Category Archives: third-party

How can one know whether it is more secure to host the store on
our own servers or on those from external vendors?

Answer:
Do a risk assessment.

1.) Summarized Answer
2.) Detailed Answer
3.) Answer that might help you, if you’re in the same situation as me

Details:

The CEOs at my company plan to launch an online store
to let our customers buy and download our software-products 24/7.
They want also to leave the hosting to another company that is more experienced in webhosting than we are.

Edit: Some Information about us:

• We are not a webhosting company
• The only website we have set up was our own (it is also running on our own servers)
• We have IT support staff (administrators), but none of them is currently versed in security.
• We have some developers that are experienced in web-development

The Problem

However, I am skeptical because this means that the external hosting company:

• Can accumulate large parts of our customer database.
• Has to care for penetration tests (and regular checks, whether a data-breach occurred, or not)
• Has to inform us about breaches (There is a risk that they won’t do it, to avoid getting sued)
• We have to trust them (which is sometimes impossible¹)

On the other hand, it’s not a good idea to host the store on our servers because:

• Most of the software devs don’t care about security (I am the only one)
• CEOs don’t want to spend money on penetration tests and audits.
• We have to inform our customers about breaches (possible suits).

NOTE 1:
This question is not about convincing the
CEOs to invest more in security.

NOTE 2:
The other company does not necessary has to be an ISP (directly).
It could also be a webshop-developer who takes care about the hosting (and ISP).

The Question is:
How can we know whether it is more secure to host the store on
our own (insecure) servers or on those from external vendors?

¹ For Example:
No one outside of the USA can trust US-American hosting companies. (Not really their fault)
The patriot act forces them to hand every data to the NSA. (https://en.wikipedia.org/wiki/Patriot_Act)

Combine this with economic espionage
(https://www.theregister.co.uk/2015/06/29/wikileaks_docs_show_nsa_vs_france/)
and your business is ruined.

So this is really a serious problem.

Continue reading How to decide where to host an online store?→

The CEOs at my company plan to launch an online store
to let our customers buy and download our software-products 24/7.
They want also to leave the hosting to another company that is more experienced in webhosting than we are.

Edit: Some Information about us:

• We are not a webhosting company
• The only website we have set up was our own (it is also running on our own servers)
• We have IT support staff (administrators), but none of them is currently versed in security.
• We have some developers that are experienced in web-development

The Problem

However, I am skeptical because this means that the external hosting company:

• Can accumulate large parts of our customer database.
• Has to care for penetration tests (and regular checks, whether a data-breach occurred, or not)
• Has to inform us about breaches (There is a risk that they won’t do it, to avoid getting sued)
• We have to trust them (which is sometimes impossible¹)

On the other hand, it’s not a good idea to host the store on our servers because:

• Most of the software devs don’t care about security (I am the only one)
• CEOs don’t want to spend money on penetration tests and audits.
• We have to inform our customers about breaches (possible suits).

NOTE 1:
This question is not about convincing the
CEOs to invest more in security.

NOTE 2:
The other company does not necessary has to be an ISP (directly).
It could also be a webshop-developer who takes care about the hosting (and ISP).

The Question is:
How can we know whether it is more secure to host the store on
our own (insecure) servers or on those from external vendors?

¹ For Example:
No one outside of the USA can trust US-American hosting companies. (Not their fault)
The patriot act forces them to hand every data to the NSA. (https://en.wikipedia.org/wiki/Patriot_Act)

Combine this with economic espionage
(https://www.theregister.co.uk/2015/06/29/wikileaks_docs_show_nsa_vs_france/)
and your business is ruined.

So this is really a serious problem.

Continue reading How to decide where to host an online store?→