By Daniel Kanchev, Chief Enterprise Architect, SiteGround
It’s just a fact: In 2019 the Internet got safer by default. SSL encryption adoption is now at an all-time peak, with the latest numbers pointing at 56 percent of all websites using the https protocol as default. Web browsers like Google Chrome sought to protect users by working to ensure that https:// pages can only load secure https://subresources. Further, the first CMS Security Summit took place, bringing together content management system professionals, researchers, and hosting providers to discuss how to make the Internet a safer place for everyone.
It’s clear that the industry has made strides toward a more secure web in 2019, but there’s still plenty of room for improvement. From physical security keys to HTTP/3, here’s a look back on the progress made in the cybersecurity space this year. Whether you’re a web developer, a small business looking to secure your site, or just a regular Internet user, like all of us, these advancements in security will continue to play a key role in 2020 and beyond.
This year, privacy and security were taken more seriously than ever before. End users can control their preferences to a degree that was not previously possible. GDPR-compliant sites, that do not collect any personal data or use cookies without consent are a good example of this idea in practice. Even though there is not yet an official legal U.S. equivalent, some companies decided to extend the practice created for their EU users to their US visitors as well. In an age where using a public WiFi network can compromise a user’s login data across a variety of accounts, data privacy is an area web developers and security professionals will need to continue innovating.
To further the topic of privacy and data protection, physical security keys are becoming a more and more popular method for authentication. Developers who want to allow their users to use physical security keys can implement the FIDO2 standard, which allows users to authenticate online services through a variety of personal devices. Physical security keys are currently largely being used by companies like Google, Facebook, Twitter and GitHub, but the idea is growing in popularity, so hopefully, it will become a more wide-spread practice soon. If you want to use physical security keys right now you can check the Google Titan key and the Yubico YubiKey.
As we move into 2020, more products focused on privacy and security are available for the average Internet user. DuckDuckGo, a search engine, is a prime example of this by not tailoring search results to a customer’s Internet history. By ensuring that every customer gets the same, unfiltered results, they not only protect user data but also avoid a more skewed representation of information.
Additionally, a relatively new internet protocol, called QUIC, has the potential to rise in popularity among web hosts, as it considerably increases site-loading speed even when users have poor connectivity. It’s the base for the next version of the HTTP protocol – HTTP/3. To explain this further, HTTP is the foundation protocol of the internet. Prior to HTTP/2 and QUIC encryption was not mandatory. All websites that do not use SSL are still loaded via HTTP 1.0 or 1.1. With time, however, new protocols were developed to improve the web experience for all users. HTTP/2 solves many problems and makes websites much faster. The W3Techs statistics portal says that out of the top 10 million sites, 41.7 percent use HTTP/2. Each new protocol helps make sites faster and safer by default, such as the upgrade from HTTP/2 to HTTP/3 and the movement of traffic to TLS 1.3. Past encryption protocols were easily susceptible to attacks, meaning it’s safest for systems to be upgraded to the latest versions when possible. In 2020, over 90 percent of real-user encrypted traffic will move to TLS 1.3.
The world of cybersecurity can seem overwhelming at times. It’s key to remember that the most important thing for web developers, small businesses and even regular users, to do is to invest in security education. Security is not a goal – it is an ongoing process, and the sooner we all realize this and start paying attention, the more secure your systems will be and the more protected your users will be. It may sound like a cliché, but it’s still the truth.
About the Author
Daniel leads the enterprise hosting team at SiteGround. He is responsible for developing, shipping and monitoring complex cloud hosting solutions for WordPress and other open-source systems and for clients with custom requirements or large-scale websites. With over 10 years’ experience in the web hosting industry, he has worked in pretty much every field from system administration, advanced tech support, and monitoring, project management, server, and software architecture. Daniel’s free time is dedicated to the things he loves most — being on board (skate, snow, or wake) and being with his family.
Daniel can be reached online on LinkedIn and at our company website https://www.siteground.com/