Making The Switch To HTTPS
For online merchants, business owners and consumers, the threat of online theft ranks as a very legitimate concern. With every advance made in tightening online security and preventing malicious activity, hackers and con artists seem to further improve their techniques in order to keep pace. As a result, online fraud cost businesses billions of dollars in lost revenue each year.
In 2014, retailers lost $3.08 for every dollar of fraud they incurred, a 10 percent increase from 2013. Mobile fraud has helped contribute to driving these costs upward, as the cost of online fraud is higher when performed through mobile platforms. Considering the impact online fraud has on businesses and user experience, it’s not surprising that Google would fully embrace and encourage web developers to utilize any tools that would help protect user privacy.
For a while now, Google has recommended that websites switch from HTTP to HTTPS in order to improve security. Now Google has taken the next step and included HTTPS as part of the latest update to their webmaster guidelines. So what does this mean and how might it affect your website? Let’s take a look at what you need to know about the switch to HTTPS.
What Are Google’s Webmaster Guidelines?
Google’s search algorithm is one of the most valuable and highly guarded secrets in the world today. Google’s algorithm acts as the secret sauce that determines what results appear whenever a user conducts an online search query. The more you know about the information used to determine where a website appears in an organic search result, the better you can tailor a website so that it appears higher overall. To keep websites from gaming the system, Google keeps hidden the exact nature of its algorithm, which has lead to much speculation and scrutiny over the years.
What Google does make public is the company’s webmaster guidelines. Following the practices laid out in the guidelines “will help Google find, index, and rank your site.”
Think of the webmaster guidelines like instructions for best practices. The more your website adheres to the standards Google lays out, the higher your website is likely to appear in search results. Ignore what Google recommends and you risk having your website viewed as spam, which will not only cause your site to plummet in search results, but could also result in you getting banned from Google entirely. (Which raises the age old philosophical question: Does a website that fails to appear on the first page of a Google search even exist?)
In the most recent update to the webmaster guidelines, Google included new text relating to HTTPS that reads:
“If possible, secure your site’s connections with HTTPS. Encrypting interactions between the user and your website is a good practice for communication on the web.”
That Google would recommend HTTPS in its guidelines is a great step toward improving Internet security for users everywhere. It’s also a loud warning to website owners and developers that the time has come to switch to HTTPS or else risk suffering penalties from Google’s algorithm. In fact, Google has already begun the process of penalizing unsecure websites that appear in Chrome browsers. An upcoming update to Chrome will enable the browser to mark websites that are unencrypted as insecure, causing a red “X” to appear over a padlock located in the search bar. By taking this step Google is making it very clear that the company wants the web of the future to be far safer and better encrypted than ever before.
Local Fresh has already switched all of its clients’ websites to HTTPS to improve security and satisfy Google’s webmaster guidelines. It’s only a matter of time before this protocol becomes widely accepted by web developers everywhere.
HTTP VS. HTTPS
Okay, so other than one additional letter, what’s the difference between HTTP and HTTPS?
HTTPS stands for Hyper Text Protocol Secure and is the secure version of HTTP. Hyper Text Transfer Protocol is the protocol through which data is sent between a website and your browser. As the name implies, HTTPS helps your connection between website and browser become more secure by using encryption to protect the flow of information. While HTTPS has typically been used for sensitive online transactions like online shopping orders and banking, the improved protocol will now be commonly used to protect any information you share with the websites you visit.
Pages encrypted by HTTPS usually employ one of two secure protocols to protect communications: Transport Layer Security (TLS) or Secure Sockets Layer (SSL). Both SSL and TLS protocols use a Public Key Infrastructure (PKI) system. This type of system employs two types of “keys” to provide communications with a layer of encryption, a private key and a public key. Anything encrypted with the public key can only be read and decrypted with the private key and vice-versa.
It might help to think of the connection between a website and browser like having a meeting in a room with open windows. By switching to HTTPS, website owners can better ensure that their conversations with Internet users remains confidential by pulling the curtains and shutting the blinds. What goes on in that room now remains private, and is no longer subject to being viewed by someone standing just outside.
Improved Internet security benefits everybody. The move to HTTPS is a great step towards building a better, more secured Internet. With Google fully using its considerable influence to help spearhead the movement towards better encryption, it’s only a matter of time before HTTPS becomes the industry standard for website protocols.