Google To Factor Security In Search Results - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
03:10 PM
Connect Directly

Google To Factor Security In Search Results

Websites that don't support HTTPS connections may soon be less prominent in Google search results.

Eavesdropping On A New Level
Eavesdropping On A New Level
(Click image for larger view and slideshow.)

Google has begun considering the security of websites as a factor in how it ranks them in its search index, a shift that can be expected to increase support for encrypted HTTPS connections at websites.

In a blog post on Thursday, Zineb Ait Bahajji and Gary Illyes, webmaster trends analysts at Google, said that Google has been testing support for encrypted connections at websites as a search ranking factor.

"We've seen positive results, so we're starting to use HTTPS as a ranking signal," they said.

In other words, Google finds that testing whether websites support HTTPS, among its many ranking signals, improves the relevancy of its search results. As a consequence, any website concerned about where it ranks in search result lists -- which means most websites -- will want to implement HTTPS support if it hasn't already.

[Google's latest acquisitions aim to bolster its video ad and messaging businesses. Read Google Buys Messaging, Video Startups.]

Ait Bahajji and Illyes note that security is not a dominant ranking factor. It counts for only a little in the overall rank of a website, affecting less than 1% of global queries. Google still considers the quality of the content on a website more important as a ranking signal than its security.

"But over time, we may decide to strengthen [HTTPS support as a ranking signal], because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the Web," Ait Bahajji and Illyes said.

Sam Taylor, head of SEO at design and marketing firm Studio24, said in a blog post that his firm is recommending that "all new and existing clients should have an SSL certificate on their website to improve security of users and improve search engine ranking."

Switching from unencrypted HTTP to HTTPS involves obtaining an SSL/TLS certificate from a certificate authority (CA) and installing the digital certificate on the relevant server. HTTPS is simply a term for unencrypted HTTP with SSL/TLS added for security. Web hosting companies usually sell SSL/TLS certificates. StartSSL offers a several tiers of certificate, including a free one.

Google in June introduced an invitation-only domain registration service called Google Domains, nine years after it paid to become an ICANN-accredited domain registrar. Google Domains offers a handful of services but doesn't (yet?) sell SSL/TLS certificates. Nevertheless, some of its website building partners, including Squarespace and Shopify, offer some form of SSL support.

Google has tried to advance online security for years and was among the first consumer Internet companies to adopt two-factor authentication for logins. In the wake of the revelations arising from documents leaked by former NSA contractor Edward Snowden, Google and other online companies have accelerated their implementation of security technology. In March, for example, Google made encrypted HTTPS connections mandatory for Gmail, and then in June it added experimental support for end-to-end encryption through a Chrome extension.

HTTPS does not guarantee security -- it's been suggested that the NSA can break it -- but it offers better protection than HTTP.

Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Get the Advanced Attacks Demand New Defenses report today. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
David F. Carr
David F. Carr,
User Rank: Author
8/7/2014 | 4:18:50 PM
HTTPS always, or only when it counts?
I would hope they wouldn't expect even straight informational pages to be presented via https. For performance reasons, it makes sense to only use encryption when it matters. The reader of a blog shouldn't have to make an ssl connection to read a post. If you're logging into a site to post information, yes the login page needs to be protected, and once someone is logged in https offers protection for session cookies. That's why social media sites have moved to https browsing for members.

I'd think Google should be testing whether the site is capable of supporting an https, not whether every page is presented over that protocol. Or is there really a rationale for using https universally?
IW Pick
User Rank: Ninja
8/14/2014 | 11:56:22 AM
Re: HTTPS always, or only when it counts?
I can see security as a concern; Internet security is a prevalent topic. But at the risk of complications with searches? That is questionable. And with it factoring in at such a low percentage, would it really matter?
User Rank: Ninja
8/26/2014 | 9:14:06 AM
Re: HTTPS always, or only when it counts?
I agree, encryption on every site, especially information pages might be a little overkill, but it's an interesting concept.  By promoting pages with security, it could drive good behavior for many sites (I'm thinking eCommerce sites) which would be an overall win.  It's a unique idea, I'm curious to see what impact it brings.
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Six Inevitable Technologies and the Milestones They Unlock
Guest Commentary, Guest Commentary,  10/3/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Flash Poll