HTTPS and Chrome 56
Making your site secure is a top priority not just for network administrators anymore, but with recent browser updates highlighting sites not secured under HTTPS, marketing departments need to understand why the push for HTTPS is happening and how this affects their business and their users.
What is SSL and HTTPS?
(SSL) is a security protocol that encrypts traffic between a web server and the client (a browser) over HTTP, becoming HTTPS. Typical web traffic under HTTP is transferred in plain text - which means it is in a human readable form. Securing the transport layer encrypts this traffic, which means if someone is listening to the traffic between a user and your site, they cannot read the communication unless they had your encryption key which is highly unlikely (more about that later).
Why am I hearing about Chrome 56?
It has always been a good idea to encrypt sensitive data but many users do not pay attention to the top URL bar; they may not notice or understand that if they login to your site using public WiFi their credentials could be exposed. Browsers are starting to add visual displays to the user not just when your site is secure, but when your site is considered not secure. Users of Chrome version 56 and later will see the words “Not Secure” next to the already existing gray icon on pages that contain sensitive form fields of passwords or credit card numbers.
You can read Google’s blog here: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
How do I secure my site?
Contact the Thinklogic team for customized recommendations for your company. There are multiple options when it comes to purchasing SSL’s, our recommendations will vary based on your site framework, use of a Content Delivery Network (CDN), and daily traffic to your site.
How does the data get encrypted?
The process relies on various keys - or text of random characters. When an SSL certificate is issued, it comes with a private key and a public key. The private key is the most important, as it is the only thing used to decrypt the data to the web server. When the page is requested, the web server sends back the certificate details, including who issued the certificate and who did they issue it to. The browser verifies the data in the certificate, and accepts the certificate’s public key. The browser then uses this public key to encrypt data to send to the web server, which can only be read using the previously mentioned private key.
When the server needs to send encrypted data to the browser, it uses an asymmetric (meaning you can use the key to encrypt and decrypt) key that was exchanged during the first contact, also referred to as the handshake.
When a certificate authority, such as GoDaddy or Digicert, issues a certificate, it is not always a unique key.
Let's Build a Digital Solution that Works
Thinklogic has a strong history of successfully developing and bringing to market hundreds of new web-based custom software applications. From concept refinement and business planning, to technology deployment and selling to the end-user, our team has expertise in both technology and marketing.
We also offer unique new business programs to help get your company launched with a strong start. Our Vested in Your Success program helps new companies get the technology expertise they need, without drastically impacting cash flow resources. We also have many relationships with the industry’s most respected investors and can help you get the funding you need.
We offer custom software development, project management, website design, web hosting and marketing services to hundreds of clients. Because of the success of web-based software applications, Thinklogic has evolved to specialize in developing scalable applications that generate revenue for our clients in a subscription model.
Whether you just want to give a shout out or are looking to start a project, feel free to email & we'll quickly be in touch.