If you publish a website - especially one that allows visitors to login
and ESPECIALLY if you operate an e-store and ESPECIALLY
if you use the iASP Technology Platform - please take a few minutes to
review this article and take the recommended action without delay.
Last year Google made an announcement that read in part:
"Beginning in January 2017, Chrome (version 56 and later)
will mark pages that collect passwords or credit card details as "Not
Secure" unless the pages are served over HTTPS..."
Read the related article: Moving towards a more secure we
What Does This Mean?
Google has made a game-changing decision to pro-actively inform website
visitors that the information they are entering is not secure if the web
page uses HTTP and not HTTPS.
You can see an example of a non-secure page from the screenshot that we
took just this morning of the Vodaphone website (see the blog image in
While Google is currently limiting this new security measure to web pages
that collect passwords or credit card details, they plan to label ALL
HTTP pages as 'non-secure' in the future.
Not surprisingly, the Firefox web browser (which along with Chrome
accounts for around 70% of Internet Users) has already followed suite by
labelling non HTTPS Encrypted pages as non-secure. It would seem
inevitable that Safari and Microsoft Edge will also comply.
This means that websites that do not offer customers the peace of
mind of HTTPS face the significant risk of turning customers away to
What is HTTPS?
HTTPS in an Internet Protocol that encrypts the data being send back and
forth between a customer's web browser and a website.
Setting up HTTPS encryption requires the purchase, periodical
renewal and installation of an SSL (Secure Sockets
An individual SSL Certificate is generally required for every individual
domain name resolving to a website, however, there are multiple domain
SSL Certificate options available.
SSL Certificates have various properties such as the level of encryption
they offer, the amount of warranty paid to customers if a Certificate is
issues incorrectly and more.
The purchase and periodical renewal costs vary significantly from only a
few dollars to many thousands of dollars. Some providers offer sweetheart
pricing for the initial purchase that significantly increase on renewal.
The renewal period for SSL Certificates is either 1, 2 or a maximum of 3
years as determined by ICANN, the global authority for this area of the
In some cases longer registration periods offer discounted registration
costs, and importantly, SSL Certificates must be re-installed
each time they renew, which involves a multi-step process that
must be coordinated between the Certificate owner and the system
administrator managing the related website server or network.
SSL Certificate installation for both new Certificate registration and
subsequent renewals typically attracts a cost and therefore the longer
the registration period the less the associated installation costs.
What are the Benefits for HTTPS Encrypted Websites?
Visible Security - Sites with HTTPS encryption display a secure padlock
icon in the address bar that when selected confirms the identity of the
website publisher to the visitor.
Privacy - End to end encryption of all data entered by visitors into
HTTPS pages greatly increases security and reduces the risk of data
Search Performance Advantages - Secure websites may result in higher
ranking in Search Engine Results Pages (SERPs) than non-secure sites
What are the Disadvantages for HTTP Websites?
HTTP pages will be marked as non-secure with an 'Information' Icon or
'Non-Secure' exclamation mark Icon
Search Performance - HTTP sites may be penalised in SERPs
Website Traffic - Website traffic may be effected if users choose to
avoid non-secure sites
How Will This Affect iASP Clients?
Enotia Australiasia Pty Ltd. developer of the iASP Technology Platform,
fully supports Google's new initiative to provide a safer web.
As a professional service provider adhering to best practice security
policies and procedures, in addition to the actual security risks of
non-compliance with Google's security initiative, our company's
reputation, along with that of our clients, is at risk.
As all iASP Systems require an administration login via
user-name and password, and are therefore already being flagged as
non-secure unless they are HTTPS encrypted, as advised in the client
bulletin distributed on February 21st:
From July 1st 2017 all iASP powered websites will be required to
use HTTPS encryption.
This means all iASP Central websites will require an SSL Certificate to
be purchased and installed prior to June 30th.
As indicated in the client bulletin, all Enotia clients are free to
purchase the certificate of their choice from any third party vendor,
however, the Enotia Network Administrators must install all certificates
on our network for which costs will apply.
Additionally Enotia is offering turn-key SSL Certificate registration and
subsidised installation services as part of our on-going service
Enotia clients are welcome to contact us anytime, but will be contacted
personally regarding this important matter over coming weeks regardless.
If you are concerned with the security of your website or would like more
information on purchasing an SSL Certificate, please contact the Enotia
Support team on 03 9855 8517 or Get in Touch.