Security is about risk management. Online, security is about reducing the risk of exposing information to the general Internet.
Consider the two actions occurring on any device connected to the Internet:
Communication is the heart of the Internet. The standard Internet protocol suite, known as TCP/IP (Transmission Control Protocol and Internet Protocol), is the basis for a collection of additional protocols designed to interconnect computer systems across the world in different ways. For example:
Unfortunately, in the initial designs of the Internet, preventing unauthorized access to data while in transit and the verification of the communicating parties were not primary concerns. As a result, many of the protocols that use TCP/IP do not incorporate encryption or other security mechanisms by default.
The consequence is that anyone can “listen in” (not just the NSA) as data is transmitted across the Internet. That is, none of the protocols in the sample list employ any kind of encoding that restricts access to the data as it travels from one system to another.
HTTP – the protocol of the web – does, however, have a solution to this problem. SSL (Secure Sockets Layer) establishes a process to incorporate cryptographic methods that identify the parties in communication and establish a secure method of data transmission over the web (HTTPS).
Note: Today SSL’s successor is TLS (Transport Layer Security), but it is still commonly referred to as SSL (or more accurately SSL/TLS).
Since the initial phase of establishing a SSL/TLS connection incorporates intense mathematical calculations, implementation in the past had been limited to specific webpages (an e-commerce site’s checkout page, for example). However, today the trend is to implement as broadly as possible.
Does your website need SSL/TLS? That’s a risk assessment you need to make with your web developer and hosting provider. But consider:
Our next security post will cover the second topic: data storage. In the meantime, have a question about security and the web? Post your question in the comments section below.
nice…While now google implementing Google Pigeon, some says its better to have your domain secured with https . what d’you think ?
I appreciate Google providing an additional incentive for adopting SSL. However, as they will tell you, their PageRank formula is always changing.
The question is really, are you looking to add a layer of privacy and security for you and your users, knowing that there is the additional benefit of recognition of said act by Google? Or are you investing in a one year SSL certificate that you’ll abandon shortly thereafter, for temporary SEO points?
You should start by getting a ransomware protection service from https://spinbackup.com/products/ransomware-protection/. It will have an instant impact on your site’s protection. I hope that you will find it helpful. Can’t wait to see your feedback and have a conversation about it.
What are your thoughts?