Gone are the days when the green “Secure” label stood to distinguish legitimate websites from potentially malicious ones. Shortly after marking all HTTP sites with a “Not Secure” badge earlier this year, Google has now stepped up to remove the “Secure” label from all HTTPS sites with the release of Chrome version 69.
What’s the role of HTTPS in website security?
Before analyzing the initiative behind the new design cue, let’s quickly reacquaint ourselves with the importance of HTTPS.
HTTPS is a secure version of the Hyper Text Transfer Protocol (HTTP), in which all information exchanged between browsers and servers is encrypted. HTTPS promises data integrity and plays a significant role in keeping cybercriminals from eavesdropping on data exchanged between browsers and servers. Organizations implement HTTPS on their websites by installing SSL certificates which encrypt the data transfer through a combination of a private and public key pair.
Google Chrome unmarks HTTPS sites
Google has constantly pushed for companies to move from HTTP to HTTPS in its goal to achieve a more secure internet. As a next step in this journey, Google has decided to remove the green “Secure” label displayed beside the padlock icon in Chrome’s omnibox for HTTPS sites. This change coming up in Chrome version 69 means that HTTPS doesn’t stand for any added advantage for websites. According to Google, HTTPS is a very basic requirement that organizations have to implement to provide a secure browsing environment for their website visitors.
“We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities—so don’t wait to migrate to HTTPS!” says Emily Schechter, product manager at Chrome Security.
The end is near
Google isn’t stopping there. Its ultimate plan is to label all HTTP sites with a red triangle security indicator, which is currently used to indicate broken HTTPS—a serious website security issue. This change will take effect starting October 16th with the release of Chrome version 70.
Despite the continued nudge given by browser vendors and increased buzz about website security, some companies still refrain from migrating to HTTPS. This reluctance may be from fear of financial burden, SEO implications, indifference, or just the unwillingness to complicate website maintenance with hundreds of SSL certificates around.
That said, transitioning to HTTPS is not a very tough row to hoe provided you are equipped with the right kind of tools. Here’s what you need to do:
-
Purchase an SSL certificate.
-
Install the certificate on your web server.
-
Change links and update all references to HTTPS.
-
Keep track of certificate usage and renewals.
The certificate management process can become a little too much for large organizations when they try to manually track the huge numbers of certificates installed on their web servers. There’s a chance that they might miss a renewal or two and lose business when visitors run into security errors while accessing their website. However, with the right type of certificate management solutions in place, organizations can experience all the benefits of HTTPS without the hassle.
SSL certificate management solutions like Key Manager Plus make the transition to HTTPS much easier for organizations by automating SSL certificate life cycle management. That way, organizations can keep close tabs on expiring certificates and gain complete visibility over their SSL environment without unnecessary manual intervention.