Blog

If you publish a website - especially one that allows visitors to login and ESPECIALLY if you operate an e-store and ESPECIALLY if you use the iASP Technology Platform - please take a few minutes to review this article and take the recommended action without delay.

Last year Google made an announcement that read in part:

"Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as "Not Secure" unless the pages are served over HTTPS..."

Read the related article: Moving towards a more secure we

What Does This Mean?

Google has made a game-changing decision to pro-actively inform website visitors that the information they are entering is not secure if the web page uses HTTP and not HTTPS.

You can see an example of a non-secure page from the screenshot that we took just this morning of the Vodaphone website (see the blog image in this article).

While Google is currently limiting this new security measure to web pages that collect passwords or credit card details, they plan to label ALL HTTP pages as 'non-secure' in the future.

Not surprisingly, the Firefox web browser (which along with Chrome accounts for around 70% of Internet Users) has already followed suite by labelling non HTTPS Encrypted pages as non-secure. It would seem inevitable that Safari and Microsoft Edge will also comply.

This means that websites that do not offer customers the peace of mind of HTTPS face the significant risk of turning customers away to their competitors.

What is HTTPS?

HTTPS in an Internet Protocol that encrypts the data being send back and forth between a customer's web browser and a website.

Setting up HTTPS encryption requires the purchase, periodical renewal and installation of an SSL (Secure Sockets Layer) Certificate.

An individual SSL Certificate is generally required for every individual domain name resolving to a website, however, there are multiple domain SSL Certificate options available.

SSL Certificates have various properties such as the level of encryption they offer, the amount of warranty paid to customers if a Certificate is issues incorrectly and more.

The purchase and periodical renewal costs vary significantly from only a few dollars to many thousands of dollars. Some providers offer sweetheart pricing for the initial purchase that significantly increase on renewal.

The renewal period for SSL Certificates is either 1, 2 or a maximum of 3 years as determined by ICANN, the global authority for this area of the Internet.

In some cases longer registration periods offer discounted registration costs, and importantly, SSL Certificates must be re-installed each time they renew, which involves a multi-step process that must be coordinated between the Certificate owner and the system administrator managing the related website server or network.

SSL Certificate installation for both new Certificate registration and subsequent renewals typically attracts a cost and therefore the longer the registration period the less the associated installation costs.

What are the Benefits for HTTPS Encrypted Websites?

• Visible Security - Sites with HTTPS encryption display a secure padlock icon in the address bar that when selected confirms the identity of the website publisher to the visitor.
• Privacy - End to end encryption of all data entered by visitors into HTTPS pages greatly increases security and reduces the risk of data theft
• Search Performance Advantages - Secure websites may result in higher ranking in Search Engine Results Pages (SERPs) than non-secure sites
  
  

What are the Disadvantages for HTTP Websites?

• HTTP pages will be marked as non-secure with an 'Information' Icon or 'Non-Secure' exclamation mark Icon
• Search Performance - HTTP sites may be penalised in SERPs
• Website Traffic - Website traffic may be effected if users choose to avoid non-secure sites
  

How Will This Affect iASP Clients?

Enotia Australiasia Pty Ltd. developer of the iASP Technology Platform, fully supports Google's new initiative to provide a safer web.

As a professional service provider adhering to best practice security policies and procedures, in addition to the actual security risks of non-compliance with Google's security initiative, our company's reputation, along with that of our clients, is at risk.

As all iASP Systems require an administration login via user-name and password, and are therefore already being flagged as non-secure unless they are HTTPS encrypted, as advised in the client bulletin distributed on February 21st:

From July 1st 2017 all iASP powered websites will be required to use HTTPS encryption.

This means all iASP Central websites will require an SSL Certificate to be purchased and installed prior to June 30th. 

As indicated in the client bulletin, all Enotia clients are free to purchase the certificate of their choice from any third party vendor, however, the Enotia Network Administrators must install all certificates on our network for which costs will apply.

Additionally Enotia is offering turn-key SSL Certificate registration and subsidised installation services as part of our on-going service offering.

Enotia clients are welcome to contact us anytime, but will be contacted personally regarding this important matter over coming weeks regardless.

If you are concerned with the security of your website or would like more information on purchasing an SSL Certificate, please contact the Enotia Support team on 03 8692 7241 or Get in Touch.

Resources:

• Moving towards a more secure web
• Worldwide desktop market share of leading search engines from January 2010 to October 2016
• Google Is Requiring HTTPS for Secure Data in Chrome

Here at HCD we aim to keep our clients well informed on all subjects that relate to the digital space. The Net Neutrality debate may not be the sexiest topic on our radar, but as it has the potential to change the way we use the Internet, we thought it was worth passing on the following information...

