Site security and the true cost of a little green padlock
It pays to be security conscious. Unfortunately, it usually comes at a cost – be it dropping thousands on an alarm system or patiently submitting to a body scan at the airport. Digital security is particularly important these days and breaches in its defenses make national news.
The biggest headline-grabber of late is the Heartbleed Bug, a serious vulnerability in OpenSSL software. The weakness could allow attackers to steal data such as passwords without leaving a trace. That, my friends, is a big problem. Catchy name though.
In light of Heartbleed, we here at REACH decided to be proactive about security for our own website. Warning: Things are about to get technical. We purchased a domain-validated SSL (Secure Sockets Layer) for reachmaine.com and made the entire site run over HTTPS (that’s Hypertext Transfer Protocol Secure), which allows for secure communication over a computer network. While not entirely necessary — most websites only need SSL for their shopping cart checkout — we wanted to show that we could indeed create a whole HTTPS site. Our reward? A green bar or padlock (depending on the browser) that appears in the address bar and signals to the world that all pages of our site are secure.
We are awfully proud of that little padlock because it took a lot of work to get it. Like home security, national security or personal security, website security is not free. It may not cost your personal freedom or result in bars on your windows, but it does cost more than the obvious purchase of the SSL certificate. One downside was loss of speed.
In some website speed metrics, we are penalized for not using a CDN (content delivery network) and in another metric, we are penalized for redirecting an HTTP request to HTTPS. So, although we are working hard at getting our website loading speed and page speed optimized, we had to sacrifice some speed for site-wide security.
Would we make that choice again? Frankly, I’m not sure, but it is something to think about in this age of identity theft and online privacy issues.