HTTP vs HTTPS: Is it Time For a Change?

Data. Security. Privacy.

These are the cornerstones of many discussions concerning technology. The use of use Hyper Text Transfer Protocol Secure (HTTPS) in lieu of the standard HTTP is one way for the businesses to address the security of their customers’ information.

The Case for HTTPS

On one side of the argument, protecting all websites with HTTPS is seen as a necessary step because having security is imperative, despite the additional workload.

Another interesting point in the debate is that Google has begun using HTTPS as a ranking signal. In other words, websites that are using the HTTPS protocol are appearing higher on the list of search results.

HTTPS provides a secure, fast and private connection between the user and the website, but there are a few considerations for businesses to ponder before taking the plunge. For some, the full scale implementation of HTTPS is seen as a possible solution for security challenges, but it has a few drawbacks that should be considered when making the decision.

Argument Against HTTPS

On the other end of the argument, there is the belief that not every website needs HTTPS because not every business deals with the transmission of sensitive information or PII. Some believe that HTTPS is an option, but you must consider things like certificate maintenance before making the decision. Furthermore, there are extra costs in terms of time and resources that would be needed for an extra level of encryption.

SSL Certificates

SSL-certificate

SSL certificates are files that encrypt the connection from a web server to a web browser. Certificate maintenance requires the installation, configuration and rotation of SSL certificates to ensure that a website’s information is encrypted and up to date. The management of these certificates has high operational costs.

In terms of performance, an additional level of encryption requires more server resources because each visitor must connect to the server in order to exchange the information required to establish a secure connection. Compared to the loading time of a page with HTTP, this process of exchanging information can take a little more time, especially if the server is dealing with multiple visitors at once.

With these extra costs, such as certificate maintenance and a slight decrease in site performance, one must consider if the extra level of encryption is worth implementing.