Encrypt All The Things!
Encryption is coming….
With the likes of the General Data Protection Regulation (GDPR) pushing businesses to think a little harder about the data they receive, store, use and distribute. Twinned with the updated versions of browsers switching their methods to now highlight website which aren’t using SSL. Working towards an encrypted internet has never been more important.
Below are a few examples of browsers doing just that:
Google Chrome –
Microsoft Edge –
Mozilla Firefox –
They are also aggressively pushing it in other ways such as:
- Google giving a search ranking boost to sites with SSL/TLS.
- Gmail is flagging messages that originate from non-secure servers.
- Mozilla is only making new features available to HTTPS sites.
Having an SSL Certificate is going to be the new normal and to ensure user trust using an “Always-On SSL” approach is going to be the best way to achieve that.
Always-On SSL (AOSSL) is using HTTPS across your entire site to protect all data a user accesses or transfers online. Currently, most sites only use SSL to secure pages where sensitive data is passed, like names, addresses, contact details, login credentials or credit card numbers. This causes the user to bounce between HTTPS and HTTP sessions, even after they have logged in, leaving much of the information a user sees online exposed to third parties and other malicious users online.
Using SSL only on secure information page for encryption is not enough to combat today’s threats. New methods of hijacking and eavesdropping unencrypted sessions make it easier than ever to steal your users’ information.
Persistent SSL connections online ensures that all pages, cookies, and sessions are secure and that all user data is safe, no matter what page they are on. Using HTTPS everywhere on your site helps ensure that user connections online are totally and completely secure.
In summary, you need to serve your entire site over HTTPS. You need to configure your server for Always-On SSL. Always-On SSL is a cost-effective security measure for websites that helps protect the entire user experience from online threats. It delivers authentication of the identity of the website and encrypts all information shared between the website and a user (including any cookies exchanged), protecting the data from unauthorized viewing, tampering, or use. The growing threat of data breaches and online attacks are becoming more frequent and increasingly easy to execute. Organisations around the world are under increasing scrutiny to ensure online transactions involving confidential data are secure.
If you would like to read a little more about the General Data Proection Regulation you can down load/view the PDF version in English here: General Data Protection REGULATION (EU) 2016-679
Alternatively you can visit this link to view it in HTML or various other languages: EUR-Lex, Access to European Law. 2016/679