The Irony of Google's HTTPS Mandate

Originally written by Craig Lowell at the Catchpoint blog.

With last week’s announcement that Google will start rewarding those sites with HTTPS security configurations with better search result rankings, many companies will now be faced with a difficult decision.

HTTPS is used as an added layer of security to standard HTTP sites, and has become necessary for companies that deal in eCommerce, financial tracking, or any other sort of site on which users have to log in or are expected to enter sensitive information. Therefore, Google’s rationale for taking this measure is to ensure that the pages that it directs its users to are operating as securely as possible (even if HTTPS is hardly a cure-all for security issues online).

It would stand to reason, therefore, that sites who are still operating under HTTP should switch to the more secure connection. However, it’s not that simple.

For one, the language that the company used to make this announcement is somewhat ambiguous. They have not specified exactly how much it would impact a site’s rankings, yet companies are compelled to do it anyway because they’d rather be safe than sorry. And as a drawback to the more secure connection, implementing an HTTPS system can be costly for any business, especially a start-up that is just getting off the ground and has to monitor its finances closely.

The irony of all of this is that in the past, Google has urged web developers to optimize their sites’ performance as much as possible in order to boost their search rankings. Now, however, it’s telling them to use a slower connection protocol whether they need the added security or not. Additional complications will arise in the use of third party tags. If a site switches to SSL but uses third parties which have not, it’s going to be dragged down in Google’s search results through no fault of its own.

Don’t get us wrong – Google’s added emphasis on internet security for its users is grounded in practical and justifiable motives. But in doing so, it’s creating additional headaches for sites that don’t have security issues in the first place. As the company with the greatest amount of influence over the web as we know it, perhaps they should look more closely at the wide-ranging effects that their actions have on the little guys.