What Google Rank Boost for HTTPS Means for Web Security

Always On SSL or HTTPS everywhere ensures that any and all information online is secure. Google recently announced that they would give a boost to websites that made the decision to secure all visitor information and any type of communication online.

We’ve searched for experts in a number of fields to see what they have to say about what Google’s rank increase means for Internet security.

HTTPS everywhere online and Always On SSL for websites is a positive step forward in personal privacy and online data security. Experts in various industries weighed in on the positive effect of more sites online securing data with SSL.

The Positive Effect of HTTPS Always On

“We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”

-Zineb Ait Bahajji and Gary Illyes, webmaster Analysts @ Google

“Every company wants to rank favorably on Google, so it’s in their best interest to ensure web pages are encrypted. Data in a plain-text state is easily readable, so any website that’s storing or transmitting user credentials or data in plain-text is putting customers’ data, and the company’s reputation, at risk.”

-Jason Hart, VP @ SafeNet

SSL Support Helps Ensure That Security is Done Right

“Making your site run over HTTPS or SSL can be easy for small websites but for really large sites, it would require a lot of reconfiguration and testing. Security certificates are not that expensive these days, depending on which security company you go with. The big cost may be involved in migrating larger and older sites into the new URL structure.”

-Barry Schwartz, Editor @ Search Engine Land

“Getting the SSL support you need can be tough, most companies today have mazes to navigate through before reaching a real human being. This can be extremely frustrating for administrators with critical server questions. From day 1, DigiCert has never outsourced customer service and we’ve put real SSL experts on the front lines to answer any SSL Certificate questions, whether you’re using a DigiCert certificate or not.”

-Flavio Martins, VP of Ops @ DigiCert

“Some companies just get it right. Someone at DigiCert actually took the time to respond to our initial tweet even though we’re not a DigiCert customer. Total effort on the part of the DigiCert guys was probably less than 60 seconds between the Twitter search and both of these tweets, but in 60 seconds they managed to position themselves as caring and eager to help, making a strong positive impression.”

-The Gotham Bus Hosting Team

SSL is the Backbone of Internet Privacy and Data Security

“Having HTTPS does massively reduce the number of threats that could get access to your messages: It should stop eavesdroppers on a wireless network, or dragnet collection by intelligence agencies, even if it couldn’t protect you against a court order sent to Google. Stronger incentives for HTTPS deployment are great news for the Internet, and for all of its users.”

-Peter Eckersley, Technology Projects Director @ EFF

“In light of this, the fact that Google will prioritize sites using HTTPS in search results is a very positive, praiseworthy move as it will incentivize providers to implement encryption and secure communications, which obviously has a beneficial effect in reducing the possibility of anyone ‘eavesdropping’ on, or having unauthorized access, to that information.”

-David Emm, Senior Security Researcher @ Kaspersky Lab

Now that Google has incentivized the use of HTTPS everywhere online and is rewarding sites that have Always-On SSL for its visitors, it should help reduce the risk of going online and increase the level of user trust when doing business online.

At DigiCert, we’ve worked hard to make SSL security easy and to help our customers secure any information online. We’ve worked with SSL industry standards groups in order to make SSL more commonplace, have created free tools for managing SSL Certificates and inspecting server security. We’re excited by Google’s decision to reward site owners who make security a top priority by giving a Google search rank boost to SSL-enabled websites.

Google’s decision shows that SSL encryption works and that it’s the most reliable source for online data security today. To get started, website owners and administrators should choose which type of SSL Certificate is best for their website, decide whether they should use an EV SSL Certificate with the green bar for additional user trust, and then make sure that they get an SSL Certificate from a trusted certificate provider.

In the next few weeks, the Google team will be releasing more SSL security best practices for website owners and administrators, but those looking to take early advantage of the Google search benefit can go a step further and use the free online website security scanner Certificate Inspector, to ensure that their site will be seen favorably by Google.

Posted in Announcements, Security, SSL
  • generalnetworkerror

    Let’s hear the negative arguments as well to be fair.

    • Quite honestly, the negative argument of more SSL online is that as administrators rush to add SSL to sites currently not secured, many will simply add cheap, no assurance certificates that don’t provide identity verification.

      These certificates simply encrypt but don’t include then authentication of the party on the other end of the connection. Simply adding encryption doesn’t solve the concern of trust.

      While sufficient for internal servers where the party controlling the server is the only ones who will access it, domain validated certificates don’t do enough to verify that you are talking to who you think you are talking to online, making them unsuitable for trust-based online connection.