Home / Blogs

Web Encryption - It's Not Just for E-Commerce, Anymore

Leslie Daigle

Last week, I re-tweeted Cloudflare's announcement that they are providing universal SSL for their customers. I believe the announcement is a valuable one for the state of the open Internet for a couple of reasons:

First, there is the obvious — they are doubling the number of websites on the Internet that support encrypted connections. And, hopefully, that will prompt even more sites/hosting providers/CDNs to get serious about supporting encryption, too. Web encryption — it's not just for e-commerce, anymore.

Second, and no less important, is the way that the announcement articulates and shares their organizational thought processes. They are pretty clear that this is not a decision made to immediately and positively impact their bottom line of business. It's about better browsing, and a better Internet in the long run is better business. And, they are also pretty open about the challenges they face, operationally, to achieve this. That's another thing that can be helpful to other organizations contemplating the plunge to support SSL.

So, go ahead and have a read of their detailed announcement — and please forget to check if my website supports encrypted connections. It does not :-/ (yet). I've added it to my IT todo list — right after dealing with some issues in my e-mail infrastructure. I asked the head of IT for a timeline on that, and she just gave me a tail-flick and a paw-wash in response. Life as a micro-enterprise.

More substantially, I could easily become a Cloudflare customer and thus enable encryption up to the Cloudflare servers. But, proper end-to-end encryption requires my site to have a certificate, based on a unique IP address for this website and the going rate for that, given where my site is, is $6/mo. That adds, substantially, to the cost of supporting a website, especially when you might have several of them kicking around for different purposes.

There's work to be done yet in the whole security system (economics) model, it seems to me. Open discussion of practical issues and eventual work arounds does seem like a good starting place, though.

A version of this post originally appeared on http://www.thinkingcat.com.

By Leslie Daigle, Principal, ThinkingCat Enterprises and Editor, InternetImpossible. More blog posts from Leslie Daigle can also be read here.

Related topics: Cybersecurity, Privacy, Web

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Major Media Websites Lose Audience Due to Slow Load Times on Mobile

Leading Internet Associations Strengthen Cooperation

DeviceAtlas' Deep Device Intelligence Now Addresses Native App Environment

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Miss.Africa Announces 2016, Round II Seed Funding Tech Initiative for Women in Africa

How Savvy DDoS Attackers Are Using DNSSEC Against Us