Top

The Great HTTPS Migration: Huge Surge in Website Encryption

October 21, 2017

Category:

Hyper Text Transfer Protocol Secure (or HTTPS) is quickly becoming the norm for sites loaded with Chrome. Google announced in a blog post that the number of websites that protect traffic using HTTPS has increased consistently and considerably. Latest figures show that over 60% of the sites loaded with Chrome use HTTPS. But why, and more importantly how did the tech giant get so many websites to adopt security measures in this rather short timespan?

According to two recent studies, Chrome is the most secure web browser out there. This is a sensible affirmation however, considering the two studies were sponsored by Google, and only compared Chrome, Microsoft Edge, and Microsoft Internet Explorer. Firefox and Opera fans can only speculate at this point, but the studies revealed something important nonetheless: Google has been focused for a while now on securing the data that’s sent between browser and website.

“Security has always been one of Chrome’s core principles—we constantly work to build the most secure web browser to protect our users. Two recent studies concluded that Chrome was the most secure web browser in multiple aspects of security, with high rates of catching dangerous and deceptive sites, lightning-fast patching of vulnerabilities, and multiple layers of defenses,” Emily Schechter, Chrome Security Product Manager, said in the blog post.

If nothing else this at least states a clear motivation towards security.

The difference 1 year can make

Google’s secure web movement began on September 8th, 2016. This is when Google announced that beginning in January 2017 (Chrome 56), HTTP pages that collect passwords or credit cards will be marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure. Practically every site that wasn’t HTTPS encrypted would have been marked “not secure” in Chrome.

“We wanted to help people understand when the site they’re on is not secure, and at the same time, provide motivation to that site’s owner to improve the security of their site,” said Emily Schechter. “We knew this would take some time, and so we started by only marking pages without encryption that collect passwords and credit cards. In the next phase, we began showing the “not secure” warning in two additional situations: when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

Google’s Transparency Report revealed remarkable progress on the HTTPS front:

  • 64 percent of Chrome traffic on Android is now protected, up from 42 percent a year ago.
  • Over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on Chrome OS a year ago
  • 71 of the top 100 sites on the web use HTTPS by default, up from 37 a year ago

Percent of page loads over HTTPS in Chrome by platform. Image: Google

The countries with the most significant improvements in the last year (measured via Chrome on Windows): Japan – from 31 percent to 55 percent, Brazil – from 50 percent to 66 percent, and the U.S. 59 percent to 73 percent.

Future efforts for HTTPS

The truth is that HTTPS is easier and cheaper than ever before. We don’t really have to go through the security argument anymore, all you have to do is scan some news titles from any tech publication and you’ll see just how important it has become for businesses around the world. To help site owners, Google is tackling the HTTPS migration on two fronts:

  1. Let’s Encrypt – a free, automated, and open certificate authority that helps owners secure their website in a cheap and simple way.
  2. Managed SSL for Google App Engine – a service that automatically encrypts server-to-client communication.

Bottom line

We’ve gotten to a point where businesses can no longer afford to have insecure websites. It’s not a matter of costs anymore – in fact it’s costly not to secure your business. With HTTPS migration getting cheaper and easier than ever before, it will only be a matter of time before the web becomes more secure as well.

Set-up guides to get developers started.