Klixxx Home
> Webmaster Article Archives Home >
Make Security Job-Number-One with Your ASP
Due to the nature of the ASP model, security considerations are more complex and even more critical than with the in-house case.
Under the ASP model, software applications are installed in a remote facility that is basically outside of the customer's control, and access to the hosted resources is provided exclusively through the Internet. This differs significantly from the traditional model where software is licensed and installed on your own machines, in your own facility, and accessed through your own network, protected by whatever security you provide yourself.
There is an ongoing trend among Fortune 500 companies to outsource with Application Service Providers, but small businesses are also turning more often to ASPs to provide the expertise and infrastructure they require but might not be able to manage on their own. You may be considering outsourcing certain operations to an ASP, which can be a very wise and cost-effective decision. However, even if some of your processes are being handled elsewhere, this doesn't mean that you have to remain the dark about what's going on. This is especially important where security is involved.
Circumstances Outside Your Control?
In an interview (Sue Hildreth. "ASP Security: Why Firewalls Are Not Enough," ebizQ.net) Pavel Slavin, chair of the ASP Industry Consortium (ASPIC) Technology Security Committee said that security is a major worry of ASP customers, and for good reason. "It used to be that you bought the software, you owned the software, you owned the firewalls, you owned the entire network, and you employed the administrators who watched over the network and the security. Now, with an ASP, you no longer have control over it. You rely on the security distributed by your ASP." Ariel Kelman ("ASP Planning: A Checklist for Security," E-Business Advisor Magazine) points out that:
Typical concerns shared by IT and business decision makers include loss of critical data, theft of data by competitors, and loss of privacy of confidential information. ASPs are forced to build up a robust security infrastructure to respond to those customer concerns. This has led many hosted vendors to build up world-class security expertise and infrastructure. Many customers evaluating ASP vendors (especially smaller companies) may find that the security policies and security technology of the ASP vendor is more robust than what exists in the customer's IT department.
Levels of Security
|
Security Service Offered:
|
Percent:
|
|
User Authentication
|
78
|
|
Firewall
|
76
|
|
Network Security
|
76
|
|
Virus Protection
|
76 |
|
Disaster Recovery
|
74
|
|
Redundant Service
|
74 |
|
Detect Illegal Action
|
68 |
|
Institution Security
|
68 |
|
24/7 Surveillance |
60 |
|
Institution Security |
68 |
|
Escalation |
58 |
|
Report on Security Conditioning |
52 |
|
Data Cyptography
|
50 |
|
Security Consulting |
34 |
|
Bio-Metric |
24 |
|
Other |
10 |
|
That makes sense, since ASPs should know that providing effective security is essential to their business. And most of them do-but there are exceptions. In fact, currently there seem to be too many exceptions, and webmasters must take care to avoid them.
Be Careful Out There
A recent IDC report called "Delivering Software as a Service, Delivering a Sense of Security" disclosed that fifty of the ASPs randomly surveyed--about 25 percent--had substandard security. We're talking fundamentals here, things like user authentication, virus protection, network security, and firewalls.
In an interview for ASPnews (Dan Muse. "IDC Says ASP Security Not a Given," ASPnews.com), Jessica Goepfert, program manger with IDC's ASP and Application Management Services research program, said chances are that the ASP offers more security than its customers could afford to deploy on their own. "High-end ASPs that are rolling out enhanced security services are setting a strong example and new entrants would be well-served to observe," she said. "In fact, in recent months IDC has witnessed announcements from leading ASPs that demonstrate this trend and commitment to providing state-of- the-art security services."
Nevertheless, measurable guarantees are uncommon, and where they exist, may only supply a false sense of security with ASPs who may not be able to actually deliver on the promise:
The ASPs surveyed rarely, if ever, had any guarantees or metrics wrapped around the effectiveness of their security services. Who can blame them? Attacks are a reality of the computing environment; hackers are constantly getting wiser and actively seeking out the vulnerabilities of the cyber world. Security guarantees may bring end users more peace of mind, but if they can't be upheld they will be as worthless as the paper they are written on and will only serve to build false expectations with their customers.
PART TWO: A Sense of Security...
|
 Printer
Friendly Version
 Submit
Questions or Comments to Klixxx
Need More Information?
Search the Webmaster Articles at Klixxx
Submit
an Article | Link to Klixxx
| Earn With Klixxx Cash
Become
a Sponsor | Advertising Information
Klixxx Home
> Webmaster Article Archives Home >
|