Security is critical in today’s privacy-conscious world. It’s not something you can’t fake, so you need to give your users a clear impression that their information is safe. While you’re not storing credit card information on your corporate marketing website, you do have a few crown jewels that are worth securing, such as:
- Content admin – these are essentially the publishing keys to the kingdom, which are absolutely critical to safeguard if you want to maintain full control of your site with no exploitable vulnerabilities
- Any exchange of personal information, such as a member login portal, email subscription signup, or demo request form – the sensitive data your users want to feel confident is protected from hackers
- Anything that impacts your site’s overall luster, even little things like blog comments – our mantra is: everything that touches your site is worth shielding from harm
- Ancillary properties: Marketing or ecommerce pages hosted elsewhere – you don’t just need to secure your own pages, but the content that is served up on third party sites as well so there are no chinks in your web armor
Your Reputation Depends on it
While a corporate website isn’t as technically advanced as your product, it’s directly linked to how your products are perceived, meaning that if you’re hacked, it puts you and your technical credibility at risk. You don’t want a glitch on your corporate site to jeopardize an enterprise sale. The stakes are even higher if you’re a security company. Remember that you’re only as strong as your weakest link, so you need to ensure that your site measures up across the board.
Site security is also a huge factor in helping to increase your company’s online presence over your competitors by giving HTTPS sites a search ranking boost over HTTP on Google. We’ll delve deeper into that in a bit. The point is that there are countless business case scenarios for why your site needs to be SSL-compliant and we’ve got you covered from every possible angle.
What You Should Look For
Savvy users know to look for that little green lock icon in the URL field before entering any personal information. That’s Internet Safety 101. The implication is that the site is more secure and trustworthy, so that users will, in turn, trust you — and feel confident using your services.
Bake It into Your Devops
If you develop in a non-HTTPS environment and then migrate the code over to a secure environment in production you’re begging for problems. For example, a single asset (image, script, video, etc) pulled over HTTP will result in what’s called “mixed content,” which will more-than-slightly-embarrassingly break the little green lock we’ve worked so hard to achieve. A development environment should match the live environment as closely as possible, so we choose to develop in HTTPS to identify any of these issues as they happen, instead of during the post-launch rush when things can break or slip through the cracks. Our collective experience keeps these types of glitches from happening so that it won’t jeopardize your website’s integrity.
The Overlord Google and SEO Benefits
Beyond the necessity of having a protected site to instill confidence in your customers, if you don’t follow Google’s stringent security guidelines, your company rankings will take a hit.
Google’s algorithm requires HTTPS to increase your search ranking. In the wake of daily hacking attempts becoming increasingly prevalent online, Google has put a premium on a user’s security. They want to ensure that user searches return high quality, relevant information from verifiable sources. HTTPS gives users greater security, so Google is pushing SSL by rewarding secure sites with better search results.
The Super Techy Ding Dong
We won’t get into the all the nuts and bolts here (mainly because this post would be 10,000 words), but understanding the basics of how HTTPS works is key to understanding its value. HTTPS is a secured version of the HTTP protocol, which uses SSL (Secured Socket Layer) encryption. Basically, HTTPS uses a public and private key matching mechanism before it starts transferring data. Once the match is confirmed, the connection is established and your secure session begins. This is like your site having its own secret handshake with your content servers – they must mirror every gesture before the conversation can begin. If even one movement is off, not a single shred of data is exchanged.
Diagram of encrypted solution from user to SSL certificate
Once Secured, Get Certified
Obtaining an SSL Cert first requires you to know what type of certificate you need. While there are differences in what an SSL certificate covers, for corporate marketing sites, it generally boils down to the choice between a single certificate and what’s called a wildcard certificate. A single cert will provide you with HTTPS encryption on a single domain (e.g. https://atre.net) while a wildcard will cover all subdomains (e.g. https://fonts.google.com). For more information on what type of certificates are available, go to: https://www.ssl.com/article/dv-ov-and-ev-certificates/
Note that instructions for certificate installation will vary from the different providers, but generally, they’ll outline the steps needed for installation as follows:
- Generate a CSR (Certificate Signing Request) – your side of the secret handshake we mentioned earlier
- Choose and purchase the SSL Certificate
- Next, your Certificate provider will validate your CSR and SSL certificate and provide you with the verified, ready-to-go certificate
- Depending on your hosting environment, you may need to install the certificate yourself, or it may be covered by the certificate provider
Shortcuts aren’t always bad, because in this case, your CDN can cover your HTTPS needs for you. CloudFlare offers a great, easy-to-use SSL certificate that comes bundled with your CDN service. But the scope of your entire web presence should be carefully identified before considering this as a solution. Engage with your internal IT team to become familiar with your corporate-wide needs. To learn more about CloudFlare’s one-click SSL, read: https://www.cloudflare.com/ssl/
If this aligns with your company’s strategic imperatives, you can enjoy the many benefits of a fully integrated CDN plus the added bonus of an SSL cert without having to undergo the arduous application process.
Corporate IT Involvement is Critical
SSL security can extend far beyond your public-facing website. SSL can also be used to secure your inbound and outbound email, landing pages requesting user information, as well as content admin and other back-end tools. To consolidate your efforts, involve your IT to secure your web presence under one cohesive infrastructure. They’re also best positioning to install, maintain and update your SSL certificate as needed.
Maintain, Maintain, Maintain
- Keep a close eye on your content: Make sure no HTTP includes make their way into your code; a single occurrence will invalidate your HTTPS
- Renew your cert: Certificates don’t last forever, so you’ll need to stay on top of expiration dates