When it comes to compliance laws like the POPI Act or the GDPR, online security and protecting one’s client’s data and personal information is essential, not only for your the integrity of yours and their data, but also as a matter of reputation.
In terms of security for your website, there is nothing as basic as a Digital Certificate, also known as an SSL Certificate—it’s essential for maintaining privacy between you or your business’s website and your customers.
If you’re not quite sure what we’re talking about, take a second to look at the address bar of your browser.
Do see that little padlock there on the left? How about noticing the accompanying ‘https’ URL preceding the web address? Have you seen the address bar go green, partly or entirely, on occasion? Or perhaps you’ve noticed it display the name of an organization while browsing their website?
All those things are indications that the website you are browsing has a valid SSL Certificate: that the personal information you might be entering is private, secure and encrypted in a way that only you and the website have access to it, and is inaccessible to anyone that should not.
In short, it comes down to trust. Having that little lock in the address bar of your clients’ browsers is not only critical for protecting your clients and your website from potential phishing activities and securing data integrity, but it is also a visual signifier to a visitor on a website that it can be trusted.
But, what exactly is an SSL Certificate, how do they work, and what are the advantages?
Let’s have a closer look, shall we?
What is SSL? — Handshakes, but digital
SSL stands for ‘Secure Sockets Layer’ and is essentially the means by which a website and the person using it ensures that all sensitive information exchanged between these two points remain private and accessible to only the intended recipients.
SSL means that there are varying degrees of encryption between two digitally connected points that only the intended users of that connection have access to and can see.
For example, between your own browser and your online banking portal, it is essential that that connection remains private and protected from any phishing activities, so that your password and your account remains in your control.
SSL is essentially a digital handshake between two computers saying, “Hi, I’m the person you wanted to talk to, and you can trust me; anything you tell me is confidential, I promise.”
How does SSL work? — 256-bits and a hacker ‘ain’t one.
SSL uses a 256-bit encryption algorithm, meaning that any communication between a website and its user is private and secure. Be it for online banking or shopping, typically these websites use SSL to show their users that their credit card numbers are safe.
To give you a quick “Encryption 101”, 256-bit encryption refers to the length of the algorithm, or ‘key’, that is used to encrypt a data connection or file—or, in other words, lock the contents of a particular message behind a wall that only the sender and receiver have a key to open the door.
This type of cryptography is known as public key cryptography and uses two keys which consist of long strings of randomly generated numbers—one is the private key, and one is the public key.
The public key is unique and specific to your server, but, as the name implies, is visible on the public domain. Once a message is “locked” with a public key it can only be opened again with the corresponding private key, which is secret and is the only key that can be used to unlock the message.
This encryption algorithm is how your credit card information is kept private: when you enter it in a website and click submit, it never leaves your computer, but is instead immediately jumbled up into a cipher and that cipher is what is transported over the internet, and the website is the only thing that has the right key to unscramble it again.
If a locked message were to be intercepted by a malicious entity, all it will see would be cryptographic gibberish that will need 2256 different possible combinations of passwords in order to crack the key and decipher the text—something that is almost entirely impossible to do without at least hundreds of years of powerful computers doing calculations non-stop.
What makes SSL trustworthy? — Certificates of Participation
We’ve covered what SSL is and the basics of how it works, but SSL Certificates, on the other hand, are bit different as they are more like a stamp of approval.
In order for a website to show in a browser that they have SSL encryption, they must first register their company with a Certificate Authority (which also may provide encryption services) which ensures that a business is valid.
Certificate Authorities do this by running different levels of background checks on any organization and website applying for an SSL Certificate—making sure that Bob of Bob’s Hardware is indeed a real person that owns the business, and that the business is legitimate with a real business number and location, and can thus be trusted.
Only once these points are verified, can a business a receive an SSL Certificate showing their website’s users can legitimately trust the security and privacy of their browsing sessions.
While all SSL certificates offer the same level of protection, there are a few types of certificates that an organization can apply for which correspond to the level of vetting that the Certificate Authority undertakes on the applying organization.
- Domain Validation (DV): SSL certificates are validated by checking the domain name against registry records. No company information is vetted or displayed on the certificate.
- Organizational Validation (OV): Web domain ownership, as well as the organization’s identity, are validated and some company information is displayed on the certificate.
- Extended Validation (EV): Usually accompanied by the green address bar, this is the highest level of SSL validation. Domain ownership, an organization’s identity as well as the legal existence of the organization are all validated. An EV Certificate is best for any company that deals with credit card information, etc.
Here’s a useful tip for you: you can usually view a website’s certificate, including which Certificate Authority issued that certificate, by clicking the padlock in the address bar.
SSL is crucial for being a trustworthy presence on the internet. While encryption is important, it is not necessary for everything to be encrypted: encryption is essential for whenever you are entering personal information—like passwords, credit cards and ID numbers—but not so much for just general browsing.
However, SSL encryption does come with a few disadvantages:
- Price: There is a cost involved with what level of SSL certificate you feel is needed for your website. Certificate Authorities need to set up trusted infrastructure in order to properly validate any applications and that costs capital.
- Performance: Encrypting information takes computer power and resources to both encrypt and decrypt, so the time to load a session can be affected.
And with that, we hope that you maybe understand the internet a bit better, or the mechanisms that keep it safe.
In this Age of the Internet, privacy is a concern to everyone. Security measures like SSL are crucial to keeping the internet a trustworthy and user-friendly place, and allows the true ubiquity and utility that technology provides us to continue on its swift march of progress onwards into the future.
Digital Cabinet and all our services are protected with SSL and 256-bit encryption, amongst other security measures, meaning that all your company, client and and employee data are totally secure from the millisecond they leave your computer to the nanosecond they enter our cloud platform.
Your trust and your business’s productivity is important to us because you are important to us.
We trust you implicitly, and to demonstrate that trust we even want to teach you our secret handshake.
You can find out more about Digital Cabinet at www.digitalcabinet.co.za