Small Biz Mac, This blog focuses on using Mac as the foundation of a small business--the operating platform, the market, and more. This blog will discuss both the challenges of operating a business on Mac hardware and software, and the impact of the broader Mac market on business.

Your Hosts
Kevin Walzer and Lori Jareo, publishers, software developers, Mac/iPhone users, and small business owners.

Subscribe to RSS Feed
Get a syndicated feed of this weblog.



Privacy Policy

Site design: Skeleton

Sun, 15 Jan 2017

Let's Encrypt

We've recently updated all twelve or so of the websites we maintain to be fully secure, supporting the encrypted HTTPS protocol. What this means is that data sent from our websites to a browser or other client will be encrypted, and thus impossible to hack into. While encryption is typical of sites that handle financial transactions such as PayPal, it's also becoming increasingly common with non-financial sites as well just because of the increasing risks from hackers and surveillance in this age of Edward Snowden.

What's made our move in this direction is Let's Encrypt, which aims to serve as a "free, automated, and open Certificate Authority." Sponsored by the not-for-profit Internet Security Research Group (ISRG), Let's Encrypt provides a free and (relatively) simple mechanism to provide website security. ISRG is funded by both industry and individual donations.

It took us a weekend to figure out how to generate the certificates, install them, and configure our Mac OS X server to direct all web traffic to the secure HTTP port. It's a fairly small investment of time to significantly increase the security of our websites, and, by extension, the web itself.

The emergence of Let's Encrypt both reflects the trend toward increasing security on the web, and also is helping to make it happen. It's doubtful that a community, non-profit effort would have succeeded had there not already been a critical mass of concern about web security. But Let's Encrypt's relative ease-of-use, at least for those with basic skills in managing websites and server configuration, are helping to accelerate the trend toward security.

Its price--free--also helps. Encryption/SSL certificates for all the websites we operate could have been procured from a commercial source, but only at the cost of hundreds of dollars a year. For a small business, that's something that has to be weighed carefully. We pay hundreds of dollars for an Adobe Creative Cloud subscription because those tools literally make our business possible. The benefits of encryption are harder to quantify economically, at least in terms of increased profitability. But if the only investment is time, then it's an easier to call.

Thanks so much to the people who make Let's Encrypt possible.

[/business] permanent link