Just how secure is your website? How tough is your webhosting provider’s backbone? How vulnerable are you to cyberattacks like those that played havoc with Facebook and other sites in the past — the victims of a rogue blogger?
While no site is absolutely safe from assault, it pays to be vigilant and to determine the strength of your webhosting provider’s defenses and its tenacity. In fact, the average total per-incident cost of a data security breach last year was US$6.65 million, according to the Ponemon Institute. An equally important reason to assess your webhosting providers’ defenses: It probably also secures your email system — the lifeblood of most office operations and the most pervasive channel for business communication.
Email Problems Hurt the Most
The realities of modern communication are such that when your website goes offline, the calls and complaints that follow may be fewer than expected, depending on how long the site is down. If your email system goes down, you can expect countless complaints immediately, as well as claims that every second of downtime is costing your company big bucks. “If it breaks, you hear from everyone,” is a common refrain among chief information officers about email system outages.
It’s nearly impossible to calculate the cost of email downtime, although one computation puts the per-employee cost at about US$20 a year. Still, email must be reliable because of the potentially significant cost that downtime can carry with it. Data show that email systems are brought down more frequently by technological failures and human error than by cyberattacks.
So what are the questions you should ask your webhosting provider or prospective provider to get the best service and reliability? And what answers should you expect? The following advice — and questions to ask — should help you:
Mission-Critical Starting Points
Ask your provider what it does to prevent downtime. What does it do to thwart a failure of hardware? Does it have alternate routes to manage traffic? If the provider shares hosting, how simple does it keep its system to improve its ability to recover quickly from a problem? Does it keep spare equipment available within the same location? Are IT support-personnel handy? What monitoring systems are in place to alert you that trouble is approaching or a problem has occurred? The simpler the hosting model and the easier the process it employs, the more likely a provider can respond very quickly when a nasty outage or denial-of-service attack strikes.
Determine what backup systems are available should something go wrong with the servers. What security add-ons are available? Does the provider have physical firewalls, or are they software-based? How securely can you lock up your website, and what high-end products are available to do that? What type of flexibility do you have in making your own security modifications? What kind of security does the webhosting provider offer should you want to conduct business online? Do you have to purchase your own e-commerce SSL certificates, or does the webhosting provider offer them? As for investigating incidents that occur, find out if the prospective provider has a team that investigates security breaches or attempted ones. Does it generate root-cause analysis reports about such incidents?
Tackle Tech Support
Tech support is a key factor to consider. Does the provider have local IT support, or must you contact a call center when a problem develops? Is support available 24/7, is there an 800 number to call, and is service support free? Be sure to determine how you can communicate with tech support — by phone, email or both? Is texting or chat available via your cellphone? How long, typically, does it take before someone answers the phone or responds to an email? How experienced is the tech support staff; how many years of experience, on average, does each support technician have? And what is its turnover rate? Does the webhosting provider offer customer forums to help you gain more knowledge about its services and about the industry? It may seem like overkill, but when you’re in a pinch, you’ll want answers immediately.
Ask a lot of questions about the hosting provider’s service level agreement, or SLA. It’s the contract between it and you that specifies, usually in measurable terms, what services the provider will furnish. First, determine if it even provides customers with an SLA. If it does, what metrics does the SLA specify? Does it include what percentage of the time services will be available? The number of users that can be served simultaneously? Specific performance benchmarks to which actual performance will be compared periodically? The schedule for notification in advance of maintenance and network changes such as code upgrades and security patches that may affect users? Help-desk response time for various classes of problems? And does the SLA have a money-back guarantee, defining the percentage of the month that the system must remain up or else you don’t have to pay that month’s fee?
Bring up the issue of business continuity in terms of whether the webhosting provider can adequately serve you as you grow larger or as you experience peaks in customer demand for your website. Business continuity used to be a major issue to explore, but providers increasingly are able to automatically move data among servers and add more server capability to handle growth in your Web traffic or sudden peaks that occur from time to time. Say you’re having an online promotion soon; can the prospective provider put an additional one or two servers online to handle the increased traffic to your site?
Seek to determine how innovative the webhosting provider is and, as the Internet continues to grow dramatically, what it’s developing or testing to enhance its clients’ protection and security.
In today’s tough economy, it also pays to find out how financially secure the provider is. Does it or a parent company have very large pockets to weather bad times economically? You don’t want the hassle of suddenly having to find a new webhosting provider because your previous one went under quickly and without warning. Find out if the provider or its parent company owns its databases. The bottom line is you don’t want to be left in the dark if a company goes out of business, and you want access to your data at all times.
As the Internet continues to expand — and it will, substantially, over the next several years — expect security management to grow ever more complicated, expensive, and important to you. This is why it’s best to ask the tough questions now when quizzing your webhosting provider or a prospective one. It may very well save you headaches, and worse, down the road.
Eric Carsrud is director of IT Services at Verio, a webhosting provider that caters to small-and-medium-sized businesses.