12 January 2017 Blogs, Academic, Community College, Government, K-12, Public, Administrator, Faculty, Librarian, Student/Researcher

Why Those “HTTPS” Messages Mean Something to You

I’m happy to announce that as of today, the ProQuest Platform has enabled HTTPS capability across the application

By Daniel Ayala, Director, Global Information Security, ProQuest

ProQuest has been named an honoree of a 2017 CSO50 Award from IDG's CSO. This prestigious award salutes 50 select organizations whose security initiatives contribute to outstanding business value and thought leadership.

We all use the Internet every day and, increasingly, we’re thinking about the privacy and security of our online activity. A movement is afoot for more widespread adoption of HTTPS and at ProQuest we believe it is a key step forward to ensure the ongoing privacy of our patrons.

A little HTTP history

The Internet was not initially built with security in mind, so over time, additional controls have been added to ensure that its users are able to send things without being seen by unintended eyes while in transit. HTTP (“hypertext transfer protocol”) dates back nearly 30 years, and in the recent past the prevalent use of HTTP is being actively transitioned to HTTPS (HTTP Secure) to enhance information security among Internet users. This is a great thing, considering HTTPS itself goes back to the year 2000, and is now really picking up adoption beyond just ecommerce. Whether you’re making a purchase on Amazon, doing online banking or using a money-transfer system like PayPal, their use of HTTPS helps ensure an extra layer of security to protect things like your user name and password and your activity within their systems from being seen by unapproved eyes. And now the Internet community is actively extending HTTPS to additional areas to increase protection, and so is ProQuest.

What’s in store

I’m happy to announce that as of today, the ProQuest Platform has enabled HTTPS capability across the application. This means that your private information and searches will stay as safe and secure as possible when using HTTPS, no matter how and where you access the ProQuest Platform. Also, all new ProQuest systems in the future will leverage HTTPS by default.

Well on the way to HTTPS

Some ProQuest products have supported HTTPS for a while, and some others are still to come, but since the ProQuest platform has the widest exposure to users of all of ProQuest's technologies, this change means we can help secure the largest bulk of your search and document retrieval traffic as possible with one change.

Additionally, you may be aware of activities such as Let's Encrypt, spearheaded by the Electronic Frontier Foundation (EFF) and others, who have made it very easy for website owners to implement HTTPS quickly and inexpensively (free!). This really demonstrates that the time for HTTPS everywhere has come!

ProQuest systems that are currently (or will be shortly) capable of HTTPS

As of January 12, 2017, the following systems support HTTPS either fully or as an active alternative to HTTP:

    • ProQuest platform (www.proquest.com)
    • ProQuest Dialog (www.proquest.com/professional) 
    • ProQuest Administrator Module (PAM) 
    • Legacy RefWorks
    • The New RefWorks
    • Ebook Central
    • ProQuest Research Companion
    • Pi2 Drug Safety Triager
    • Alexander Street Platform (search.alexanderstreet.com)
    • Alexander Street Academic Video Store (search.alexanderstreet.com/store) 
    • Alexander Street Admin Portal

Within the coming months, we will update the following systems to enable HTTPS support. Exact timing will be announced on the Support Portal and communicated to customers:

    • Pivot
    • eLibrary
    • CultureGrams
    • SIRS
    • HeritageQuest Online
    • ProQuest Congressional (congressional.proquest.com)

Across ProQuest, we are very excited by this move to HTTPS and hope that you are as well. You’ll see additional updates as we continue to focus on the security and privacy within our systems to do the best we can to protect the trusting relationship that our customers, publishers and content creators have placed in ProQuest.

Do your part to support your privacy

As HTTPS is only effective when it is being used, librarians have a key role in making sure their systems and proxies are configured to use HTTPS full-time and bring the benefit of secure communications to patrons and users, all the time.

    • We have posted a detailed set of configuration specifications on our Support Portal to help you make the necessary changes to your proxies.
    • Additionally, we are expecting to remove the less secure HTTP capabilities for most systems this summer, at which time all customers will be required to connect via HTTPS to ProQuest systems. Please take time now to begin to update your systems, links and proxies to be ready for this.

Google is also doing its part to support the adoption of HTTPS. Later this month, the Chrome browser will begin to show users when they are on insecure pages that transmit passwords or credit card details. This will help you and your patrons know when it may not be as secure to submit their personal information to the service at hand.

Like you, we believe that secure communications on the Internet are a requirement to uphold the privacy-based ethos that is embedded in libraries. We’re proud to support you in serving your user communities in this manner.

Daniel Ayala is a 20+ year career information security and risk professional and a 15-year holder of the Certified Information Security Systems Professional (CISSP) certification. His background in pharmaceutical and financial services has seen him working on efforts ranging from highly technical to policy and standards-related projects, from organizational design to leadership development. As the Director of Global Information Security at ProQuest, Daniel is currently responsible for technology security, data privacy, and technology risk and compliance across all ProQuest businesses. Daniel also has strong ties to the Information industry outside the office as he is regularly educated by his wife, a former public and corporate librarian, on the matters that are important to librarians and patrons.