HTTP verses HTTPS, many would ask why even discuss this? For those involved in IT this may simply be a “DOH” issue. But many people without an IT background may not understand why it could impact on the effectiveness of your website. This article sets out to make is as simple as possible to understand why it has just become so crucial to add the “S”.
A great many organisations have not yet made the transition, and it is hurting their online presence.
The prefix of any URL is the protocol prefix (http, ftp, mailto, etc). Anyone surfing the interweb would be aware of the HTTP prefix (http://www….) and in most cases, we do not need to really understand the reason for having it. But, the prefix defines the protocol or language used over the internet.
With companies that conduct transactions on the web, the HTTPS protocol (S standing for secure using Secure Socket Layer (SSL) to transfer the information) has become the standard for secure transactions. Most users/customers now know that one should not do an online transaction unless the HTTPS symbol is showing corresponding to the site you are doing the transaction on.
I’m not going to explain all the technology around this, as the people involved should already have that information, but suffice it to say; the https protocol allows us to exchange information in a sure encrypted mode that cannot be intercepted and viewed by a third party.
So, why would we need to think about changing our websites from HTTP to HTTPS when we are not doing transactions on our site?
Just because your site may not be transacting money, almost every site now transacts information.
Even the simplest of Content Management Systems (CMS) now require registrations and log-ins to access or add information. Almost every interweb savvy company is collecting people’s information via forms of all sorts, getting us to answer questionnaires, subscribing to future communications and more and more sites are getting you to log in for various reasons which can be as simple as personalising the online experience.
And all of these “data transactions” should be secure as well.
Google is forcing your hand.
To make the matter more complicated, in July 2018, Google enabled the Chrome browser (67% of the desktop browser market share in July 2018) to mark any sites not using HTTPS as “not secure”.
That may in itself not seem too much of an issue, but does anyone want their online brand to be publicly seen as “not secure”?
Organisations spend massive amounts of time and money to bring users to their site only to be undone by the perceived idea that your site is not secure. And as more users become aware of the ramifications, the less likely they are to interact with a non-secure site.
Furthermore, Google has also intimated that “non-secure” websites will be penalised in search rankings. There is great debate as to what impact this will have, but rest assured, as Google updates search algorithms over the next few years, HTTPS uptake will become more of a factor.
So, why haven’t you changed yet?
Many of the companies that I have worked with have not yet looked at the change to HTTPS for three main reasons:
We don’t need it
Simply answered – yes you do. There is no valid reason out there to not make the change. Any IT developer that says “you don’t need to it” is just not doing their job properly. (yes – I said it!)
It’s too expensive
It used to be, and some service providers are still charging a lot of money for SSL certificates, but many hosting providers are provisioning the hosting with the SSL certificates included.
As for updating your website, most up-to-date CMS’s will manage most of the change for you, and any reasonable developer should be able to change any hard-coded information fairly quickly. Yes, there are the odd solutions that may be more complex with regard to the transition, but these would be far and few between, and if they were that complex, they probably should have been designed with HTTPS in mind in the first place given this news is not new.
Also, if your domain/s have been set up correctly with the www. contained in the primary canonical address (a discussion to be had later), there should be little to no issues with subdomains and cookies.
Finally – as a company, you have spent a lot developing your online presence, so why would you not spend the money to protect what you have invested so much in?
It’s too hard
It’s not! Well, it shouldn’t be if your online presence was designed properly.
If it is a hard task (for whatever reasons are given to you), now is as good a time to make the changes that will allow you to transition to HTTPS. It will not get easier down the track and the negative effects on your organisation’s communications will only start to compound.
Your website is a pivotal part of your organisation’s communication effort. it is important that you take every step to make your site look credible to your audience as well as protecting their experience on your site.
Request for permission to reproduce content should be directed to Aichkaye