IMPORTANT! Please digest this information to make an informed decision about the future of your Adobe Business Catalyst website.
HTTPS Everywhere - A Google initiative:
For the past 3 years Google has been educating the public about security problems with HTTP (HyperText Transfer Protocol), and encouraging site owners to adopt HTTPS.
What is HTTP?
HyperText Transfer Protocol (HTTP) is the protocol over which data is sent between your browser and the website that you are connected to.
What is HTTPS?
HTTPS is the secure version of HTTP. The 'S' at the end of HTTPS stands for 'Secure'. It indicates that all data communicated between the browser and the website is encrypted. HTTPS is widely used to protect confidential data interactions
such as online banking and online shopping transactions.
Why HTTPS Everywhere?
Google wants to provide users a better experience where browsing the web is always a private interaction between the user and the website. Their goal is to protect privacy and combat widespread cyber-crime such as identity theft, eavesdropping,
man-in-the-middle attacks, and data interception/manipulation. Having websites served over HTTPS helps address these threats and paves the way for the next leap in web based application development.
To encourage this shift Google has added HTTPS as a ranking signal, improving the search position of websites served over the HTTPS protocol. As a result HTTPS is being widely and very rapidly adopted. This is essentially
driving a sea-change where HTTPS becomes the default protocol of the World Wide Web.
How can I upgrade my site to https secure protocol?
HTTPS uses SSL (Secure Socket Layer) to encrypt information end-to-end between the website and the user. Serving your website over HTTPS requires purchasing a SSL Certificate from Adobe containing your encryption key.
My Website already uses https urls when exchanging sensitve data, so why do I need to consider this change?
Websites on Adobe's Business Catalyst platform have always had the benefit of serving pages over https where needed
using a dedicated secure url assigned to each site i.e. https://(yoursitename).worldsecuresystems.com. (N.B. This dedicated, secure url will continue to be available and still used for payment processing to leverage the PCI level 1
compliance of the worldsecuresystems.com server.)
But, for your entire website to be served over HTTPS, while still being indexed in Google under your domain (and to receive Google's ranking boost), you need to have a dedicated
SSL certificate installed on your site/domain. This means all URL's for your entire website change from insecure http://www.yourdomain.etc to secure https://yourdomain.etc.
My Website uses a CDN (Content Delivery Network) such as Cloudflare with SSL already active on my domain. Does this mean my site is already benefitting from https URL's?
No. Unfortunately not. An external SSL certificate via Cloudflare only encrypts data between the site visitor and Cloudflare servers. You will still require SSL for the data served between Business Catalyst and Cloudflare. Encryption
must exist end-to-end to be valid.
What's involved and how much will this cost?
Four separate phases are necessary to successfully complete the update.