By Joe Dysart
Use of Transport Layer Security, the encryption protocol that underpins HTTPS, is a best practice. And come July, it will become a business necessity because Google Chrome will start warning people away from any website that lacks HTTPS by branding it “Not Secure” in the browser address bar.
“Google is rolling [that warning] out to all versions of Chrome this summer,” says Peter Boyd, founder of web design firm PaperStreet. Given consumers’ and business users’ well-advised hesitancy to visit any site that seems risky in any way, Google’s move is expected to have a major impact on telecommunications and other firms that miss the deadline and are still operating unencrypted in July.
Essentially, users attempting to visit these sites will be less likely to trust the content, according to Patrick R. Donahue, security engineering product lead with Cloudflare, an internet services provider. There’s good reason for that given the growing use by attackers of “drive by malware” that can infect a computer simply because a user visited a website that’s running malicious code.
“HTTPS is considered by most security professionals to be a bare minimum level of security for any website that requires data from the end user as part of its core functionality,” says Tyler Kee, cloud solutions architect at master agent PlanetOne…