What is SSL?
In the most basic terms, SSL (Secure Sockets Layer) is the technology used to keep a connection over the internet safe and protected from anyone else attempting to access, read or change it
The more technical definition is that it is a cryptographic protocol used to provide a secure channel and encode any data sent in a connection between two points over the internet.
SSL was created and developed by Netscape. The second version of the technology was released to the public in 1995. Three years later, it was then replaced.
These certificates are a third-party source saying that your website uses the data you collect in a responsible manner. It also encodes it with cryptography to keep it safe, and can only be decoded by the other end of the opened connection. The information held in these is available for public viewing. If you click on the padlock icon or similar on a website, it will show you that specific website’s certificate holder. It also shows a serial number and expiration date, a copy of the holder’s public key and the digital signature of the authority that issued it.
When are SSL certificates used?
Keeping trade secrets
Secure Sockets Layer will provide safety for a company’s intranet. This means none of their information can be accessed by third parties; whether sent over an e-mail in house, over through a shared network drive.
Keeping your personal details safe
It will prevent hackers from accessing your personal details or bank account information when you buy items online. This helps to protect you from fraud and financial damage.
Keeping data complete
As this layer sends data through a safe channel, any information sent through it will be kept complete; whether you’re uploading a web page, streaming a video or downloading a file from the internet.
Plenty more besides
This is the internet’s way of keeping things as safe, stable and secure as they can be.
Please note: Although the term SSL is still widely used in parlance, it was deprecated as far back as 1999. Furthermore, it hasn’t been supported since 2015. Instead it’s made way for a new technology known as TLS. TLS, otherwise known as Transport Layer Security, provides much greater security than SSL.
Why is a TLS certificate such a requirement now?
The nature of our internet experience has changed. This is the main reason TLS has become more required than it ever has been. Even only a decade ago, most of the time you spent on the internet was in a read-only capacity. A website existed on the internet to be read, rather than interacted with
This has changed in the modern world with social media becoming so prevalent. People now have much more opportunity to interact with sites through comments, for example. The biggest change however is in how readily we send sensitive information to others over the internet. We now think nothing of typing our bank details into online marketplaces or our personal addresses into online surveys or competitions. What’s more, we’re happy to send very sensitive company or government information via email. Much to the chagrin of a certain former presidential candidate!
As times and habits over the internet have changed, our solutions for dealing with these challenges have improved and enabled the modern world we all enjoy.
TLS and Google Rankings
Why has Google made TLS mandatory if you want to appear in rankings? Whether or not Google’s changes to their TLS requirements have affected your business, you almost certainly know about their recent drive to make the technology standard on every site available. Any site that doesn’t have one will now be flagged in Google’s search engine. The site will suffer from lower rankings as a result. Plus, when it comes to Google Chrome, if you try to access a site that doesn’t have a certificate, Chrome will display an unmissable message saying that the site is unsafe.
There are a few reasons for Google doing this. The main one being they feel it’s their responsibility as one of the world’s largest search engines to make sure their users feel secure and at ease while using the internet. Another large reason is to help make the internet as a whole more secure to pave the way for future technologies that will require safe handling of information and data validity & stability. The final reason is to help educate and inform all internet users of the issues of data sensitivity and security. This is because it is an often overlooked part of the backbone of the internet.
How to get a TLS certificate?
There are three main ways to get certification for your website and they mainly depend on how you will build your website and your purposes for it.
Use a website builder
If you use a website builder such as Weebly, Wix, Squarespace or the like; they usually include a security certificate as standard in their paid subscriptions! This is a fantastic option for those opening their own small e-shop, a bootstrapped or very small business or for those wanting to create a simple site for their portfolio etc.
Use a free service
With services such as “Let’s Encrypt” or “SSL for free”, you can install one onto your site that is approved by those suppliers. Be aware this can get very technical. It involves you having to change code on your site, install files using an FTP connection and other details. While it may be tempting to go with the free option, make sure you’re technically literate or can learn beforehand!
Use a provider
There are many SSL providers out there that can be found with a simple search. The one that would be most suited to you are those dictated to you by your budget, how big your site or server is, what kind of information it will handle and provide and how much support you anticipate you’ll need with it. Some providers also bundle in other services with their product so it’s worth watching out for good deals!
A final note
If your site contains no text boxes or uses for input, then while you didn’t need one in the past, you do now! With Google’s recent changes, they have made it mandatory for all sites to own one whether or not one is actually required!
GDPR Considerations regarding SSL and TLS
GDPR not only deals with having strict security with how you handle information over the internet, but also how you store that information, how you interact with it, who you send it to and strict guidelines over how you inform and enable users to know this information. Having proof of your internet security is just one aspect of fulfilling GDPR but the first, very important step.
While the rules behind data security are constantly changing, the best way to be future-proof against any changes in the industries standards are by using common sense with user’s data. Gone are the days of the gold rush internet of passing user’s information to the highest bidder. Instead companies must ensure they are only providing data to others when clearly needed.
If you have enjoyed reading this article, why not read some of our other articles? Our blog covers lots of interesting articles about the website security, technical advice and digital marketing.