HTTPS-Supported Websites on the Rise
Websites that support HTTPS are on the rise. In fact, over 50 percent of website traffic is now encrypted on both mobile devices and computers — a more than 10 percent increase from the year prior, according to recent Google data analyzed and reported by the Electronic Frontier Foundation (EFF). Businesses that adopt this technology obtain important benefits, and these are helping drive the movement forward.
The combination of workable deployment, lower cost and other incentives is attracting more businesses to get on board with the secure browsing protocol. Plus, the performance impact of the technology is becoming less of a concern as improvements in both client and server software minimize the effects of Transport Layer Security (TLS), according to Computerworld.
“After Google turned on HTTPS for Gmail in 2010, the company observed only an additional 1 percent CPU load on its servers, under 10 kilobytes of extra memory per connection and less than 2 percent network overhead. The deployment didn’t require any additional machines or special hardware,” the source explains.
Moreover, revised HTTP protocol can now support HTTP/2, making HTTPS browsing capabilities even faster. However, while HTTP/2 specifications indicate encryption is not a requirement, “browser makers have made it mandatory in their implementations,” according to Computerworld. As a result, users must deploy the technology on their websites in order to enjoy the benefits of increased speed in HTTP/2 and improve performance.
Adoption rates are also increasing because businesses are less likely to face vulnerability issues when deploying the technology, thanks to new tools for discovering deployment weaknesses and resources providing free TLS best practices and performance optimizations, the source reports. Furthermore, many third-party services now support encrypted connections to enhance security.
The cost to implement the technology is also becoming far less of an issue for businesses. Resources such as Let’s Encrypt now provide domain validation certificates for free through an easy-to-use automated process. Additionally, some major cloud service providers and content delivery networks are offering free TLS certificates to their customers, according to Computerworld.
Plus, HTTPS defends against man-in-the-middle attacks, which threat actors can perpetrate using a compromised network, the source notes. Businesses that have their website traffic encrypted will also experience improved search engine rankings.
HTTPS Moving Forward
Although still in draft, an upcoming TLS 1.3 specification should simplify deployment further, as the revised protocol makes it more difficult for vulnerable configurations to occur, according to Computerworld.
However, despite anticipated deployment improvements, some hurdles remain. For instance, the feasibility of obtaining certificates opens the door to certain security issues and misplaced trust.
“When it comes to the issue of trust, one of the things we have to be clear about is that the presence of a padlock and HTTPS [doesn’t] really mean anything about the reliability of a website and doesn’t even say anything about who is running it,” said web security expert and trainer Troy Hunt told Computerworld.
The secure browsing protocol will continue to rise and offer benefits, so it’s important for businesses to keep the padlock factor in mind when implementing security awareness initiatives for their users.