How CDN’s Can Boost Your Site’s Security & Speed
There is best practice, and then there is the way most people do it. Think about the last time you built a deck, cleaned your shower, painted a room or assembled something from IKEA. There was the right way to do it, and then there was the shortcut.
When your IKEA bookshelf crashed into your glass table you discovered there are downsides to shortcuts. The same is true for establishing connections between a server and a web browser. The fastest means of providing these connections is through the unencrypted TCP handshake, but this leaves communications vulnerable. The best way to provide a secure connection is by using SSL/TSL to encrypt communication. However, the SSL/TSL handshake can take significantly longer than the TCP handshake, slowing down a website’s page load time.
With website speed greatly affecting user satisfaction as well as search engine rankings, sacrificing speed for security can be a hard call to make. But what if there were a way to have secure, encrypted communications without the site lag? SSL/TLS encryption and Content Delivery Networks (CDN) can improve your site’s speed and security. Let’s take a look at how.
Option One: TCP Handshake (Speedy, Unsecure)
When a browser connects to a website, it does so through a process called the Transmission Control Protocol or TCP for short. TCP handshake. In this, the browser sends a connection request to the server, the server accepts the request and responds with an acknowledgement, and the browser accepts the acknowledgement and sends one of its own. This three-way handshake should be equal to a single roundtrip time.
It’s a reliable and efficient way for browsers to communicate with websites. But it’s not encrypted. If an attacker wanted to position him or herself between the browser and website, he or she could essentially ‘eavesdrop’ on these communications, swiping data or information coming from the browser/website user, or from the website.
For some websites, there isn’t any real risk that could come from a man in the middle attack. But once sensitive data like credit card numbers, addresses, login details and email content enter the picture, that risk becomes real and stark. There can be absolutely no room left for a man in the middle.
Option Two: Encryption (Secure, Slow)
In order to eliminate the chance of a man in the middle attack, it has to be ensured that the communications sent between a browser and website can only be accessed by the intended recipient. This is accomplished through encryption and encryption is accomplished through what is called the Secure Sockets Layer protocol, often called SSL, SSL/TLS or TLS. The actual protocol currently being used is Transport Layer Security or TSL, but it is still often referred to as SSL, the protocol it replaced.
With SSL/TLS in place, the handshake process gets a little more complicated. In addition to the requests and acknowledgements that need to be sent, the browser and server will have to agree on a method of encryption, proceed through a process of mutual verification, and generate the symmetric keys that will be used to encode and decode all of the information exchanged during the session. Instead of the one round trip required for the TCP handshake, you’re probably looking at three round trips, more depending on the configuration of the server. That means, at minimum, you’ll be tripling the time it takes for the handshake to be completed.
Best Option: Content Delivery Networks (Speedy & Secure)
For the websites that need to be able to provide secure connections, page load time concerns have to take a backseat. If you think you’re keeping your users happy by having a faster website using TCP instead of SSL/TLS, imagine trying to explain that decision after user data is compromised. If you have sensitive data being exchanged with your website, you need SSL/TLS. Period.
However, as content delivery network provider Incapsula points out, security or speed doesn’t have to be an either/or thing, all thanks to CDNs. A content delivery network (CDN) is just what it sounds like: a global network of servers designed to deliver your content to your users as quickly and efficiently as possible. There is a wide range of benefits to using a CDN including load balancing, network optimization and DDoS protection, but the most significant benefit it offers to websites using SSL/TLS comes from that global network of caching servers.
One of the core functions of a CDN is shortening your website’s round trip time. With a global network of servers, your users will be redirected to the server closest to them, improving your website’s response speed and page load times by reducing the physical distance between users and servers and thereby cutting down on the round trip time. Because a handshake using SSL/TSL will take at least three round trips, a CDN will reduce the length of time it takes for each of those round trips, speeding up the entire SSL/TSL negotiation process.
CDN is the Ideal Solution for Users & SEO
In summary, using SSL/TSL will provide secure, encrypted connections between your users and your website, and a CDN will significantly reduce the latency associated with all of that extra security. This means users are happy because their data and information is secure and your website still has excellent page load times. Another benefit is that search engine rankings won’t suffer from website latency, but will actually benefit from your use of SSL/TSL since it was officially added to Google’s ranking factors in 2014.
There are times when shortcuts and taking the easy way out is just fine, but there are times when it isn’t. Knowing the difference is key. That, and keeping heavy books off of your IKEA bookshelf when, deep down, you know came together way too fast.
We hope you found the above promoted content as entertaining and helpful as we did!