In this article I would like to report again about the current state of “HTTP & HTTPS”. We have already shown in an earlier article:“HTTPS scanning: why it should be enabled on Sophos ” that HTTPS is increasingly used on websites. In the past, you needed an expensive certificate, but thanks to “Let’s Encrypt” and a few stragglers, this is now available for free.
HTTP will become extinct
As described in our earlier blog post, HTTPS has spread very quickly over the last couple of years. Google and Let’s Encrypt are specifically highlighted in the article, but now Apple, for example, is also forcing their iOS developers to submit server requests over HTTPS connections. This means that even connections that we as users do not usually see are encrypted to a large extent.
The actual impetus to revisit this topic was given to me by a recent blog post from the Google Security Blog. In it, Google writes that in February 2018, already 81 of the top 100 sites on the web, use HTTPS by default.
Google helps to ban HTTP
Google already announced at the beginning of 2017 that it would mark HTTP pages as insecure. With Chrome version 68, which is scheduled for release in July 2018, Google is now backing up its words with actions. Every user who then travels the Internet with the latest Chrome version will be warned about insecure HTTP pages in the future. It will look like this:
It goes without saying that no website owner should allow their website to be classified as “not secure” by the world’s most used browser (desktop and mobile). With this small adjustment, Google has probably further accelerated the decline of insecure HTTP connections.
Enable HTTPS scanning
Of course, such a change will also have an impact on the security of your network. All web traffic on our firewall, as well as on those of our customers, is already over 50% encrypted. So it becomes more and more important to scan HTTPS as well, otherwise the traffic will enter the network unchecked.
So, if you have a valid license for Web Protection, we would highly recommend you to enable HTTPS scanning. If you need help with this, just get in touch with us.