What is SSL Security?

SSL (Secure Socket Layer) is a security protocol used to create a secure link between a web server and web browser, protecting users when they submit sensitive information such as credit card numbers or login credentials over the public Internet.

With the increasing threat of hackers, SSL security provides a crucial layer of online protection, allowing organizations to offer customers a safe, secure online experience.

How does SSL Security work?

For websites to be protected by SSL, they need a certificate which is issued by a certification authority. This certification comes as a small data file which digitally attaches a domain name, server name or host name to an organization's name and a public cryptographic key.

It is the presence of a valid SSL certificate—which is recognized as such by the user's web browser—that enables identity assurance and the establishment of a secure connection.

By helping ensure that information security is not compromised in online transactions, SSL security plays a substantial role in achieving security compliance—particularly for organizations involved in processing sensitive information such as card payment data or personal health data.

SSL vs TLS

In more recent years, Transport Layer Security (TLS) has been used as well as SSL, the former having been invented in 1999 as a follow up to SSL, which was first created in 1995. Both SSL and TLS use strong encryption and authentication techniques which are always evolving to face more sophisticated threats. They are layered between the application protocol layer and the TCP/IP layer, which sends application data to the transport layer.

Users are authenticated using the SSL protocol layer’s “Handshake Protocol” and “Record Protocol.” When uses are engaged in a secure session, these protocols use an X.509 certificate, or SSL certificate, to authenticate the identity of the certificate owner.

Why do we need SSL?

SSL certificates are essential for protecting the identity of your users, as well as other sensitive information such as their transaction details. They ensure that all information is passed over a secure connection, preventing hackers from gaining access to their data and potentially stealing a user’s identity or payment details.

SSL is also becoming more important for SEO. In 2014, world renowned search engines announced that SSL certificates would make up part of the search engine ranking algorithm, with the move taking full effect in 2018. Users are now warned if a website is not secure, which could potentially prevent sales and damage an enterprise’s reputation.

SSL Security as part of the Akamai Intelligent Platform

Because we understand the importance of SSL security to you and your customers, Akamai delivers SSL-secured content over a dedicated portion of our globally-distributed network:

  • The Akamai Secure Content Delivery Network is segregated physically and logically from the rest of our systems and is composed of groups of servers deployed and designed to comply with PCI standards and other stringent security regulations.
  • Addressing both performance and security needs, the Akamai SSL network offers a superior level of physical, network, software and procedural security and is optimized for computation-intensive SSL processing.
  • To safeguard against the threat of DDoS and web application-layer attacks such as cross-site scripting and SQL injection—cyber threats left unmitigated by SSL security alone—we offer highly scalable Cloud Security Solutions that augment your perimeter-based defenses.
  • Through our highly distributed Web Application Firewall, which detects potential attacks in HTTP and HTTPS traffic, we provide additional protection from threats that take advantage of SSL vulnerabilities like the BREACH attack.

What are PCI regulations?

PCI regulations, otherwise known as the Payment Card Industry Data Security Standard, is a set of security standards that ensures that all companies who handle payment card information, including accepting, processing, storing or transferring, maintain a secure environment. It was launched in 2006 and has since been endorsed by multiple worldwide payment card brands.

Learn more about how Akamai's powerful security capabilities can protect your websites and users from cyber threats.