In a move to buoy the adoption of encryption among websites worldwide, Google is hinting at a possible tweak to its page ranking algorithm to pitch secure sites to higher echelons of its search results.
Industry sources familiar with the plan are saying it is still in its nascent stage and any changes could take some time before being implemented as adoption of encryption technologies such as HTTPS demands effort and resources.
If the plan pulls through, Google will do a great favor for the promotion of online security. Encryption in particular boosts the transmission of data between users and servers, thus locking out malicious eavesdroppers from the cycle. The search giant already punishes sites that contain malware by taking down their Google Pagerank. Incentivizing the practice of implementing encryption on websites will expand the adoption of this security tool.
According to Ponemon Institute, organizations in the United States and parts of Asia and Europe have become more adept in carrying out their encryption strategies over the past eight years, suggesting an increasing awareness of the technology and its broadening adoption. In fiscal year 2012 alone, 29 percent of companies worldwide had steadily increased the application of their encryption strategy across the enterprise as opposed to 22 percent that had a declining encryption plan. The financial services industry represented 44 percent of the companies that have implemented encryption across their entire enterprise, while technology and software accounted for only 31 percent.
What Ponemon’s findings tell us is that with the incentive that Google will be giving to websites to enhance their encryption strategy, those 22 percent might probably join the majority that have encryption in place.
Google is one of the large Internet companies including Yahoo, Microsoft, LinkedIn and Facebook that have recently scrambled to implement encryption as the default security tool for their websites and Web services, thanks in no small way to revelations by Edward Snowden on the alleged surveillance program of the U.S. National Security Agency to snoop into private communications.
But then there’s the rub. The strength of encryption as the best online security tool has been shrouded in doubt lately following the discovery of the Heartbleed flaw that has since sent U.S. federal agencies and major tech companies to revamp their implementation of the security protocol. The security bug in question has caught the SSL (security sockets layer) off guard, potentially exposing the users’ passwords and email address registered in encrypted websites to attackers.