Header Image

"Not Secure" doesn't mean not secure

Recently google has been making changes and a few customers have been asking us why their websites have come up as “not secure”. That phrase “not Secure” can make you worry. Why isn’t my website secure? They then ask how they can make it secure, like the lovely green padlock/bar that you see in the URL of this Facebook page right now. The answer is to get an SSL Certificate and turn your website URL from a http: to a https: Great! So why don’t we all have one?

Well, I want to start by saying that not everyone needs an SSL Certificate and that secure padlock at the top of their website. While it looks nice, it also costs money and time to implement and you only really need it if your website deals with sensitive information such as transactions or membership areas that require passwords. You will see when you login through our own Vision ICT site that it is secure as you are exchanging sensitive information (Passwords) from your computer to your website.

You see, not having ”secure” in your URL doesn’t mean your website isn’t secure, it just means it isn’t encrypted. The way SSL certificates work is through the use of public key cryptography. Global Sign summed it up well on their website:

“A public key is known to your server and available in the public domain. It can be used to encrypt any message. If Alice is sending a message to Bob she will lock it with Bob’s public key but the only way it can be decrypted is to unlock it with Bob’s private key. Bob is the only one who has his private key so Bob is the only one who can use this to unlock Alice’s message. If a hacker intercepts the message before Bob unlocks it, all they will get is a cryptographic code that they cannot break, even with the power of a computer. If we look at this in terms of a website, the communication is happening between you and the website.”

Having an SSL Certificate also has it’s disadvantages:

  • Cost is one of the issues; SSL providers need to set up a trusted infrastructure and validate your identity which has a cost attached to it. 
  • Performance is another. Because the information needs to be encrypted before it can be sent, it takes up a lot of server resources. This is normally only noticeable on large sites however and can be minimised with certain hardware.

However, if you are planning on having e-commerce style functions on your website or membership areas and you have the money to buy an SSL Certificate then it is definitely something to consider. It makes your website more trusted by customers and Google also rewards SSL Certificate users. So while having the secure feature on your website looks good, it isn’t always necessary. However there is still a lot of debate surrounding the new GDPR law and it’as full implications. Feel free to give us a call to discuss this further and see how we can help you.