The popular streaming service Netflix announced last quarter that they plan to secure their entire service with HTTPS (an encrypted protocol) later this year. HTTPS sites utilize SSL (Secure Sockets Layer) to establish an encrypted link between a server and a client that allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. While some parts of the site like registration and payment services already use encryption, Netflix now intends to encrypt the entire service for all users on all platforms. This includes the data sent and received as part of the streaming service.
2014 was a defining year for information security, with a number of high profile companies suffering cyber-attacks. The trend has only continued in 2015. Netflix’s entry into the HTTPS world comes as many security advocates are calling on all websites to encrypt all their traffic. Continuous HTTPS protection inhibits cyber attacks launched from the Internet backbone, and is also useful against man-in-the-middle attacks that make it possible for other people to snoop on or even change the data being sent. In both cases, HTTPS prevents the attacker from covertly inserting malicious data packets into the targeted data stream.
Netflix has followed Google and YouTube, two of the other largest sources of today’s internet traffic, to adopt HTTPS across more of their services. As Netflix explained in their quarterly letter to shareholders, the wider adoption of HTTPS “helps protect member privacy, particularly when the network is insecure, such as public wifi, and it helps protect members from eavesdropping by their ISP or employer, who may want to record our members’ viewing for other reasons.”
A report released by the Canadian networking equipment company Sandvine states that the networked world may reach a game-changing level this year with more than half of the world’s Internet traffic likely be encrypted by year end. Encryption, which keeps the content of digital communications hidden from prying eyes, protects about 30% of the Internet traffic in North America at present, according to the report. By the end of 2016, that figure should more than double to more than two-thirds of the continent’s Internet traffic.
So if HTTPS is so effective, why haven’t all websites implemented it? One reason is the increased cost. You have to purchase TLS certificates, which can cost anywhere from ten dollars per year to about $1,000 a year, depending on the type of certificate you purchase and the level of identify verification it provides. Another issue is that HTTPS causes an increase in server resource consumption, which can slow sites down.
Even if the entire web isn’t readying for a switch to HTTPS, many high-volume sites are doing just that—and more probably should. Especially sites that provide public information. And with breach after breach dominating today’s headlines, the odds are high that HTTPS will continue to spread.