Any website that is not protected by encryption by July of this year will be categorized by Google as insecure. The new policy starting with version 68 of Chrome will force websites to move to HTTPS – encryption technology or be tagged as an unsecured website. Alex Calic, Chief Strategy & Revenue Officer commented below.
Alex Calic, Chief Strategy & Revenue Officer:
“Previous moves by Google and White House directives already introduced encryption as a basic tenet of a security-first mindset, with a majority of legitimate and/or premium websites already adopting it. However, it’s important to remember that HTTPS encryption is an ‘all or nothing proposition’ in order for it to work. This means that every page and the parties contributing code and/or content to every page must maintain encryption: just one break in any call chain will unencrypt a website. Considering 50-75% of executing website code is provided by external parties and many of these parties are not known or visible, websites are blind to their actions and administrators spend countless resources investigating the cause of an encryption break. Google’s latest announcement will further illuminate how current website security practices fail to properly address the complexity of today’s dynamic digital environment.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.