The Net Neutrality debate in the United States is one of those topics that could be nothing, but it could, potentially, be cause for serious concern. In all cases, such as this debate, it is better to be well informed and well prepared so that you can take any necessary steps to minimise any potential for damage before it occurs.

The topic of Net Neutrality is far from new; for the better part of a decade, many parts of the world have been discussing and debating the case for a neutral and open Internet. The debate has become particularly heated in the United States, however, with large corporations supporting both sides and the subject sparking numerous protests and petitions.

Major political decisions in the United States always seem to echo an effect globally, so will the outcome of their decision change the Internet as we know it today?

What is Net Neutrality?

Net Neutrality is a term that was first coined by a law professor in 2003, and very simply, is the idea that data on the Internet should be treated equally by Internet Service Providers in regard to transmission (sending and receiving the data), and in regard to fees applied to the services provided by Internet Service Providers.

In a nut-shell, this is the argument for an "open Internet" or for a "closed Internet".   An "open Internet" being one where people can use the Internet equally without any interference from third-parties (no slowing of Internet speeds, no blocking of Internet services or websites). A "closed Internet" being the opposite, where the content or Internet services a person can access is restricted and managed by the service provider they use to connect to the Internet.

One can imagine the limitations of having a "closed Internet" - for example, not being able to access YouTube, because your Internet Service Provider has their own equivalent website, or is partnered with a different website.

What are the current arguments for Net Neutrality in the US?

In one corner, there are many Internet content and application providers such as Google, Facebook, Amazon and Microsoft, along with groups such as Free Press, the Consumer Federation of America, the American Library Association, Gun Owners of America who are all in support for Net Neutrality. Just recently, the Major League Baseball (who are the largest distributor of live video on broadband networks in the US) also joined the supporting side.

Their argument is equal access to the Internet is a right, that the current lack of regulation is what created the Internet and Information Revolution in the first place. Supporters also argue that removing Net Neutrality will cause content providers to pay more to deliver their content, which will be passed on to consumers. Also, smaller content providers will have to queue up behind paying content providers who can afford to pay for their content to be delivered faster, resulting in the smaller companies being pushed off the Internet.

What are the current arguments against Net Neutrality in the US?

In the opposite corner, groups like Americans for Prosperity, the National Black Chamber of Commerce, the Competitive Enterprise Institute as well as all of the major Telecommunication and Internet Service Providers such as Comcast and AT&T are strongly opposed to Net Neutrality; and are even accused of attempting to essentially buy support and votes to help their cause.

The opposition stance is that Net Neutrality limits the usefulness of the Internet, and will discourage investment in the development of new infrastructure, which would result in limiting the overall bandwidth available for Internet data. The opposition also counter arguments from supporters of Net Neutrality by stating that the Internet is not classified as a utility, and so should not be regulated as such; and that by giving bandwidth preference to popular content is actually in the best interests of the consumer because that is what the majority want to access.

Will the outcome affect Internet in Australia?

The short answer is yes, as much as it will affect the Internet globally, though the effects may be more obvious for Australians as many of the communications cables linking Australia to the rest of the world link to the US. A significant chunk of global Internet traffic flows to and from the United States, and limiting the flow of traffic will have knock-on affects.

What about the Net Neutrality Argument in Australia?

We have already finished our debate about Net Neutrality, and it has been seen as a lost battle. The Australian Competition and Consumer Commission already regulates Internet Service Providers, and prevents network traffic management that would be considered as being anti-competitive behaviour. Australian Internet Service Providers could be considered to be discriminating, however, in providing un-metered data however, which provides access to websites or services that does not count to the users data allowance, and could possibly result in users preferring the free service over a competitors. In this sense, Australian Internet is not truly Net Neutral, but un-metered content is seen as a benefit to consumers that have limited data allowance plans as opposed to the unlimited data allowances that all US consumers have.

HCD Tip: Keep an eye on this debate, as it may very well change the way everyone uses and thinks about the Internet.

Further Reading:

• US Net Neutrality Overturned: the recent Court of Appeals decision and what it means for Australia
• Australia's net neutrality lesson for the US
• Net neutrality and why the internet might have just changed forever
• Four and Against - The Net Neutrality Debate

What is your opinion? Do you agree or disagree with the idea of a Net Neutrality? How do you think the Net Neutrality discussion in the United States will affect Australia? Share your thoughts on the iASP Central Facebook Page, or Get in Touch.