Last year, Google made waves by charging a push for every website on the Internet to be secured by an SSL/TLS certificate. The push for “HTTPS Everywhere” or “Always-on HTTPS” has been surging. The concept of HTTPS and SSL/TLS certificates has gone mainstream, with thousands of times more SSL/TLS certificates on the Internet today than in 1996 leading to the development of new Free SSL companies that offer unpaid SSL/TLS certificates over the past two years.
How will this change the Internet as we know it today? Here are three ways the Internet will be different:
As a result of the huge demand for SSL/TLS certificates, the marketplace for SSL/TLS certificates has grown to create space for free SSL/TLS certificates. There are low-cost SSL/TLS certificates being offered for as low as one dollar, and there are also free, completely automated SSL/TLS certificate providers who are able to produce zero-dollar domain-validated SSL/TLS certificates to qualified applicants.
Unpaid SSL/TLS certificates fill the need in the market for those who do not wish to pay for security, but still wish to protect their data. It is unlikely an organization protecting large volumes of customer data would ever opt for an unpaid SSL/TLS certificates due to the limited support and additional features.
Those organizations that require support, special features (such as Subject Alternative Names) and do not want to risk their SSL/TLS certificate going down for an extended period of time will want to seek protection from one of the leading Certification Authorities, who charge for their services.
The goal of HTTPS Everywhere and Always-On SSL is to make it easier to identify which websites are unsafe, however, fraudsters are less likely to purchase SSL/TLS certificates that they will use to defraud people – they will use free SSL/TLS certificate providers to procure their certificates.
This will put more pressure on Certification Authorities to provide better options for legitimate business owners, and may cause an increase in the amount of Extended Validation certificates we see on the internet as Extended Validation certificates offer the highest level of trust and visible indicators of all SSL/TLS certificate types. In fact, the advent of free SSL/TLS certificates may increase the value of Organizational and Extended Validation SSL/TLS certificates which require more rigorous verification procedures to obtain.
The research-based consulting firm Javelin Strategy & Research releases annual reports on cybertheft. Their reports for the years 2014 and 2015 show that, $15 billion was stolen from 13.1 million American consumers in 2015 compared to $16 billion from 12.7 million defrauded the year before. The amount of money being stolen by hackers is on the decrease, while the number of people exploited rose, making the average amount stolen in 2015 $1.15 per person victimized compared to $1.25 person victim the year prior - an 8% decrease.
As Certification Authorities, browser-makers and users of the Internet band together to both raise awareness and be more alert to privacy concerns, cybertheft will become a more difficult endeavor requiring a greater level of organization to succeed. Unfortunately, this does not mean that fraudsters are just going to give up. If anything, it means cyber thieves will resort to more sophisticated methods to circumvent SSL security, and so it will be just as important as it always was for businesses to select the right technologies to keep their data safe.
For example, businesses may choose to invest in Extended Validation certificates to offer the highest level of assurance to their customers that their sites are legitimate and their data will be secure. One definite byproduct of the onset of movements such as Always-ON SSL and HTTPS Everywhere is that more people will be aware of SSL security, as well the threats associated to their online security. As a result, Internet users will be on the lookout for clues that they are on legitimate and safe websites, and Extended Validation certificates provide the best indicator of such a justifiably demanding level of trust.
NEXT ON PROVE IT: Just How Hard Is It to Break SSL/TLS Encryption?