Georgia gets serious about HTTPS
- By Sara Friedman
- Apr 05, 2017
Georgia is deploying HTTPS encryption for all of its public-facing government sites and expects to complete the shift by the end of the month.
GeorgiaGov Interactive announced the move in an April 4 blog post that declared, "as a state agency, it is our responsibility to protect our citizens’ information when they come to our sites."
GeorgiaGov Interactive Director Nikhil Deshpande told GCN the state decided to incorporate HTTPS into its 2020 IT strategic plan as the Georgia Technology Authority (GTA) works to add more state websites into its cloud-based Drupal platform.
“While we don’t have sensitive information, we want to make sure interactions are secure on public-facing websites for end-user citizens,” he said. “The only reason that we could do this is because we have a cloud enterprise program through Drupal.”
GTA has expanded to 80 government websites on the platform, which it began to develop in 2011. HTTPS will enable these sites to prevent information such as cookies, URL paths and form submissions from getting manipulated by third parties.
HTTPS will be particularly useful to government websites that use geolocation maps and forms that might put visitors’ privacy at risk, Deshpande said.
Throughout April, GTA will be working to solve any problems that arise in shifting to an encrypted protocol. Image files or other embedded content that reside on separate, unencrypted sites will need to be updated, and few sites may require code updates.
“We have to manage the individual sites ... since there should not be any security warnings coming up,” Deshpande said. “From an overall perspective, we are trying to move in the direction of becoming security agnostic.”
Deshpande and his colleagues cited the federal government's "HTTPS everywhere" standard as inspiration for the move. HTTPS encryption for all federal websites was mandated by the Office of Management and Budget in October 2015, but many agencies are still working to make the switch. According to the Pulse.CIO.gov dashboard, 75 percent of federal websites now use the HTTPS protocol.
With adoption growing in the federal government and online privacy increasingly a public concern, Deshpande predicted other states will follow soon Georgia’s HTTPS example.
Editor's note: This article was changed April 7 to correct a production error that omitted some copy.
Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.
Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.
Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.
Click here for previous articles by Friedman.