Blog Support

Who Needs SSL?

Does everyone need SSL? It’s not mandatory for all sites - for now. Do most sites need it? Yes. Do you need it? Let’s find out.


Firstly, Why SSL?

Trust
Internet users look for many trust signals when they visit a website. For casual browsing, their eyes and senses do a cursory review of the site they’re on for a visual and performance indication of quality. Does anything look out of place or suspicious?

When users are at the point of doing anything remotely sensitive, they look even closer. About to enter an email address? A few seconds of hesitation and review. Entering personal details into a form? They look closer. Credit card details about to be entered? Eyes squint in closely, the mouse wheel rolls up and down the page double checking things before the purchasing fingers fly.

A quality SSL certificate resulting in the green https or the EV green bar is the most helpful trust factor to include on the page because it proves to the user that the server they are connected to is really who it claims to be, and that the connection is secure and encrypted.

Enhanced Security via Encryption
But SSL isn’t just for show. It is a real enhancement to a website’s security, and the quality and types of the SSL certificate matter.

SSL certificates encrypt the connection between server and user by encrypting communications between them. No outsider along the pathway can intercept, take or change the information in transit successfully. With the use of a strong system of private and public keys to encode data only the sender and receiver can read this information.

And that’s why SSL helps build trust - they make connections much more secure.

Secondly, Who Needs it Most?

E-Commerce Websites
Requesting credit card details for a payment? It’s time to get strong security if you haven’t already. But are all the SSL equal? If you are receiving credit card details on your own pages you should definitely aim for the high-level Extended Validation certificates (EV) to give your customers extra confidence in the validity of your organization and the quality of the website’s security. The EV Certificate enables the green address bar showing the company name in the url bar and requires multiple extra validation steps to acquire. Making them more highly validated and trusted than simpler certificates.

Some e-commerce sites choose to the only encrypt their payment pages with SSL, but it’s certain that having the entire website consistently encrypted would give customers confidence earlier in the shopping experience helping them become a paying customer.

Software as a Service
If you’re transmitting client information in any form and providing information to your users you need that information to be encrypted to ensure its validity both coming and going from your website. Your users deserve to know that their information is safe and that the information received from you is as you have intended.

The ‘open’ nature of communicating information back and forth to your service, as opposed to a one-time access for example, make the need for higher quality SSL all the more vital.

The case for EV ‘green bar’ certificates here is also strong and highly recommended to confer more trust in your company and your commitment to security.

Government
Government institutions are an obvious special candidate that should have SSL but a troubling number of government sites still do not have their connections encrypted. Government agencies present, manage and transfer sensitive public and private information that should be secured.

With many website urls under the management of and stemming one from section of government Multi-Domain SSL UCC-SAN Certificates are often appropriate to cover multiple properties with high security.

Education, Health Care & Social Institutions
Organizations dealing with personal, private information and presenting important and often critical information to the public need to make securing their connections a high priority.
Use cases such as students submitting school applications or tests including personal information, patients accessing private medical details or managing appointments and even anonymous persons browsing sensitive information such as regarding medical or outreach issues need to know that they are doing so privately.

Many medium and larger institutions of these types often have many subsections and subgroups combined onto their online presence and often need to consider Wildcard SSL Certificates. This enables covering subdomains like specialarea.example.com in addition to regular subsections like example.com/home to cover their extended online offerings and allow room for growth without being walled in to only their one domain section.

Social Media Platforms
Personal, private info, content and messages? Check, check and check. Every social media platform, sharing service or provider needs SSL encryption, plain and simple. EV certs through to Business Validation certificates are appropriate depending on the size, scale and nature of the services and the trust-level requirements for users to feel safe using the website.

Third, Who Should Make it a Priority Now?

Nearly All Companies
Companies of any size beyond the smallest SMEs should consider making the transition at the soonest convenient time. Increasing security and showing a higher trust factor are universally positive improvements that reflect well on companies of any industry.

If the company website has newsletter sign-ups, white paper downloads, support and contact forms - any information transfer at all - it is a priority to provide better security of the information being transferred for the benefit of the company’s visitors.

It is also important to remember that it isn’t only the user’s information that needs to be secured when shared with the company, but also the company’s information on the website that needs to be ensured valid and arriving to the site visitor without interference, hacking or modification by any malicious 3rd party attacking or changing the company’s information on its way to the visitor.

Larger companies with enough budget or any company requiring the sharing or transfer of sensitive information beyond simple contact forms would want to consider Extended Validation (EV) Certificates because of the higher level of trust in the organization they confer. Certificate issuers require multiple proofs to verify the company and domain to get the EV certificate and the benefit is the added company name and green bar giving users quick visual assurance of increased security.

Many businesses are well served by Business Level Certificates or Organization Validation (OV) Certificates which similarly to EV the issuer has a validation process for the applicant though it is usually simpler. These provide https encryption which shows as a lock icon in the url bar but won’t include the company name in a green address bar.

Entertainment & News Websites
Need to safeguard the transmission of their digital rights management and intellectual property. These organizations need to consider the possibilities for the information and content they present to be altered and attacked en route and the potential liabilities of their transmissions being compromised. Their integrity and stability in the market depends on users being able to rely on their ability to deliver information without being hindered, compromised or hacked.

What are the Borderline SSL Cases?

What websites are on the edge, that can live without it, but are better off with it?

Smaller Company Informational Websites
If your company is small, only presenting basic information online and is not receiving or sending any sensitive information to users via your website, and you don’t have any IT-capable persons able to go through the accessible SSL certification steps - you could wait.

However the SSL certification process is not that difficult, enabling SSL on your website would make an important difference in security, instill greater trust and confidence in your website’s visitors and may even give a slight SEO boost as indicated by Google.

Either a Business Level Certificate or the less expensive Standard SSL Certificates are perfect for smaller companies.

Who Can Wait a Little?

Small Bloggers & Hobby Sites
Are you a small blogger without internal developer resources, a small budget, or not much time? You can afford to wait - for now. Google mentions they will give a small ranking factor to sites with SSL and though it doesn’t seem to be a strong factor at the moment for small sites it will become increasingly important with time.

Conclusion

Place Your Bets on Green
For nearly all organizations there are definite advantages for adding SSL certificate encryption to their websites. There are:

  1. SSL Certificates available at all price points, starting from less than $5 a year
  2. They are accessible and relatively simple to install
  3. They give users reliable, immediate added trust in your company or organization
  4. They enable real encryption providing enhanced security

Small Company or Blog Who Wants to Wait?
If you aren’t presenting or transmitting sensitive or important data and your visitors trust-level judgment of your website isn’t an issue you can wait for now. But as you grow SSL should be a consideration. When you’re ready SSLTrust will be there with extensive options and support. Stay safe!

Discussions and Comments

Click here to view and join in on any discussions and comments on this article.

Written by
Paul Baka


SSLTrust Blog

View our blog covering news and topics in security, certificate authorities, encryption and PKI.

Learning Centre

View more resources on cyber security, encryption and the internet.


Continue reading with these articles you may be interested in...

#Guides

What Are The Best Practices For Securing Your SaaS?

A single breach could hypothetically compromise wide swathes of sensitive user data. However, modern SaaS usage takes data encryption and security risks extremely seriously, to the point where technology isn't necessarily the most common point of …