When you hear terms like “secure sockets layer,” “transport layer security” and “data encryption”:
- Do your eyes glaze over like a Tim Horton’s doughnut?
- Do you get a knot in the pit of your stomach?
- Do you immediately start scanning your ATS to find a tech-savvy candidate who can explain them to you?
Believe me – I get it. To most staffing professionals, IT terminology can seem like an intimidating jumble of acronyms and cryptic terminology.
Let’s change that!
Today, I’m starting “IT Vocab Vitamins,” a series of posts even the most stalwart technophobe will find easy to swallow. In each post, I’ll break down the jargon and explain common IT terms in non-technical ways – so you can embrace the critical technology you need and put it to work for you.
Today’s IT Vocab Vitamin? SSL.
What is SSL?
SSL (Secure Sockets Layer) was designed to provide data communication security in two ways:
- Encrypting your data
- Without SSL, data sent between browsers and web servers is plain text. If an attacker can intercept the data being sent between a browser and a web server, then they can see and use that information (and, you guessed it – that’s a very bad thing). An SSL link keeps sensitive information such as credit card numbers and login credentials safe from eavesdropping. Even if an attacker gets the data, they can’t read it.
- Authenticating your website
- In simplest terms, this means verifying that your website really is who it claims to be. For example, when you visit amazon.com, the SSL verifies the website you are at is actually Amazon, and not a hacker posing as amazon.com.
How does SSL work?
SSL relies on obtaining a digital SSL certificate from a trusted, third party certificate authority. This certificate is essentially an encrypted key that allows the browser to verify and encrypt its communication with the web server.
Types of SSL certificates
SSL certificates can secure just your website (www.yoursite.com and yoursite.com), all your subdomains (jobs.yourwebsite.com, store.yourwebsite.com, etc), or multiple domains (www.yoursite.com, www.yourothersite.com). The more sites they secure, the more they cost.
While all SSL certificates provide your website with encryption, the level of authentication the certificate authority performs on your organization varies, and consequently the level of assurance the SSL Certificate provides to your visitors that your website is really you will also vary. Certificate authentication falls in three categories:
- Domain Validation. These certificates include your domain name (not your business or organization name). They are cheaper and usually issued in minutes as the certificate authority validates your domain by looking at the WHOIS information for your domain. The downside? These certificates provide less assurance to customers.
- Business Validation. The certificate authority verifies your ownership of the domain name and business registration information (you will be asked to submit a few documents) before issuing the certificate. Both of these items are listed on the certificate as well. Because it requires manual validation of your business, these certificates can take an hour to a few days to be issued. They provide higher assurance to your users.
- Extended Validation. This certificate provides the highest level of assurance to your customers. It requires extended validation of your business and authorization to order the certificate (you will be asked to submit a few documents). It can take a few days or few weeks for a certificate authority to issue an EV certificate for a domain. But, it provides maximum assurance to customers by making the address bar of the customer’s browser turn green when they visit your site.
The more validation of your organization the certificate authority does, the more the certificate costs. Prices range from $24/month for domain validation certificates to over $575/month for extended validation certificates.
What level of certification should you get?
If your primary concern is data encryption, any cert will work equally well. We generally recommend a Business Validation certificate. Moderately priced, this certificate provides your site with both security and a high level of assurance that your site is authentic.
That wasn’t too tough a pill to swallow, right?
Have a staffing technology topic you find mystifying, terrifying or just plain complicated? Leave me a comment and I’d be happy to break it down in a future IT Vocab Vitamin post. Cheers!