A More Secure Web

If you publish a website - especially one that allows visitors to login and ESPECIALLY if you operate an e-store and ESPECIALLY if you use the iASP Technology Platform - please take a few minutes to review this article and take the recommended action without delay.

Last year Google made an announcement that read in part:

"Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as "Not Secure" unless the pages are served over HTTPS..."

Read the related article: Moving towards a more secure we

What Does This Mean?

Google has made a game-changing decision to pro-actively inform website visitors that the information they are entering is not secure if the web page uses HTTP and not HTTPS.

You can see an example of a non-secure page from the screenshot that we took just this morning of the Vodaphone website (see the blog image in this article).

While Google is currently limiting this new security measure to web pages that collect passwords or credit card details, they plan to label ALL HTTP pages as 'non-secure' in the future.

Not surprisingly, the Firefox web browser (which along with Chrome accounts for around 70% of Internet Users) has already followed suite by labelling non HTTPS Encrypted pages as non-secure. It would seem inevitable that Safari and Microsoft Edge will also comply.

This means that websites that do not offer customers the peace of mind of HTTPS face the significant risk of turning customers away to their competitors.

What is HTTPS?

HTTPS in an Internet Protocol that encrypts the data being send back and forth between a customer's web browser and a website.

Setting up HTTPS encryption requires the purchase, periodical renewal and installation of an SSL (Secure Sockets Layer) Certificate.

An individual SSL Certificate is generally required for every individual domain name resolving to a website, however, there are multiple domain SSL Certificate options available.

SSL Certificates have various properties such as the level of encryption they offer, the amount of warranty paid to customers if a Certificate is issues incorrectly and more.

The purchase and periodical renewal costs vary significantly from only a few dollars to many thousands of dollars. Some providers offer sweetheart pricing for the initial purchase that significantly increase on renewal.

The renewal period for SSL Certificates is either 1, 2 or a maximum of 3 years as determined by ICANN, the global authority for this area of the Internet.

In some cases longer registration periods offer discounted registration costs, and importantly, SSL Certificates must be re-installed each time they renew, which involves a multi-step process that must be coordinated between the Certificate owner and the system administrator managing the related website server or network.

SSL Certificate installation for both new Certificate registration and subsequent renewals typically attracts a cost and therefore the longer the registration period the less the associated installation costs.

What are the Benefits for HTTPS Encrypted Websites?

• Visible Security - Sites with HTTPS encryption display a secure padlock icon in the address bar that when selected confirms the identity of the website publisher to the visitor.
• Privacy - End to end encryption of all data entered by visitors into HTTPS pages greatly increases security and reduces the risk of data theft
• Search Performance Advantages - Secure websites may result in higher ranking in Search Engine Results Pages (SERPs) than non-secure sites
  
  

What are the Disadvantages for HTTP Websites?

• HTTP pages will be marked as non-secure with an 'Information' Icon or 'Non-Secure' exclamation mark Icon
• Search Performance - HTTP sites may be penalised in SERPs
• Website Traffic - Website traffic may be effected if users choose to avoid non-secure sites
  

How Will This Affect iASP Clients?

Enotia Australiasia Pty Ltd. developer of the iASP Technology Platform, fully supports Google's new initiative to provide a safer web.

As a professional service provider adhering to best practice security policies and procedures, in addition to the actual security risks of non-compliance with Google's security initiative, our company's reputation, along with that of our clients, is at risk.

As all iASP Systems require an administration login via user-name and password, and are therefore already being flagged as non-secure unless they are HTTPS encrypted, as advised in the client bulletin distributed on February 21st:

From July 1st 2017 all iASP powered websites will be required to use HTTPS encryption.

This means all iASP Central websites will require an SSL Certificate to be purchased and installed prior to June 30th. 

As indicated in the client bulletin, all Enotia clients are free to purchase the certificate of their choice from any third party vendor, however, the Enotia Network Administrators must install all certificates on our network for which costs will apply.

Additionally Enotia is offering turn-key SSL Certificate registration and subsidised installation services as part of our on-going service offering.

Enotia clients are welcome to contact us anytime, but will be contacted personally regarding this important matter over coming weeks regardless.

If you are concerned with the security of your website or would like more information on purchasing an SSL Certificate, please contact the Enotia Support team on 03 8692 7241 or Get in Touch.

Resources:

• Moving towards a more secure web
• Worldwide desktop market share of leading search engines from January 2010 to October 2016
• Google Is Requiring HTTPS for Secure Data in Chrome