Google To Factor Security In Search Results - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
03:10 PM
Connect Directly

Google To Factor Security In Search Results

Websites that don't support HTTPS connections may soon be less prominent in Google search results.

Eavesdropping On A New Level
Eavesdropping On A New Level
(Click image for larger view and slideshow.)

Google has begun considering the security of websites as a factor in how it ranks them in its search index, a shift that can be expected to increase support for encrypted HTTPS connections at websites.

In a blog post on Thursday, Zineb Ait Bahajji and Gary Illyes, webmaster trends analysts at Google, said that Google has been testing support for encrypted connections at websites as a search ranking factor.

"We've seen positive results, so we're starting to use HTTPS as a ranking signal," they said.

In other words, Google finds that testing whether websites support HTTPS, among its many ranking signals, improves the relevancy of its search results. As a consequence, any website concerned about where it ranks in search result lists -- which means most websites -- will want to implement HTTPS support if it hasn't already.

[Google's latest acquisitions aim to bolster its video ad and messaging businesses. Read Google Buys Messaging, Video Startups.]

Ait Bahajji and Illyes note that security is not a dominant ranking factor. It counts for only a little in the overall rank of a website, affecting less than 1% of global queries. Google still considers the quality of the content on a website more important as a ranking signal than its security.

"But over time, we may decide to strengthen [HTTPS support as a ranking signal], because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the Web," Ait Bahajji and Illyes said.

Sam Taylor, head of SEO at design and marketing firm Studio24, said in a blog post that his firm is recommending that "all new and existing clients should have an SSL certificate on their website to improve security of users and improve search engine ranking."

Switching from unencrypted HTTP to HTTPS involves obtaining an SSL/TLS certificate from a certificate authority (CA) and installing the digital certificate on the relevant server. HTTPS is simply a term for unencrypted HTTP with SSL/TLS added for security. Web hosting companies usually sell SSL/TLS certificates. StartSSL offers a several tiers of certificate, including a free one.

Google in June introduced an invitation-only domain registration service called Google Domains, nine years after it paid to become an ICANN-accredited domain registrar. Google Domains offers a handful of services but doesn't (yet?) sell SSL/TLS certificates. Nevertheless, some of its website building partners, including Squarespace and Shopify, offer some form of SSL support.

Google has tried to advance online security for years and was among the first consumer Internet companies to adopt two-factor authentication for logins. In the wake of the revelations arising from documents leaked by former NSA contractor Edward Snowden, Google and other online companies have accelerated their implementation of security technology. In March, for example, Google made encrypted HTTPS connections mandatory for Gmail, and then in June it added experimental support for end-to-end encryption through a Chrome extension.

HTTPS does not guarantee security -- it's been suggested that the NSA can break it -- but it offers better protection than HTTP.

Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Get the Advanced Attacks Demand New Defenses report today. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
8/26/2014 | 9:14:06 AM
Re: HTTPS always, or only when it counts?
I agree, encryption on every site, especially information pages might be a little overkill, but it's an interesting concept.  By promoting pages with security, it could drive good behavior for many sites (I'm thinking eCommerce sites) which would be an overall win.  It's a unique idea, I'm curious to see what impact it brings.
IW Pick
User Rank: Ninja
8/14/2014 | 11:56:22 AM
Re: HTTPS always, or only when it counts?
I can see security as a concern; Internet security is a prevalent topic. But at the risk of complications with searches? That is questionable. And with it factoring in at such a low percentage, would it really matter?
David F. Carr
David F. Carr,
User Rank: Author
8/7/2014 | 4:18:50 PM
HTTPS always, or only when it counts?
I would hope they wouldn't expect even straight informational pages to be presented via https. For performance reasons, it makes sense to only use encryption when it matters. The reader of a blog shouldn't have to make an ssl connection to read a post. If you're logging into a site to post information, yes the login page needs to be protected, and once someone is logged in https offers protection for session cookies. That's why social media sites have moved to https browsing for members.

I'd think Google should be testing whether the site is capable of supporting an https, not whether every page is presented over that protocol. Or is there really a rationale for using https universally?
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll