Akamai Diversity

The Akamai Blog

How Can You Trust a Website?

During an early summer morning on August 1982, in the brightly lit hallway of a non-descript academic building on the campus of University of California Berkeley, two scientists who were working on what the world will later know as the Internet, had a brief but very important conversation:

"How can we trust ARPANET?"

"Because you can trust your colleagues."
The scenario above, while imaginary is perfectly plausible for the early Internet's precursor ARPANET* days. At the time the system of interconnected computer networks was limited to academic and military researchers.
Fast forward to 2015, today the Internet connects more than a few colleagues and researches. It is a global network of billions of devices and networks, a digital ecosystem that much of the world's population utilizes to socialize, shop, entertain, train, educate, and conduct business anytime, anywhere.
There are billions of sites online for nearly any purpose you can imagine:  good, bad and ugly. 
Whether you like it or not, in the last 30 years much of our lives have steadily transitioned to the Internet; from dating and shopping all the way to smart-homes with wireless thermostats and smart utility meters, we are living in a hybrid world: part-physical and part-digital. 20 years ago there were only 130 websites; there were no cell phones with cameras, no online music stores, social media platforms, or streaming videos to binge watch. 
We had hundreds of thousands of years of collective experience with the physical part of lives, but a only a few decades with the digital half. And we are only still learning; recently our vocabulary has expanded to include words such as cybercrime, hackers, hactivists. 
The digital life is extremely dynamic and constantly evolving to a degree that - if you are not born into it - it is hard to catch up. Take for example the evolution of the meaning of the word "hacker", which has changed from reckless teenagers' (script-kiddies) daring attempts see what was possible to global cyber-espionage and massive-scale cyber heists.  And these nefarious online activities keep evolving.  High profile security breaches are no longer limited to banks, and any consumer brand may be a potential target.
Examples of daily online activities that can be targeted by cybercriminals are diverse and seemingly innocuous.  You may be visiting the website of a government agency for a routine transaction that requires you to submit your social security number, or a bank site that requires you to enter your account information, or an online store of a well-known global brand that requires your credit card information.  But our willingness to participate in these activities all comes down to one common denominator for us, the consumers, the end users: TRUST.
Once you enter those precious numbers on a small white field on the screen and hit enter on your keyboard, you have no control, no visibility into what happens to those numbers or Personally Identifiable Information (PII). The networks your data crosses over, who has or can access it and where it will be stored - all are beyond your oversight and control.  Your willingness to accept that level of risk is entirely based on your willingness to trust.
Organizations understand this, and are investing heavily to better secure that trust.  Millions of dollars are spent on the effort to secure their Intellectual Property (IP), as well as their customers PII.  Keeping up and staying ahead of the curve in this arms race to secure information and systems is crucial as the bad guys (blackhats) come up with new ways to intercept useful information, while the good guys (whitehats) come up with better defense techniques. And law enforcement agencies are taking very serious measures to apprehend and prosecute cybercriminals on a global scale.
All this is to protect end users' information and ultimately gain their trust in the online world, the digital portion of life. The user's trust comes from his/her experience with a site, what they know about a site, and (may be more importantly) what they don't know about a site.  Users either like the experience or not, based on whether or not it meets their expectations. A  site that is slow and not working properly on a mobile device will influence users' opinion negatively about that site and the organization that owns the site. It paints the picture of a company that has not invested in that site, a company that doesn't care about its customers. The tangible and intangible components of a user's experience inform their level of trust, all of which indicates a new prerequisite in the ever-changing digital world.
But how can you really trust a website?  Can you trust a website that is slow and not mobile-friendly? Perhaps more importantly, can you trust the company behind that site and whether their site is using the latest security technology if their site is behind on providing the best end user experience, which includes performance optimizations for mobile devices? In other words, can they keep up with the dynamic digital life and its evolving requirements?
As I mentioned above, this is a race between the good guys and the bad guys over our online experiences and PII, the digital portion of our lives that can be stolen and monetized.  Ultimately, trust is not easy to earn and it has many aspects beyond security that influence our opinion. 
For us, the end users, our trust in a web site is about our experience that has multiple dimensions including security, reliability and speed. These dimensions of end user trust shouldn't be ignored, companies should be truly committed to building the best possible web experiences for its users - experiences that are fast, reliable and secure - to earn our TRUST.
*Wikipedia describes ARPANET as the primary precursor network [to internet] that initially served as a backbone for interconnection of regional academic and military networks in the 1980s.

Berk Veral is a senior product marketing manager for Web Performance Solutions at Akamai.

1 Comment

Agree with the sentiments regarding Security + Performance, but wish you gave the East Coast more props in your opener. Californians already think they invented everything. Let's not forget the contributions we made on the east coast to ARPANET. Bolt Bararek and Newman were instrumental to development: "Some of BBN's notable developments in the field of computer networks are the implementation and operation of the ARPANET; the first person-to-person network email [18] and the use of the @ sign in an email address;[19] the first Internet protocol router (then called an Interface Message Processor);[20] the Voice Funnel, an early predecessor of voice over IP; and work on the development of TCP." (From Wikipedia)