"You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications." - Google
SSL stands for "Secure Socket Layer" and is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data transferred remains private. It’s also called TLS which stands for "Transport Layer Security". Millions of websites use SSL encryption everyday to secure connections and keep their customer’s data safe from monitoring and tampering.
For websites SSL is visible to users in the website address bar as a lock icon in the browser bar and the website address will start with https:// instead of just http://
In some cases a bold green background may also be displayed and the company's legal name. This is an expensive upgraded SSL certificate called EV SSL. It's commonly seen on financial institutions that want an increased level of trust.
SSL is one of the most widely reviewed and adopted security tools on the Internet today. It is essential to keeping the Internet safe and secure.
Why websites use SSL
An increasing number of websites adopt SSL for various reasons:
- Security: ensure that no one is intercepting web traffic
- Trust: by displaying a green lock image, the website increases visitors’ trust
- Search ranking boost: Google ranks sites that have SSL higher in search results.
- Regulatory compliance: financial institutions and web stores that work with credit cards must comply with regulations and adopt SSL on their websites
- Avoiding Scary warnings: In the near future browsers will automatically start displaying "Not trusted" or "Not secure" warnings prominently on websites that do not have SSL.
The problem with not having SSL
Browser makers have been gradually making their warnings to users about the lack of SSL on a website more and more blatant and scary. We have already reached the point where they can be downright frightening to people. To avoid these warnings, all websites should be utilizing SSL.
How to get SSL
SSL Certificates are provided by many many vendors with various features and price points. Sometimes Certificates can be upwards of hundreds of dollars a year to purchase. Skunkworks usually recommend the free SSL certificates provided by Cloudflare but in some situations that may not be appropriate. Talk to your Skunkworks account manager about obtaining an SSL certificate for your firm’s website that will fit your needs and budget.
How SSL Certificates Work
- A browser or server attempts to connect to a Website, a.k.a. Web server, secured with SSL. The browser/server requests that the Web server identify itself.
- The Web server sends the browser/server a copy of its SSL certificate.
- The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the Web server.
- The Web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
- Encrypted data is shared between the browser/server and the Web server.