Security threats have been making their way into headlines recently; we’ve been hearing about everything from the heartbleed vulnerability to hackers stealing social security numbers from government computer systems. This media coverage combined with privacy concerns born out of last year’s revelations about the NSA collecting user meta data has lead to heightened sensitivity with regard to consumer privacy.
Effects from this sensitivity are rippling through the AdTech industry, causing a shift of inventory sources to HTTPS enabled websites and ads.
HTTPS is a secure form of HTTP, which provides the foundation of data communication for the internet. The S indicates that the protocol relies on SSL (Secure Sockets Layer), a standard security technology that establishes an encrypted link between a server and a client.
The most common places you find SSL in use today include banking and ecommerce sites as it allows sensitive information such as credit card numbers and other financial information to be transmitted securely. While data sent between clients and servers is sent in plain text, leaving users vulnerable to someone intercepting the data, SSL determines variables of the encryption for both the link and the data being transmitted, securing the transfer. In the context of the AdTech industry, secure means that all URLs returned in the creative, including media files and third party tracking, need to be delivered under HTTPS, allowing us to protect the security, privacy and integrity of users’ data.
As we observed the industry shifting to a more secure environment, we began working internally to develop corresponding solutions. We’ve now rolled out support for HTTPS and will be providing secure creative and tags for requests that come out of secure environments.
To make this transition as easy as possible for publishers, we won’t require all ads to move to HTTPS; only those that come out of secure environments will require HTTPS. When we receive an ad request that requires secure creative, we’ll pass a flag in OpenRTB, notifying the DSP that they must return secure creative. We will examine their response and remove any non-compliant bids to increase efficiency. Ads that are uploaded/transcoded by SpotX along with their accompanying beacons will be automatically enabled for secure environments, streamlining the process for the advertisers.
As Brendan Riordan-Butterworth from the IAB said earlier this year, “Adopting encryption on public-facing servers is an important step in protecting the privacy and security of the public.” And at SpotX, we’re excited to be part of the solution.
Leah Brite, Senior Manager, Product Marketing