Why HTTPS is Important
Posted by Timothy Platt on Apr 7, 2017
Why HTTPS is important for securing your website
If you haven’t already, you’ll soon hear – using HTTPS is important. And this applies whether your browsing someone else’s website, or providing a website for your clients or customers. What does this mean? We’ll explain below.
What is HTTP?
HTTP is the Hypertext Transfer Protocol. It’s the internet protocol by which web pages are provided from a website to your web browser. And this is a two-way channel – anything you supply back to the website – like your email address, credit card number, etc. travels along this same channel. And remember, data on the internet flows from one router to another, traversing multiple systems (controlled by various entities) before it arrives at its end destination. If any of that data is in plain text form (unencrypted), it’s readable by any system in the chain (or potentially by any person with access to said system).
Who might be snooping on traffic on the internet? Honestly, it could be anyone. The insights from the Wikileaks Vault 7 document dump provide a fascinating view into this topic. These “tricks” could be in use by anyone – nations, cyber-vandals, or cyber-criminals motivated by profit, etc.
What is HTTPS?
Ok, so what’s HTTPS? Hypertext Transfer Protocol Secure. It is HTTP delivered through a secure, encrypted connection. When you visit a website protected by HTTPS, the first step is your web browser and the web server negotiate encryption keys that will be used for the session. These keys are then used to encrypt the data flowing between the two end points – in both directions. This ensures that the plain text info (your email address, credit card number, etc.) are cryptographically encoded, and can only be read with the appropriate key. Only the proper recipient of that information can read it – and all those systems in the middle see nothing but encrypted data, which looks like gibberish. It also protects any cookies, the full URL path, and more.
For simplicity’s sake – remember the classic analogy – HTTP is like sending a postcard in the postal mail, HTTPS is like a letter in a secure envelope.
Why Your Website Should Support It
OK, so encryption is a good thing. Why haven’t we been doing this all along? Historically this encryption was a sizable drag on the CPU of the web server (all those cryptographic calculations), and it was only provided for very important information (again, usually on the order page – credit card number, order details, etc.). It also requires an additional network round trip request for the security key setup. But since then, CPUs have become very efficient at these calculations, and network connectivity has improved as well. So now, there’s no good reason to not provide an encrypted connection on EVERY web site, for every purpose. Firstly, it ensures your data (and that of your customers!) remains private (confidentiality), but secondly it also lets you (or your customers) verify the authenticity of the source of the information you are seeing (by positively confirming the source of the information.) Lastly, it helps ensure integrity – by ensuring the information isn’t modified or changed between the web server and the recipient.
There’s something very re-assuring about seeing the “Secure” icon in your web browser. It’s a level of confidence that your company should provide. And quite frankly, it’s the responsible thing to do.
What’s that “Secure” indicator look like? Here you go. We practice what we preach, and we believe encryption is a good idea for every website.
How to Setup HTTPS
It’s simple to setup on your web server, but will require an officially signed digital certificate from one of the various certificate authorities, such as Verisign, or RapidSSL. There’s also some ongoing cost involved, as the certificate will expire, and need to be renewed. These are companies that are in the business of providing these certificates and they validate your authority and authenticity as a company.
Whether you are setting up a new web site or doing an overhaul on existing web, we recommend you get a certificate and setup HTTPS. Go ahead and make it the default. Your customers and clients will appreciate it, and it puts you one step ahead of your competition.
Get Help from the Computer Support Experts
We hope this information has been helpful. Having an effective website is a necessity for any small business. But like most technology – it’s a complicated, ever-changing topic. It’s hard to weed out what the best information is. And maybe you just want the results, and not get bogged down in the minute technical details. Let us help you get better results for your business. Give us a call at (407) 268-6626. We’d love to help.
IT Support by Virtual Operations
Virtual Operations provides IT support for small businesses in the Orlando and Central Florida area. Our managed IT services offering provides the expertise and quality care your small business needs. Please contact us today to find out how we can help with your computer support and network support needs.