FAQ Hero
Vulnerability Management

What is Always-On SSL?

What is Always-On SSL?

Always-On SSL (AOSSL) is the de-facto best practice for applying encryption, or HTTPS, across all of your websites and servers. When correctly deployed, AOSSL ensures that all internal and external webpages are encrypted, reducing exposure to cyberattacks. In order to achieve a comprehensive security posture, AOSSL should be applied not only to web pages controlled directly by an organization but also be a requirement for vendors and third-party integrations.

Every website needs HTTPS, or end-to-end encryption, that can help protect every webpage your users visit, not just login pages and shopping carts. Companies who are serious about protecting their customers and their business reputation will implement Always-On SSL with TLS/SSL certificates from a trusted Certificate Authority. This basic, easy-to-implement security measure delivers authentication of the identity of the website and encrypts all information shared between the website and a user (including any cookies exchanged), protecting the data from unauthorized viewing, tampering, or use.

Organizations that work to protect and secure the internet like the Internet Society and the IETF have called for organizations to adopt encryption everywhere, another way of promoting Always-On SSL. Some of the world’s most successful websites have successfully implemented it to protect against side jacking and hacking through threats such as the former Firesheep and malicious code injection.

As online attacks become more frequent and easier to execute, organizations around the world are under increasing scrutiny to ensure all online transactions involving confidential data are secure. One of the specific challenges that organizations face today is that unsecured Wi-Fi and cookies are everywhere and Wi-Fi networks in public locations such as airports and coffee shops are often left open to facilitate use. Tools such as Firesheep have made it easier than ever to eavesdrop on unencrypted HTTP sessions, intercept users’ cookies, and steal the confidential information within the cookies to gain access to web services.

Government officials and privacy groups are pushing for companies to provide Always-On SSL. In response to reports of TLS/SSL hacks, legislators have publicly called on websites to expedite the transition to Always-On SSL.

Why is Always-On SSL important to secure your brand?

A single data breach can ruin your brand. The average cost of a data breach is $4.24 million. 38%, or $1.59 million of that cost, is due to lost business according to the 2021 Cost of a Data Breach report by IBM. That means many current and future customers take their business elsewhere after a breach. Healthcare organizations experienced the highest total cost of a data breach for the 11th year in a row at $9.23 million.

An unsecured connection between an end user and a website may give a hacker the opening they need to inject malicious code designed to attack a website and its servers – an attack that could result in a data breach.