Re: Security in terms of web hosting

[Brad Van Orden <Brad.VanOrden () netisi com>]

Hi Richard,

I'm not sure what you are really asking.  The legal issues are that it should
be part of your contract what they should and should not do for you.  For
example, my company has a web application for the auto industry.  We put our
box in a collocation facility.  We contracted for no security.  All I want from
them is: Internet connection, power, space, and physical security.  I provide
my own security solution.  The reason is that I have no one to blame except
myself and I also don't have to rely on anyone else.

I'm also a consultant.  One of my customers was recently setting up a server
facility.  They decided to put a firewall in front of all their customers
web pages.  I advised against it before they bought it and I told them they
were wrong after they did it.  They now have one firewall in front of all
their customer's web sites.  I certainly would never put my application at
such a location.  Nevermind the complexity of trying to maintain that rule set,
what happens if one customer demands a change at a time when it is the peak
usage time for another customer?

If you want the other company to provide security, I would make sure it is a
security solution provided for your application only.

Don't know if any of that helps - I hope it does.

Regards,

Brad Van Orden

"Scott, Richard" wrote:
> Greetings all,
>
> Has anyone came across a security and legal issue checklist for outsourcing
> web hosting / E-commerce hosting?
>
> For example given that a company z used another company's services for
> hosting an e-commerce application.
> Has anyone experienced difficulties of enforcing their security policies on
> the company hosting the app/web site?
>
> Any pointers to any white papers et al?
>
> Cheers
> r.
> Richard Scott
> The views expressed in this email do not represent Best Buy
> or any of its subsidiaries.