In June of 2015, the U.S. government mandated that all publicly accessible federal websites provide secure connections to their services to protect data in transit. This is important because all traffic going to these sites and services is being sent in the clear, and has the risk of being eavesdropped on by an attacker.
Migrating to HTTPS has gotten much easier over the past couple years, but there are still issues and concerns that should be considered when making the move. A few large vendors, like Google, are depreciating HTTP by alerting the user when they try to access a site in Chrome that uses HTTP and that may send sensitive data. Google Chrome will eventually have a security warning set for all HTTP sites.
In the past, one of the major pain points for organizations moving to SSL was the cost of the certificate, but Let’s Encrypt stepped in to issue free certificates for anyone who requested them, which helped push the progress of those looking to make the jump to HTTPS. Read the rest of my article at the link below:
This is a Security Bloggers Network syndicated blog post authored by Matthew Pascucci. Read the original post at: Frontline Sentinel