Amazingly there are still a lot of websites out there that don’t implement any type of SSL connections. I still run across some e-commerce websites that aren’t even HTTPS compatible (and that’s a big deal!). I see people ask whether the cost and hassle of implementing HTTPS are even worthwhile. Though we certainly won’t pretend to know what’s best for your business, let me give you a few good reasons why running your website with HTTPS is important.
The Party With The Least Tech Pays
If you handle any sort of e-commerce at all, whether it’s selling a product, selling a service, or whatever the case may be, you need to have SSL implemented. There are no two ways about it. If you don’t you could be liable for severe penalties and fees if any sort of fraud happens on your site.
This extends back a few years when the United States started to transfer to chip cards. The transition to EMV enabled cards was long and painful. What ultimately started the push towards that transition was money.
Payment processors decided that when an instance of fraud occurred, the party with the least amount of technology footed the bill. This took pressure away from the banks to cover the cost of fraud, which to that point banks had traditionally bared that burden. This transition meant that if your local coffee shop issued a fraudulent transaction (Eg. Someone stole your credit card and used it at that coffee shop), and that coffee shop didn’t implement newer card readers than that coffee shop was then liable to foot the bill of that fraudulent transaction.
That is setting precedents.
If someone has fraudulent activity appear on their account, and they can prove it’s come from your webstore, or that their information was somehow leaked from your business, you’re going to be liable for it. You can’t depend on the banks to foot the bill for fraud anymore.
Google Search Rankings
We all want our web properties to rank well on Google. If they don’t, your business could take a massive hit. So, many businesses deploy SEO tactics to try and surface higher in search results. An entire industry has been built around tweaking websites for SEO. They keep track of the trends and changes in the major search engines. One of those more recent trends is Google ranking websites better with HTTPS connections.
Google has always been big on promoting security in the tech industry. They have been behind some major movements to change standard practice and force us all to behave better. One of those pushes has been through ranking websites better with an HTTPS connection. The idea is that if a website implements HTTPS, it’s going to be more secure and private for that website’s general audience. This wasn’t a default trend for web admins to implement SSL unless there was a reason why. Since Google has implemented this change to its search ranking algorithm, it has been.
HTTP2
HTTP2 has become all the rage recently. It’s a new addition to the HTTP standard, though it’s largely more of an HTTP 1.2 standard than a true HTTP 2.0 standard.
HTTP2 has the potential to streamline web server operations. It can save on technical debt. It has the potential to load web pages quicker, and most importantly, it’s more secure by default.
The HTTP2 spec itself doesn’t require HTTPS, though a lot of the technologies used behind it implement it. A lot of web properties and shared hosts are making the transition to HTTP2. If your company is going to consider making this switch, it’s worthwhile to implement SSL at the same time. Making your website HTTP2 compliant makes your website more future proof and reduces future operating costs.
Using SSL Is To easy To Implement Not To Use It
SSL was once difficult and expensive to implement and maintain. Web admins needed to purchase a security certificate from a certificate authority. Depending on the type of certificate being purchased, they could be extremely expensive. This process was long and arduous. Proving the validity of a website could be difficult, especially for regular people running their own websites. And many certificate authorities simply had poor reputations.
That’s all changed now. Organizations like Let’s Encrypt make that process free and easy. In fact, if you are capable of launching an Amazon EC2 instance and following directions to make a web server, you can get a security certificate and implement it with ease. Using Let’s Encrypt literally takes only a few minutes and a handful of commands. It’s far easier than building a LAMP stack.
Places like Let’s Encrypt do have their issues. I won’t deny that. They also only offer some of the least secure types of certificates. The reality is, though, that Let’s Encrypt is more than adequate for most website and internet businesses out there.
Top comments (0)