Background
Cyber security is hot these days. Hardly a day goes by or we hear about another breach or vulnerability. A lot of startups are entering the market to help prevent, detect and mitigate attacks ranging from DDoS to social engineering. Large companies like Akamai release State of the Internet Security reports that give an overview of the growing threat landscape.
Having a secure online environment is becoming increasingly important, and not just for banks. Think about the LinkedIn hack in 2012, when 6 million user credentials leaked online. For publishers and brands, a secure online environment can prevent hacks into their CMS system. Next to that, digital publishers are increasingly collecting data to analyze their audience’s behavior and to build email lists for content distribution. With the rise of companies using personal data, cyber security has become even more important. By paying attention to data security, companies can prevent a huge loss of income and most of all reputational damage.
In April 2014, there was sort of a wakeup call regarding secure internet connections, when the then-latest vulnerability in the OpenSSL library was disclosed. OpenSSL is being used in many products and operating systems to ensure the proper workings for secure connections. This latest incident triggered a lot more attention being drawn towards how secure connections, mainly HTTPS, are configured and used.
POODLE, Heartbleed, OprahSSL, LOGJAM, BEAST, BREACH, CRIME and FREAK. These are a number of vulnerabilities that have been found in secure connection frameworks. It seems that security researchers would also make good marketeers. Next to coming up with these fancy names, they even started to create specific vulnerability websites to make administrators and managers more aware of the risks. As you can see, the website looks like a “campaign website” – it basically tells you what the cause of the vulnerability is and what you can do to prevent it in the future. All with the intent to increase awareness around the subject.
Browsers, Search Engines, and Edward Snowden
Many modern browsers have now also started treating secure connections more strictly. Less secure configurations will soon be blocked or warned about. The Google search engine will start giving secure sites higher scores. Starting January 2017, Google Chrome is even planning to warn users when they want to submit data into insecure sites.
Next to this, there is another reason many sites and services are using secure connections these days. Next to the obvious benefits to security, there is the big privacy debate. When in 2013, Edward Snowden revealed a lot about what the NSA was doing to spy on people, there was a large surge to start securing more and more connections and data.
The effect of security on performance
Having secure connections will have a slightly negative impact on performance (such as loading time), as some extra time is required to encrypt (convert data into a code to prevent unauthorised access) and decrypt (decoding it and making it readable again) data. With this in mind, a lot of effort has been put into increasing the performance of the web with security in mind. In February this year, a new standard for HTTP was approved. This new standard is called HTTP2 and allows for faster connections and reduced overhead for loading webpages. All the modern browsers support it with one remark: they will only allow HTTP2 over secure connections. This is an interesting example of how browsers like Chrome and Firefox are stimulating website owners to implement secure connections.
You can find a nice performance comparison here. This demo by Akamai shows you whether your browser supports HTTP2 and then compares loading times between the older and newer protocol.
HTTPS at Crowdynews
At Crowdynews we take security seriously. Many of our services are protected using secure connections. The configuration of these connections is kept in the best shape, without creating problems for our customers by being too strict. We regularly check our configurations by having them tested using the SSL Labs tool provided by Qualys. Our configurations score A or A+, the highest scores possible.
Security in general
However, secure connections are just one piece of the security puzzle. There are many aspects that need to be taken care of to be secure. And even then, there is always the chance that a new method of attack is found.
Concluding
It is my sincere belief that the attention and focus on both security and performance of the web will only increase over the next months and years. New standards are under consideration, legislation about privacy and security is being discussed and implemented in many countries, and attention is shifting to security in general.
With all those changes, the web will become a better place for end users. HTTPS will be everywhere.