January 18, 2017

Why It’s Now More Important than Ever to Use a HTTPS Protocol and How to Introduce It to Your Website

Privacy is harder and harder to come by, both in the digital world and the real one.  However, while the decline of ‘real world’ privacy means that your favourite park bench might always be occupied, the lack of privacy in the digital world is potentially dangerous.  

The digital age has ushered in a new era of information sharing that has meant a change in online users’ perceptions of privacy.  While cinematic thrillers in the late 1990s depicted convoluted methods of using personal technology to track individuals’ locations, this feat can be accomplished today through none other than the location settings on our smartphones.  But, even more valuable than individuals’ whereabouts are their personal details – such as email addresses, physical addresses, and banking details – which they knowingly enter into various websites frequently.

The internet has certainly eased the pressures of adulthood, with almost every necessary transaction able to be made online.  While the payment of bills, resolution of account inconsistencies, and the week’s grocery shopping may have been an entire day’s labour before the prominence of the internet, it is all accomplishable today in a mere amount of minutes.  But, the amount of personal information needing to be transferred digitally in order to accomplish these tasks has made the threat of hackers far more real.

Businesses which leave their customers’ personal details open to attack may find such practice unfavourable on a number of levels should such an attack occur.  Aside from losing current customers, the business may garner a reputation based on a lack of system integrity, which could result in a dramatic loss of future business.  However, there are ways to strengthen security surrounding users’ personal information and enjoy various other added benefits.  One particular method is through the use of HTTPS.

What is HTTPS?

An acronym for Hypertext Transfer Protocol Secure, HTTPS is a protocol designed specifically for the protection of users’ personal information.  With ‘secure’ being the operative word, HTTPS ensures user confidentiality between his or her computer and the website being visited.  

If, for example, a user wants to make a product purchase or create an account on a given website, HTTPS is responsible for maintaining the integrity of the user’s information as it travels from the user’s computer to the website’s server – a transition which would, without the aid of HTTPS, leave the information vulnerable to hackers.

This is, of course, highly important in the modern age, with so much important and sensitive information being so easily available online.  Businesses which ensure a safer user experience will naturally be better regarded by customers.  It is thus important for all businesses wanting to increase their customer service, and their revenue, to make the move to HTTPS.

Security

 

How Does HTTPS Work?

HTTPS secures user data using a protocol known as Transport Layer Security, or TLS.  This protocol is often referred to as SSL as a result of its precursor, Secure Sockets Layer.  Yet, regardless of the name given to the protocol, both TLS and SSL serve the same purpose; the maintenance of confidentiality of user information.

TLS is a cryptographic protocol whose broad purpose is network communications safety.  Aside from online payments, TLS can be used to secure communications pertinent to web browsing, email, instant messaging, and Voice over Internet Protocol.  In essence, TLS can secure any and all communications transpiring between users and servers.

In order to effectively secure said communications, the TLS protocol makes use of various methods with a similar end result.  Depending on the circumstances, digital communication between a user and a server will feature one or more of the following TLS security methods:

1. Encryption:  Hackers known as ‘eavesdroppers’ often intercept personal information between the user’s computer and the server.  The TLS protocol creates communication security by encrypting the information during this transfer, rendering the information useless to eavesdroppers.  This also eliminates the ability of hackers to track the movement of the user between pages, and trace the user’s inputs.
2. Detection:  The TLS protocol performs an integrity check on each article of communication using a message authentication code.  Should the user’s information be corrupted or modified in any way during the exchange, the TLS protocol will detect the event.
3.  Authentication:  Hackers commonly create sites that mimic official websites in an effort to obtain personal information.  The TLS authentication method is used to prove that the user is communicating with the correct website.  This eliminates the ability of hackers to direct users to their own sites (known as man-in-the-middle attacks), and inspires user trust.   

In addition to the above methods, it is possible to configure the TLS protocol to obtain supplementary security.  A good example of this additional security is ‘forward secrecy’, which ensures that encryption keys discovered after the initial communication cannot be used to decrypt that communication in the future.   

What Are the Benefits of HTTPS?

Google securitySince HTTPS exists to promote user security, this is obviously one of its biggest benefits.  For businesses wanting to increase their client base through a reputation of great customer service, showing sensitivity to the user’s online experience is an excellent way to go about this.  By ensuring a safe environment in which to transfer valuable information, businesses can certainly elevate themselves in the eyes of their customers, as well as prospective customers.

When it comes to online dealings, trust is a major factor with regards to how customers approach businesses.  The reassuring lock icon located next to the web address in users’ browsers is a fantastic way to establish trust.  But, aside from bringing in new business, HTTPS is invaluable in maintaining a business’s clients.  The financial and logistical headache that comes with a site being hacked, or a client’s personal information being stolen, might just prove too substantial for many businesses to survive.

