General discussion

Locked

IT Debate: ASPs & security: 17 essential

By itdebate ·
Gartner predicts that over the next three years, 30 percent of ASP customers will experience a compromise of sensitive data as the result of an ASP-related security incident. What do you think are the best ways to avoid security problems with ASPs? What sort of security questions do you ask a potential ASP? What kind of additional security do you employ to protect ASP applications or data? Do you investigate the background history of an ASP before you make a commitment? You can read the related Gartner article, which will be posted on 3 A.M. Wednesday, at http://www.techrepublic.com/article.jhtml?id=r00620000809ggp01.htm.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

IT Debate: ASPs & security: 17 essential

by MikeJ In reply to IT Debate: ASPs & securit ...

I ask:
* Where are you hosted? (most ASP's seem to be co-located..this allows investigation of colo vendor)
* Will my services be on isolated or shared resources (hardware)? (and what measures are taken to protect me from other customers)
* Send me a copy of your security plan.
* Send me a copy of your network architecture.
* Send me a copy of your monitoring scheme.
* Can I perform a security penetration test? (most will say no, though)
* Staffing? (how many, level of knowledge, coverage, response time, etc...)
* How will our connectivity to the ASP be established (and what secure options can I implement)

Etc... I think you can get the idea. But ABSOLUTELY review the background of the ASP and the Colo vendor (if they use one). You are letting someone else significantly run a part of your business. We go through a very thorough investigation of the ASP.

Note, however, that we've gone through this with several ASP's, and only once so far agreed to use one (who in turn failed to deliver

Collapse -

IT Debate: ASPs & security: 17 essential

by itdebate In reply to IT Debate: ASPs & securit ...

Your answer was featured in our IT Debate TechMail. To receive your free subscription to the IT Debate TechMail, sign up at http://www.techrepublic.com/techmails.jhtml

Collapse -

IT Debate: ASPs & security: 17 essential

by plantogo2000 In reply to IT Debate: ASPs & securit ...

A long term relationship with an ASP that has a 70% chance to be three out of ten or one out of 3.3 security failures is not an acceptable business risk, especially for an on line (Internet) company. A failure would cost the business too much time,lost orders, incorrect orders, disappointed customers, credit concerns, confidential customer information, etc.
When contracting for doing business with an ASP, it would be to the point to either include insurance against such a threat or include aclause in the contract that makes the ASP responsible for a security failure. This risk for the ASP will make the requirements that Ms. Kiava so correctly points out to not only be considered but to be provided for.

Collapse -

IT Debate: ASPs & security: 17 essential

by itdebate In reply to IT Debate: ASPs & securit ...

Your answer was featured in our IT Debate TechMail. To receive your free subscription to the IT Debate TechMail, sign up at http://www.techrepublic.com/techmails.jhtml

Collapse -

IT Debate: ASPs & security: 17 essential

by itdebate In reply to IT Debate: ASPs & securit ...

This question was closed by the author

Back to IT Employment Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums