SSL (Secure Socket Layer) is the name of the technology that encrypts the communication between a browser and a web (or email) server. This changes the standard HTTP (hypertext transfer protocol) to HTTPS which adds encryption. This site is secure; you can see the green lock in the header. Why is this important? Well, eCommerce sites absolutely need to be secure since users will be entering private information. It is absolutely essential to encrypt that information. But what if you aren't processing financial transactions? Do you still need SSL? We monkeys say enthusiastically YES! and believe that in the future all sites
We are not alone, last year the White House released their memorandum entitled “A Policy to Require Secure Connections across Federal Websites and Web Services” which outlines the steps that all government sites should follow and why. The
HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user. Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit.
EFF (Electronic Frontier Foundation) is a not for profit organization, that according to their about page, "champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development" since 1990. One of their goals is to:
… switch hypertext from insecure HTTP to secure HTTPS. That protection is essential in order to defend Internet users against surveillance of the content of their communications; cookie theft, account hijacking and other web security flaws; cookie and ad injection; and some forms of Internet censorship.
Google is actively giving SEO bonuses to secure sites, and has even proposed penalizing insecure sites. In August 2014, Google started boosting search results for secure sites. In addition, they began indexing secure versions of web pages last year instead of their insecure counterparts.
Last month, Chrome proposed actually giving warning notices on all insecure web sites. If they move forward with this, Chrome users will be increasingly aware of secure sites and navigate elsewhere.
Finally, Amnesty International believes encryption is a human rights issue. In their briefing, "Encryption: A Matter of Human Rights" they state:
With online censorship and surveillance a growing threat to human rights, undermining encryption could threaten the ability of people around the world to freely communicate and use the internet, such as human rights activists who challenge the authorities, journalists who uncover corruption, and lawyers holding powerful governments to account, Amnesty International said.
This is just a small list of reasons why a secure web is critical. Is your site secure?