Thursday, October 12, 2017

LetsEncrypt in the face of expensive website security certificates

There are thousands of website security providers worldwide, who give your website (or blog) a security layer to secure it against malware attacks and identity theft. But they charge you for it - well, in nine out of ten cases. And they charge quite a sum!

Before we talk about the Let's Encrypt offer, a short introduction to what security layers do. When you see https:// at the beginning of a URL, you feel safer in entering that page as compared to those with http:// prefix, isn't it? Sites with https prefix are secured with what we call SSL or Secure Sockets Layer.  A website can have with https:// prefix only when it has received an SSL Certificate from a web-security certifying agency.

SSL Certificate is a digital certificate (i.e. a piece of software) that authenticates the identity of the website and encrypts information being shared between browsers and the website. If a user sends sensitive data to a secure website, his details are safe as it is in an encrypted or scrambled form. [If you want some more information on this aspect before we talk more about Let's Encrypt, you can click here: https security for websites ]

Free security and trust, easily installable at web host level


Most major web hosts now provide a minimum level of web security in the form of protection against hacking and malware. Till Let's Encrypt came on the scene, they charged good sums for SSL certificate but now some offer plans with SSL Certificate free or at a discounted rate. However, there still is a catch - there are reports that some web hosts ask for payments at the time of renewal.

'Let's Crypt'  offers completely free SSL plan. You might ask, should I choose 'Let's Crypt' only because it is free?' Well, not everything free is bad or sub-standard, as long as you know what you are getting free.

Let's see the great positives of   Let's Encrypt
  • It has been created by the non-profit Internet Security Research Group (ISRG) floated by some of the best names in the industry.
  • It is free for ever, with no hidden costs.
  • It is simple and automated. It means, you do not have to go through a cumbersome authentication process for getting the certificate. 
  • It is good enough for most blogs and websites.
 

Is LetsEncrypt good enough for you?


Businesses that need monetary transactions  by their clients on their websites, such as banks and e-commerce companies, need a much higher level of security. Other than them, most websites and blogs need a lower level of web security and Let's Encrypt is good enough for them.

In technical terms,  Let's Encrypt provides the Domain Verification (DV) certification and if a website has secured https:// status through this certificate, you can trust the site for not being a phishing site but you cannot be sure about its being run by a trust-worthy organization because the owner's identity has not been verified by the certification agency. But that is not your concern as a website owner; your data-sharing is properly encrypted.

When it started, Let's Encrypt was scoffed at by commercial security agencies. But now some web hosts provide automatic integration with Let's Encrypt. The acceptability has risen greatly over the years.

Since its launch in 2015, over 60 million sites have installed Let's Encrypt. It is adding new features now and then. On it blog, it has announced that from January 2018, it will start issuing 'wildcard' web security certificates, which means all sub-domains of a site will be protected with one certificate.

A helpful community has also grown around Let's Encrypt where users can resolve their issues.

One thing that might be a put off for lazy blogger and busy website owners, is the fact that Let's Encrypt certificate is valid only for 90 days (but they have done this deliberately). So, before the 3-month period lapses, you have to renew it. And this goes on every 3 months. Some web hosting companies are now coming up with offers to automatically renew the Let's Encrypt certificate on behalf of clients. (In the case of commercial offers, the renewal is usually annual and may sometimes be at 3-year interval.)

SSL certificate secures data transfer between servers, browsers.

Helpful resources on use of free security certificate of Let's Encrypt


Monday, October 2, 2017

Nobody near Amazon when it comes to cloud hosting infra!

The latest Gartner report on cloud computing for 2016 confirms that when it comes to cloud computing - including web hosting infrastructure and various cloud based services - Amazon is undisputed leader and all biggies look like pigmies in front of it. It had 44.2% marketshare in cloud infrastructure; in comparison, Microsoft had 7.1%, Alibaba 3%, Google 2.3% and Rackspace 2.2% of marketshare. The rest was made up by other companies.

However, the report also says that the other companies are growing faster than Amazon. Microsoft, Alibbaba (mostly because its monopoly in China) and Google have leap-frogged over their 2015 positions.

The graphic below shows the top cloud infrastructure providing companies' revenue in million US dollars from this segment:

Major cloud infrastructure providing companies in 2016

According to the report, cloud computing is the fastest growing IT vertical. Within it, infrastructure comes on top as against platform and software offerings.