Credit: Peter Sayer
After Edward Snowden revealed that online communications were being collected en masse by some of the world's most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we've passed the tipping point.
The number of websites supporting HTTPS -- HTTP over encrypted SSL/TLS connections -- has skyrocketed over the past year. There are many benefits to turning on encryption, so if your website not yet support the technology it's time to make the move.
Recent telemetry data from Google Chrome and Mozilla Firefox shows that over 50 percent of web traffic is now encrypted, both on computers and mobile devices. Most of that traffic goes to a few large websites, but even so, it's a jump of over 10 percentage points since a year ago.
Meanwhile, a February survey of the world's top 1 million most visited websites revealed that 20 percent of them supported HTTPS, compared to around 14 percent back in August. That's an impressive growth rate of over 40 percent in half a year.
There are a number of reasons for the accelerated adoption of HTTPS. Some of the past deployment hurdles are easier to overcome, the costs have come down and there are many incentives to do it now.
One of the longstanding concerns about HTTPS is its perceived negative impact on server resources and page load times. After all, encryption usually comes with a performance penalty so why would HTTPS be any different?
As it turns out, thanks to improvements to both server and client software over the years, the impact of TLS (Transport Layer Security) encryption is negligible at best.
Not only is the impact minor on the backend, but browsing is actually faster for users when HTTPS is turned on. The reason is that modern browsers support HTTP/2, a major revision of the HTTP protocol that brings many performance improvements.
Even though encryption is not a requirement in the official HTTP/2 specification, browser makers have made it mandatory in their implementations. The bottom line is that if you want your users to benefit from the major speed boost in HTTP/2, you need to deploy HTTPS on your website.
It's always about money
The cost of obtaining and renewing the digital certificates needed to deploy HTTPS has been a concern in the past, and rightfully so. Many small businesses and non-commercial entities have likely stayed away from HTTPS for this very reason and even larger companies with many websites and domains in their administration might have been worried about the financial impact.
Sign up for Computerworld eNewsletters.