Security is one of the most important topics for any company doing business in some form on the internet.

With the liabilities associated with data breaches and hacking incidents only increasing, few companies can afford to ignore website security.

While achieving a high level of security is an involved process that requires time and effort, one of the basics is about to get a lot less expensive.

That's because this week, the Internet Security Research Group (ISRG), a non-profit organization with backing from companies like Mozilla, Cisco and Automattic, announced that its automated and open certificate authority (CA) has received cross-signatures from IdenTrust.

What does that mean in non-techie terms? SSL certificates issued by Let's Encrypt will be trusted by all major browsers.

That's noteworthy news because Let's Encrypt offers SSL certificates at no cost. So starting in November, businesses will have a way of securing their websites using SSL without spending any money on a certificate, which can cost upwards of hundreds of dollars a year in some cases.

HTTPS everywhere

According to the ISRG: "Vital personal and business information is flowing over the Internet more frequently than ever, and it’s time to encrypt all of it.

"That’s why we created Let’s Encrypt, and we’re excited to be one big step closer to bringing secure connections to every corner of the Web."

The ISRG is not the only organization pushing to drive greater adoption of SSL.

Last year, Google called for "HTTPS everywhere" at its Google I/O conference and even announced that it added HTTPS as a ranking signal...

...over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal.

For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.

But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web. 

Google's encouragement almost certainly helped convince some to use HTTPS, but there are a number of reasons many websites still don't employ it.

For instance, many small businesses with limited access to technical know-how are less likely to understand how to acquire and install an SSL certificate.

But cost is also a barrier, and with a free option that works with all major browsers, it's possible that we'll see hosting companies and makers of server management software integrate with Let's Encrypt to make certificate acquisition and installation practically painless.

Free SSL certificates won't always be the best option

While Let's Encrypt could very well be a game-changer in driving adoption of HTTPS – a small but important first step in promoting data security – companies will want to keep in mind that its free certificates won't always be the best option for all websites.

Let's Encrypt certificates provide domain validation but there is no verification of the organization behind a domain.

The most expensive SSL certificates frequently provide Extended Validation (EV), which involves verifying the organization behind a website.

When these certificates are used, web browsers highlight the organization's name in a green address bar. 

For companies operating certain kinds of websites, such as those that involve ecommerce and financial transactions, this level of validation and browser highlighting of trust is often desirable.

But for many websites, Let’s Encrypt's free certificates should be a fine option and their availability will leave companies with little excuse for not securing their websites using HTTPS.

Patricio Robles

Published 22 October, 2015 by Patricio Robles

Patricio Robles is a tech reporter at Econsultancy. Follow him on Twitter.

2616 more posts from this author

You might be interested in

Comments (0)

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.