HTTPS – Uptake Set to Accelerate in 2017

 

A recent Mozilla telemetry and Google transparency report shows that after 20 years, HTTPS is now being used more than HTTP. Growth in HTTPS usage has come from the large push to move to Always-On SSL or HTTPS Everywhere. Also helping drive this change are the browser players who require that only HTTPS be used for HTTP/2 deployments, and browser privileged services such as geolocation.

HTTP/2 is the new faster protocol replacement for HTTP. Any websites that migrate to HTTP/2 have to use SSL/TLS. The new protocol is supported by Chrome, Firefox, Safari, Internet Explorer, and Opera but only over HTTPS.

For those organisations not yet across this change, it is worth noting that Google’s Chrome and Mozilla’s Firefox, for example, will discourage website visitors from using unprotected sites by displaying a note in the status bar. Chrome 56 which launched in January 2017, indicates “Not secure” for a site (see below), that presents password and credit card fields that are not secured by an SSL/TLS certificate.

Anyone who has responsibility for customer facing websites should consider this to be an early warning as Google will plan to use “Not secure” with a red triangle for all HTTP pages in the future. They also plan to rank sites that are not using HTTPS lower in search results.

 Https

With the installation of an SSL/TLS certificate, the “not secure” warning will disappear. There are two different types of SSL certificate: standard and extended. To obtain details on how to select the right SSL certificate types for your business and then manage their lifecycle contact Mike Conboy - mike.conboy@mpa.co.nz to discuss.

Website administrators need to consider the Always-On SSL or the HTTPS Everywhere options. Once in place HTTPS will provide the following advantages:

  • Security to all websites and pages regardless of content
  • Mitigate known vulnerabilities e.g. SSLstrip
  • Provide browser user privacy
  • Support for HTTP/2 - higher performance and less latency
  • Improved search engine optimization (SEO) for Google
  • Support HSTS that will provide a browser error if the site is not secure
  • Higher trust indication with a green lock icon or similar and the elimination of a “Not secure” message.

 

 

Latest Security Problems Solved

Internet of Things More >
HTTPS – Uptake Set to Accelerate in 2017 More >
Addressing Endpoint Security Challenges More >
Securing Blurred Boundaries More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >