is straightforward: Upgrade to an encrypted website by procuring an SSL/TLS certificate that meets users’ high expectations for privacy and lets customers know your site is safe. But there are many ways to accomplish this task, and not all of them are created equal. This paper provides more detail on Google’s short-term and long-term plans, explores the value of advanced website security, and outlines the features to look for in an SSL/TLS certificate.