How to Keep Your Data Secure Even If You Don’t Trust Your Web Host

1 comment

Hosting provider BurstNET closed its Pennsylvania operations this year with little warning.

Lou Alquist, a long-time BurstNET customer who ran a small business that helped public housing agencies screen tenants, saw his website and decades worth of data vanish on Mar. 27, 2014.

There was no backup, and he had no choice other than close his business.

This is only one example, but the unfortunate situation illustrates some of the potential problems with placing important applications and valuable data in the hands of a hosting provider.

Making it Easy to Jump Ship

Rafael Laguna, the CEO of open-source software provider Open-Xchange, has seen many different web hosting companies (of various calibres) use Open-Xchange software for hosted email and collaboration services.

He says that it’s important for customers to be able to trust their hosting provider, and that hosting providers who offer transparency and make it easy to change providers are often able to assure customers that they have options if they run into trouble.

Laguna says there are four major criteria customers should consider in order to better ensure that customers can migrate away from a provider: not be locked into one service; be able to move data from one provider to another; have access to equivalent software at the new service provider; and to be able to trust the software being used.

Being able to easily move data and applications to another service provider gives the customer assurance that they aren’t locked into a particular solution if they lose confidence in the service provider.

“Even though you trusted your provider yesterday, that might not be true tomorrow, so you need the liberty to change and you need to make sure that the same kind of service is available from elsewhere,” Laguna says. “The more sources you have, the better because the more choice you have.”

Being able to archive data and move it to a different provider is important, but also that the data can be used by a different provider. This often means having access to the same software. For instance, he says, “If you’re using Google Apps, Google doesn’t publish the software that they use to build the service.” This means that you cannot move the data to a new service provider without changing the application being offered.

Finally, Laguna notes open-source solutions give customers the choice to move to another provider of the same service based on the same software. For instance, with Open-Xchange, a hosting customer can choose another provider, migrate data using third-party tools or through freely available APIs, and recreate the same service based on the same source code. This can also make it possible to move from a public cloud to a private cloud, or even allow any given service provider to build a service using the open-source code.

Web hosts that offer open-source software are effectively saying, “You don’t need to trust me because you have other options.”

He also says that, because it sheds light on the code being used, open-source software makes it less likely that things like backdoors are added to the code by government agencies or by criminals that can ultimately make data less secure.

Having Service Redundancy

Web hosting customers can not only provide redundancy by keeping backups and archives stored with a different provider, but also never fully relying on a single service provider.

It’s common to have Disaster Recovery plans and service redundancy in traditional, on-premise IT environments, but many organizations are only recently building multi-vendor redundancy into the cloud solutions they use, according to Mounil Patel. Patel is VP of Strategic Field Engagement at Mimecast, a software-as-a-service company that specializes in services that keep email available and accessible.

“With email, you might have a hosted email provider running your Exchange or whatever email environment and now they’re holding all of your data – all of the emails that are sitting in there,” he says. “You probably have a pretty good [Service Level Agreement] with them or you wouldn’t have given them all of your toys in the first place, but now there is a risk that if something goes wrong, you may not have any recourse in being able to fix the problem – that’s not necessarily true because there are more and more services being designed to augment cloud services to allow for redundancy.”

He says that organizations can, for instance, use high-availability gateways that take over the job of sending and delivering email even if the primary email provider happens to be down.

“Having two solutions in line with each other guarantees that if there’s a failure with one vendor, the other vendor’s probably going to be operational and the services aren’t going to be impacted,” Patel says.

When it comes to choosing a web hosting service, it’s important to do due diligence to make sure that the service provider appears honest and trustworthy, but it’s always important to plan for the worst.

Changes in a web host’s management team and its underlying technology, and even disasters beyond their control, can affect customers in enormous ways. This is why it’s important to never fully trust your hosting provider, and to always prepare for the worst.

Add Your Comments

  • (will not be published)

One Comment

  1. DoktorThomas™

    Moral to the story is not more software, but rather important data should never be stored with/entrusted to a third party.