Running SSL/TLS on your website has advantages and disadvantages, but I’m willing to wager that you’re more than likely to want it on your website. From it’s privacy benefits to boosting your website’s Google ranking, running SSL/TLS is almost common sense. However, there are also a lot of false myths about SSL/TLS that might make users hesitate to using it. If you’re unsure about which route to take, fear not, because we laid out the pros and cons of employing SSL/TLS, as well as busting some myths about it.
Pros:
Reputation
Your users will feel more confident if they see the green lock on your website. This is especially important for retailers and e-commerce websites, because trust is an integral part of converting traffic into sales. Customers will more than likely register on your website or make a purchase if they see that your website can be trusted with their personal data.
Privacy for Your Users
Running SSL will protect your users’ data from prying eyes. In this day and age, it’s not just analytics tools that are crawling and sniffing through your website’s stored data. Your data might be being analyzed by more tools that you think.
For example, network operators are sitting on a mountain of personal data from customers, and might be reading all the data that is transmitted. This is legal as long as the customers explicitly exchange their personal data for, say, free texting. However, there are a lot of dark forces out there committing cyber crimes who steal users’ data. What an SSL certificate essentially does is digitally bind a cryptographic key to an organization’s details, therefore any data entered on your website by users will be protected from unwanted hackers waiting in the shadows.
Fraud Prevention and Compliance
SSL prevents some network attacks altering the communication between you and your users, for example; to steal their login data, payment details or other confidential details. Depending on which data you transmit, doing so unencrypted might be illegal in some countries. This includes email addresses, passwords, the user name and such.
Google Will Rank Your Website Higher
Despite Google’s criticisms from netizens over privacy, the tech giant claims to emphasize the importance of security. To get their point across, Google stated that they have been using secure, encrypted connections as a signal in [their] search ranking algorithms. So far, Google has seen some positive results from their test runs. This led to their decision in using HTTPS as a ranking signal. So if you’re running SSL/TLS on your website, you’re already scoring points in Google rankings.
False Myths:
SSL Makes My Website Slow
While it is true that SSL negotiation requires two more IP packets and a little bit of computation in both the client and server computers, with the modernization of network protocols and higher computation power of computers and mobile phones, this is not an issue anymore.
Price
Nothing could be cheaper than free. Let’s Encrypt is an initiative for full network encryption that offers full-blown SSL certificates for free. It only takes about 30 minutes to set up. Let me tell you a secret: most of the websites we run at Mobile Jazz use Let’s Encrypt and now it takes less than 5 minutes for us to install a certificate.
It Could Take My Website down If the Certificate Expires
While this is a valid concern, remember that now some certification authorities provide automated methods to renew a certificate. For example, Let’s Encrypt offers an agent software that will automatically renew the certificates and alert you via email if there are any red flags. However, it is not likely that an expiring certificate will cause havoc on your website.
Cons:
There’s really only one substantial disadvantage with SSL/TLS: computation time and complexity in network architectures. In our experience, this is required when you have hundreds or thousands of visitors per minute, and even then depending on your service. In this case it could happen that SSL makes a real difference for your server’s CPU. In this case, you would need more advanced techniques like load balancing and your network topology would become a bit more complex. If you reached this maturity level, you probably should have load balancing and failover anyway. Hire a good network expert that can handle this for you. SSL shouldn’t be a problem for him/her.
Note on SSL vs TLS
Is it the same or a different thing? Actually you can think of TLS as the newer version of SSL. Most people still use SSL and TLS as synonyms. They provide the same functionality and SSL is a very well-known term now. For the purposes of this article, SSL and TLS are the same thing.
As we have seen, it is quite clear that the advantages of running SSL on your website outperform the disadvantages. It is also clear that it is not a budget issue, but more about being security-conscious. Also, some advantages like increased purchases or better ranking in Google probably are already good enough reasons for you to run and install an SSL certificate right now.
If you have further questions or would like to add some points to the lists, please feel free to write in the comments!