SSL: What is it? Why do you need it?
SSL is a term that gets thrown around a lot nowadays. Anyone who has an interest in web will have broached the topic in discussing website maintenance or new builds. You may have even nodded and agreed that it sounds important.
But what is SSL?
SSL, or Secure Sockets Layer, is a protocol used to secure the data transmitted over the internet between your computer and the destination servers. This data could be anything from the latest news article you click on, to credit card information you entered complete an online purchase.
Simplistically, all actions a visitor makes while visiting a website (clicking links, entering details in a form…) results in data being transmitted across the internet. That data can be seen if an unscrupulous person or group is watching the traffic. This is an attack is known as a “Man-in-the-middle attack”.
To give an example of a "Man-in-the-middle attack", here are 2 diagrams which may give you a better picture of what happens to the data.
As you can see from the diagrams, if a website has an SSL certificate installed, sensitive data transmitted between a site visitor and the host server is encrypted. This means that while the person attempting to intercept data will still see activity, any information they see will be useless to them.
With a basic understanding of SSL, logical questions might be: Do I need SSL for my website? What advantages does SSL give me? Is it worth the cost?
A boost in SEO
In August of 2014, Google announced it would push for “HTTPS Everywhere” on the web, and in doing suggested websites with a 2048-bit SSL certificate would receive a minor boost in SEO.
This boost carries less importance in search algorithms than other factors such as content quality, however any boost to visibility should be considered. When talking search rankings, every positive gain counts.
Increase in Privacy
Does your website have a contact form? Do your clients or site visitors send you data through your website in any way? If so, your primary consideration is what obligation you have assumed in securing their private information.
While a contact form won’t seem like a huge security consideration, cross referencing small amounts of data can help build a profile and your clients and prospective clients would not be well served by their name, email address, phone number and other details being intercepted by an unscrupulous third party.
Through the encryption of any and all data transmitted to and from the website, SSL provides a high level of protection from prying eyes.
You can easily see when a website uses SSL. When on a website, look to the address bar in your browser. Sites using SSL will have a green padlock next to the URL.
Here is what that looks like in Google Chrome:
Compared to a non-secured site, like this:
If a site visitor were to see that “Not secure” message, there is an increasing chance they would not feel very safe browsing that website and may even end their visit. This is especially so with eCommerce websites, where visitors are asked to enter Credit Card details and other personal information. Likewise, sites with log-in sections carry a similar burden. This reluctance to visit non secure websites looks likely to increase and with web security products such as Norton 360 actively advising its users to not proceed to sites which are not secure, non-secure sites are set to become no-go zones in the foreseeable future.
Required for any kind of Login/Payment
If your website has any requirement to login or includes a payment gateway, SSL should be considered mandatory. Without SSL, your site traffic is an open book to prying eyes depending on the connection your visitors are using.
As a website owner, it is your responsibility to ensure your visitors have a secure and safe experience while browsing your website. Depending on your specific circumstances, there is the very real possibility of liability issues should sensitive data be intercepted. If in doubt, do consult your legal representatives for specific advice in this regard.
In an increasingly dangerous digital world, let's do our best to protect our users from data theft.« Back to Lab