Performance Zone is brought to you in partnership with:

I am the founder and CEO of Catchpoint. The Catchpoint vision is to provide the best IT analytics & intelligence to help companies improve their end user performance, and keep an eye on their infrastructure and vendors. Before Catchpoint, I spent 10+ years at DoubleClick and Google, where I was responsible for Quality of Services, buying, building, deploying and using various internal and external monitoring solutions to keep an eye on the DART infrastructure delivering billions of transactions a day using throusands of servers, routers . . . HP Openview, Sitescope, SMARTS, Adlex, Coradiant, Gomez & Keynote are some of the products we used. Thus the interest of building something in this space! Mehdi is a DZone MVB and is not an employee of DZone and has posted 48 posts at DZone. You can read more from them at their website. View Full User Profile

The Irony of Google's HTTPS Mandate

  • submit to reddit

Originally written by  at the Catchpoint blog.

With last week’s announcement that Google will start rewarding those sites with HTTPS security configurations with better search result rankings, many companies will now be faced with a difficult decision.

HTTPS is used as an added layer of security to standard HTTP sites, and has become necessary for companies that deal in eCommerce, financial tracking, or any other sort of site on which users have to log in or are expected to enter sensitive information. Therefore, Google’s rationale for taking this measure is to ensure that the pages that it directs its users to are operating as securely as possible (even if HTTPS is hardly a cure-all for security issues online).

It would stand to reason, therefore, that sites who are still operating under HTTP should switch to the more secure connection. However, it’s not that simple.

For one, the language that the company used to make this announcement is somewhat ambiguous. They have not specified exactly how much it would impact a site’s rankings, yet companies are compelled to do it anyway because they’d rather be safe than sorry. And as a drawback to the more secure connection, implementing an HTTPS system can be costly for any business, especially a start-up that is just getting off the ground and has to monitor its finances closely.

The irony of all of this is that in the past, Google has urged web developers to optimize their sites’ performance as much as possible in order to boost their search rankings. Now, however, it’s telling them to use a slower connection protocol whether they need the added security or not. Additional complications will arise in the use of third party tags. If a site switches to SSL but uses third parties which have not, it’s going to be dragged down in Google’s search results through no fault of its own.

Don’t get us wrong – Google’s added emphasis on internet security for its users is grounded in practical and justifiable motives. But in doing so, it’s creating additional headaches for sites that don’t have security issues in the first place. As the company with the greatest amount of influence over the web as we know it, perhaps they should look more closely at the wide-ranging effects that their actions have on the little guys.

Published at DZone with permission of Mehdi Daoudi, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)


Yannick Majoros replied on Sat, 2014/08/16 - 6:51am

Nowadays, there shouldn't be any big performance penalty for using HTTPS, so I'd say it's a good move. Still, I'm interested if you have benchmarks for that. Google itself said some years ago that they managed to keep it < 1% difference ("order of magnitude: zero").

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.