Since the early days of widespread public internet use, website security certificates (frequently referred to as SSL certificates) have been predominantly associated with e-Commerce. The reason is obvious – the financial information transmitted during an e-Commerce transaction is extremely dangerous in the wrong hands, and it’s therefore crucial–to both the buyer and the seller–that this info be kept private. Secure web transactions take place using the HTTPS protocol (also referred to as HTTP over TLS), which is easily verifiable from the URL of the website (https://example.com vs http://example.com).
How does HTTPS work? In a nutshell, data sent from the user to the web server is encrypted in such a way that only the intended recipient (i.e. the website) can decrypt it. Therefore, even in the event that a third party is able to monitor the data being transmitted, it will be a useless collection of garbled characters, thus being rendered useless.
Website security certificates aren’t used everywhere – why not? Isn’t encrypted data, even less sensitive data, good for everyone (except hackers)? Absolutely, yes. However implementing SSL has historically provided challenges to website owners.
SSL Barriers to Entry
- Cost – historically, most website security certificates started at around $100/year and could increase into four-figure territory. While SSL certs are still available at these price points, basic SSL certificates from reliable certificate authorities can now be had (at the time of this writing) for as little as $9.00 year, potentially even less if you shop around.
- Server configuration – setting up an HTTPS-powered website does indeed require a little more server configuration than a standard HTTP-powered site would. Some shared web hosts even charge extra to allow site owners to use a security certificate. However, the additional fee is generally minimal (often less than $10/month, if there is a fee at all). If you’re running your own non-shared hosting environment, a qualified server admin can typically set up SSL for you in a matter of minutes, with no recurring cost to you (other than the cost of the certificate itself, described above).
- Site performance – In years past, there were often noticeable speed differences between HTTP and HTTPS configurations, with non-secure websites being faster. Thankfully, modern hardware has improved to the point where these differences have become minuscule, with proper configuration.
Like everything else in the world of tech, implementing a website security certificate has become progressively cheaper and easier, to the point where the “pros” now outweigh the “cons” for all sites, not just sites collecting financial information from users.
3 Benefits of Using an Website Security Certificate
- SEO – Google has unequivocally stated that whether or not an SSL certificate has been implemented is used as a ranking factor for organic search results. Although, in 2014, Google described the factor as a “very lightweight” ranking signal, they’ve alluded to increasing it over time, and encourage all websites owners to switch to HTTPS.
- Non-HTTPS warnings are coming – Google isn’t just the #1 search engine on a planet; they also make the most popular web browser, Chrome. Just over a year ago, the BBC reported about a Google proposal to warn users any time an unencrypted HTTP connection was in use. Although no official timeline has been published, we firmly believe that failure to implement HTTPS will eventually result in a site being visibly flagged as insecure.
- Building trust with users – establishing your website as trustworthy with users is key to a successful, long-lasting web presence. Although sites utilizing security certificates are still in the minority, the quantity is certain to increase, due to the lower barriers to entry and benefits described above. The more ubiquitous HTTP over TLS becomes, the less safe users will feel on your website if they don’t see the “little green lock”.
In our view, website security certificates can be viewed an “easy win” for all site owners, not just those operating an e-Commerce site, and we recommend that all our clients consider obtaining one.