Government // Cybersecurity
News
8/7/2014
03:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google To Factor Security In Search Results

Websites that don't support HTTPS connections may soon be less prominent in Google search results.

Eavesdropping On A New Level
Eavesdropping On A New Level
(Click image for larger view and slideshow.)

Google has begun considering the security of websites as a factor in how it ranks them in its search index, a shift that can be expected to increase support for encrypted HTTPS connections at websites.

In a blog post on Thursday, Zineb Ait Bahajji and Gary Illyes, webmaster trends analysts at Google, said that Google has been testing support for encrypted connections at websites as a search ranking factor.

"We've seen positive results, so we're starting to use HTTPS as a ranking signal," they said.

In other words, Google finds that testing whether websites support HTTPS, among its many ranking signals, improves the relevancy of its search results. As a consequence, any website concerned about where it ranks in search result lists -- which means most websites -- will want to implement HTTPS support if it hasn't already.

[Google's latest acquisitions aim to bolster its video ad and messaging businesses. Read Google Buys Messaging, Video Startups.]

Ait Bahajji and Illyes note that security is not a dominant ranking factor. It counts for only a little in the overall rank of a website, affecting less than 1% of global queries. Google still considers the quality of the content on a website more important as a ranking signal than its security.

"But over time, we may decide to strengthen [HTTPS support as a ranking signal], because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the Web," Ait Bahajji and Illyes said.

Sam Taylor, head of SEO at design and marketing firm Studio24, said in a blog post that his firm is recommending that "all new and existing clients should have an SSL certificate on their website to improve security of users and improve search engine ranking."

Switching from unencrypted HTTP to HTTPS involves obtaining an SSL/TLS certificate from a certificate authority (CA) and installing the digital certificate on the relevant server. HTTPS is simply a term for unencrypted HTTP with SSL/TLS added for security. Web hosting companies usually sell SSL/TLS certificates. StartSSL offers a several tiers of certificate, including a free one.

Google in June introduced an invitation-only domain registration service called Google Domains, nine years after it paid to become an ICANN-accredited domain registrar. Google Domains offers a handful of services but doesn't (yet?) sell SSL/TLS certificates. Nevertheless, some of its website building partners, including Squarespace and Shopify, offer some form of SSL support.

Google has tried to advance online security for years and was among the first consumer Internet companies to adopt two-factor authentication for logins. In the wake of the revelations arising from documents leaked by former NSA contractor Edward Snowden, Google and other online companies have accelerated their implementation of security technology. In March, for example, Google made encrypted HTTPS connections mandatory for Gmail, and then in June it added experimental support for end-to-end encryption through a Chrome extension.

HTTPS does not guarantee security -- it's been suggested that the NSA can break it -- but it offers better protection than HTTP.

Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Get the Advanced Attacks Demand New Defenses report today. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/26/2014 | 9:14:06 AM
Re: HTTPS always, or only when it counts?
I agree, encryption on every site, especially information pages might be a little overkill, but it's an interesting concept.  By promoting pages with security, it could drive good behavior for many sites (I'm thinking eCommerce sites) which would be an overall win.  It's a unique idea, I'm curious to see what impact it brings.
soozyg
IW Pick
100%
0%
soozyg,
User Rank: Ninja
8/14/2014 | 11:56:22 AM
Re: HTTPS always, or only when it counts?
I can see security as a concern; Internet security is a prevalent topic. But at the risk of complications with searches? That is questionable. And with it factoring in at such a low percentage, would it really matter?
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
8/7/2014 | 4:18:50 PM
HTTPS always, or only when it counts?
I would hope they wouldn't expect even straight informational pages to be presented via https. For performance reasons, it makes sense to only use encryption when it matters. The reader of a blog shouldn't have to make an ssl connection to read a post. If you're logging into a site to post information, yes the login page needs to be protected, and once someone is logged in https offers protection for session cookies. That's why social media sites have moved to https browsing for members.

I'd think Google should be testing whether the site is capable of supporting an https, not whether every page is presented over that protocol. Or is there really a rationale for using https universally?
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.