User safety is thus the core benefit of HTTPS.  But, there are various perks that come with switching to this protocol, and some of these exist in the marketing sphere.  While user trust might be immeasurable, despite it being a logical business booster, search engine rankings are absolutely measurable and stand to benefit from a website’s adoption of HTTPS.

A little over a year ago, Google brought a valuable piece of information to the fore regarding sites featuring HTTPS.  At a US Expo for digital marketers, Gary Illyes from Google shared the search giant’s data on HTTPS sites, which indicated that it has a small, but significant, part to play in search rankings.  In his talk, Gary identified 10 percent of the crawled sites on Google’s index as being HTTPS sites.  However, while this number may seem fairly small, many of these sites exist at the top of Google’s search rankings.

Of the 10 percent of indexed HTTPS sites on Google, 30 percent exist on the first page of results.  In other words, 30 percent of the first page of results for a given Google search is made up of HTTPS sites.  While this may have been disguised as an interesting anomaly at the time, the truth is that Gary Illyes himself is responsible for Google’s algorithm incorporating HTTPS as a ranking signal.

During his talk, Gary claimed responsibility for making HTTPS a ranking signal on Google.  After coming up with the idea, he brought Google’s Matt Cutts into the loop, whose enthusiasm for the prospect accelerated the design process and resulted in HTTPS signals being coded into Google’s algorithm a mere five months after the idea was conceptualised.  

The result is that HTTPS sites are considered by Google while its algorithm creates rankings.  In fact, as of December 2015, Google’s bots will give priority to HTTPS pages.  More specifically, when referencing sites, Google will favour a particular site’s HTTPS pages over its HTTP pages.  If it finds a HTTP page that it deems relevant for a particular search, it will always try to find a HTTPS version of that same page.  If it finds such a version, it will display that page instead of the HTTP page found in the original search.  

Though small in terms of its significance when compared to Panda, for example, HTTPS signals do Web securityhave the potential to impact a page’s search rankings.  And, with the level of competition for first page results, a small edge is exactly what businesses need.

So, in order to improve user safety and benefit from the gesture in search rankings, it is highly recommended that businesses make the move from HTTP to HTTPS.  While this may sound like a grand undertaking, it is entirely manageable. 

How to Introduce HTTPS to Your Website

If a business wants to improve client safety through HTTPS it needn’t create a new site from scratch.  It is possible to add the HTTPS protocol to an existing site, and this does not require a large amount of coding.  Furthermore, adding HTTPS to each page is not necessary, as this might slow down the site’s loading times in general.  Any business wanting to protect its users’ information needs only to isolate the pages of its website that require protection, such as the login and checkout pages.

Making the necessary pages secure simply requires the following steps:

1. Obtain a Dedicated IP Address
In order to use HTTPS, websites need to purchase SSL certificates.  And, in order to do this, many are required (or at least advised) to have dedicated IP addresses.  This may seem fairly straightforward, but many web hosting services have cheaper packages which share IPs between multiple sites.  Dedicated IP addresses ensure that all of the IP address’s inbound traffic is intended for a single website, which makes security more manageable.

2. Purchase an SSL Certificate
An SSL certificate is, in essence, a type of identification document for a given website which is used to prove its authenticity.  However, this document isn’t stored in the office’s safe, it is stored on the website.

An SSL certificate is merely a paragraph of characters (alphabetical and numerical) that is known only to the website which it represents.  When users visit the site via HTTPS the certificate is checked, and provides verification if it is found to be authentic.  It is thus responsible for the encryption that provides security for the user.

SSL certificates can be purchased from the Certificate Authorities (CAs), and retained for an annual fee.  However, this ensures that the given site is recognised by the CAs, and it provides the site with a security seal which encourages user trust.

3. Activation
This is a technical step of the process, so it might be best left to industry experts.  Hosting companies are also known to complete this step for certain sites, depending on their level of service.  Businesses opting to do this alone will have to generate a CSR (Certificate and Signing Request) which can be done through the hosting control panel.  This will be sent to the issuer of the SSL certificate in order to verify the website’s identity.

4. Installation
Once the certificate has been activated, it needs to be installed into the back-end of the website.  This can again be done through the hosting control panel, which will contain an option to install an SSL certificate.  This is also done by various hosting companies, so it is worth checking if this is an offered service before following this step.

5. Update Site Pages
The necessary pages should now be accessed by typing https:// before the URL (https://examplesite.com), but they won’t yet be accessed by users looking for those pages.  It is thus necessary to point users at those pages in order to protect them.  This can be done by updating the links between pages, such as the link to the Checkout page on the Home page.  In order to ensure that inbound traffic lands on the correct page, it is advisable to use a redirect command.  
      
With the above steps it is possible for businesses to make the move to HTTPS with fairly little disruption, and this is certainly advisable.  Aside from ensuring safe customer interactions, the use of HTTPS can positively affect search rankings.  With better customer care and the possibility of increased traffic, making the move to HTTPS cannot be seen as anything other than great business.