By Joe Dysart
Use of Transport Layer Security, the encryption protocol that underpins HTTPS, is a best practice. And come July, it will become a business necessity because Google Chrome will start warning people away from any website that lacks HTTPS by branding it “Not Secure” in the browser address bar.
“Google is rolling [that warning] out to all versions of Chrome this summer,” says Peter Boyd, founder of web design firm PaperStreet. Given consumers’ and business users’ well-advised hesitancy to visit any site that seems risky in any way, Google’s move is expected to have a major impact on telecommunications and other firms that miss the deadline and are still operating unencrypted in July.
Essentially, users attempting to visit these sites will be less likely to trust the content, according to Patrick R. Donahue, security engineering product lead with Cloudflare, an internet services provider. There’s good reason for that given the growing use by attackers of “drive by malware” that can infect a computer simply because a user visited a website that’ss running malicious code.
“HTTPS is considered by most security professionals to be a bare minimum level of security for any website that requires data from the end user as part of its core functionality,” says Tyler Kee, cloud solutions architect at master agent PlanetOne Communications. “Given the amount of websites that currently require some sort of user data – usernames, passwords, geographic location, credit card information – use of HTTPS should be considered a basic best practice for any website.”
Moreover, with Google firmly committed to the July deadline, Donahue says other major browsers – Mozilla Firefox, Microsoft Edge and Apple Sarfari – will follow suit shortly thereafter with their own Not Secure alert programs. Pat Harper, chief technology officer with conferencing and collaboration software provider PGi, applauds the major browser-makers’ decision to indicate security level in simple, user-friendly terms.
“Most of the internet community has embraced HTTPS encryption for web services,” says Harper. “This act will further accelerate the adoption of modern security practices across the entire internet community.”
He’s likely correct, given that those browsers together service more than 78 percent of all the people surfing the Web, according to Netmarketshare.
For partners, the net result could be a stampede of businesses desperately looking for encryption come July.
To determine if your or a customer’s business will be impacted, simply type the web address into the Google Chrome browser. If the site is lacking encryption, you’ll find a subtle alert. For now, the warning appears as an exclamation point in the address bar, which you need to click on to retrieve Google’s admonition that the site is not secure.
Come July, the search giant has decided that its warning will be stark and dramatic: Visit any website that’s not encrypted, and that site will be …