In the technology world, there's one thing we have to get straight: Security holds precedence above everything else. Google (News - Alert) has taken the spirit of this statement quite literally and went ahead and gave a ranking boost to websites sporting an SSL 2048-bit certificate, enabling them to use the “https://” prefix.
According to Google, the addition of SSL will give its ranking algorithm a “very lightweight” positive signal, providing websites using it with a minor advancement in its ranking on the search engine result pages (SERPs). When testing its algorithm, the company has concluded that the ranking differentiator has an effect on less than one percent of global search queries, but they said that they might “decide to strengthen” the algorithm's signal since they'd like to “encourage all website owners” to amp up their security by switching from HTTP to HTTPS.
Will this lead to a more secure internet, and is it enough of an incentive for website owners to start changing up their strategies? It seems as if though Google's well-intentioned incentive for websites appearing on its index is perhaps unlikely to make much of a positive change in the world of security. Already, most of the major companies dealing with millions of credit card numbers day by day use HTTPS. They still get busted open by hackers.
A reliance on HTTPS may make some companies very complacent about security. They may start considering themselves secure simply because they have encryption on their endpoint. But what about the companies that they have relationships with? What about sabotage from disgruntled vendors or employees? There are a lot of factors to consider that currently aren't being addressed enough. While changing from HTTP to HTTPS might help some sites, we really need to have a much larger talk about security at large, particularly regarding how companies can benefit from using identity and access management (IAM) solutions like what PerfectCloud and Okta offer.
Let's put it simply: Giving websites the incentive to switch over to HTTPS is somewhat useful, but doesn't address the issue of online security nearly as much as it should.
Edited by Adam Brandt
View all articles