Managed hosting offers multiple benefits to small and midsized businesses (SMBs), like the reduction in or an elimination of capital expenditures. It also reduces the need to recruit and staff the sometimes difficult-to-find IT talent needed to manage your equipment. Other benefits include the lowering of costs, the increase in ease of scalability, and direct access to networking and security expertise.
Yet, with any significant business investment, it is important to do your homework before selecting a managed hosting partner. Price alone should never be the determining factor as the wrong decision can end up being significantly costlier in the long run. When evaluating managed services providers, consider how the provider’s offerings and the team who will support those offerings fit with your company’s needs, reliability, and responsiveness.
There are five key risks to consider when choosing a managed hosting provider. Asking potential vendors the tough questions can help you avoid future problems in any of these areas. Let us review the risks:
1. Logical/Technical Security
While there are many sources of risk to information security, they generally fall into three categories: people, facilities, and technology.
The biggest threat to information in any scenario are the people who have access to it. Whether the breach is caused by a criminal attack, malice, carelessness, or just plain ignorance, human beings pose the greatest data security threat.
With this in mind, ask your managed hosting provider the following questions:
- How are your employees vetted and trained?
- When they leave your company, how are they offboarded?
- Who has access to our data?
- How is that access monitored?
- How are users authenticated?
2. Physical Security
Physical security is also critical to securing your data. The managed hosting facility should be protected from unauthorized entry, utilizing locks, badges, alarms, and environmental monitoring. In addition, there should be systems in place to control access inside the facility, including badges and 2FA (at a minimum), surveillance cameras, and secure server racks.
Lastly, as it relates to security, there are technological risks and defenses to consider. For example, it is important to understand how your data is hosted. Without sophisticated protection, data on a shared hosting server may be vulnerable to theft, corruption, or destruction by several methods.
When able, the best option is to work with a provider that can offer managed hosting solutions built on dedicated IT equipment, particularly servers. But, at the very least servers should be protected using firewalls and antivirus/anti-malware software and have up-to-date security patches.
Organizations that deal with sensitive information like patient healthcare records, personal or corporate financial data, student records, and credit card data should work only with compliant hosting providers. These vendors maintain compliance with standards and regulations such as HIPAA/HITRUST, PCI DSS, SSAE/SOC, ISO 27001, ISO 20000-1, and others. They also offer higher levels of physical and virtual data security, including encrypted storage and backup, multi-factor authentication, and vulnerability scanning.
As noted above, a managed hosting provider’s staff are one key component of information security. But staffing is about much more than just preventing data breaches. The vendor’s employees are the people you’ll rely upon to keep key systems up and running, provide customer support, and offer expert guidance when needed. Inexperienced, under-trained, disconnected, and/or inaccessible staff are another risk factor in managed hosting.
To navigate this risk, ask potential hosting partners the following questions:
- What certifications does your staff hold?
- Is your facility staffed 24/7/365?
- Whom will I be communicating with on an ongoing basis? (If the provider is local, ask to meet the team, as well.)
- Is your first-line phone support team on-site at your data center—or in a call center half a world away?
- What’s the average tenure of your staff? (This gets to the question of turnover)
- What ongoing training opportunities do you provide for your staff?
- What are the backgrounds of the founders, owners, and management team?
Getting these questions answered can help assure your managed hosting provider’s people become an asset to your organization, not a liability.
4. Bandwidth Capabilities
Another risk factor is related to bandwidth, or the “size of the pipe” between your facilities and those of the hosting provider.
The geographic location of the managed hosting data center poses two types of risk. First, the data center should ideally be located in a geologically stable region, with relatively low risk of extreme weather (such as tornadoes and hurricanes), which can disrupt power and/or connectivity.
In addition, the distance from your location to the hosting data center matters. Generally speaking, the further away the data center is located, the higher the latency (delay) in packet delivery. Typically, the differences in latency between well-designed data centers with high-quality fiber connectivity will be measured in milliseconds, not a significant enough delay to be cause for concern. However, latency can be an issue in situations where a high volume of large files are regularly transferred. In those instances, locality should be a major factor in where your data is housed.
Another big consideration is whether the bandwidth you are promised is shared or committed. Shared bandwidth speeds will vary based on how “busy” the connection is. Committed bandwidth is a guaranteed minimum connection speed. It’s vital to work with a hosting provider who will consult with you to determine how much bandwidth you require, so you are neither stuck with unacceptably low connection speeds nor paying for more bandwidth than you need.
A final risk relating to bandwidth is reliability. To assure connectivity that is not only fast, but reliable, look for a managed hosting vendor that offers redundancy in terms of fiber-based delivery from multiple carriers, as well as, multi-homing with Border Gateway Protocol (BGP), which optimizes the routing path and provides load balancing.
5. Service Level Mismatch
The final risk to keep top of mind when searching for reliable managed services providers is that the adage caveat emptor, or buyer beware, has never been more appropriate. Vet your prospective vendors, ask for credentials and customer references, and keep in mind that price is but one factor in selecting a hosting services provider. Do all you can to make sure that low price doesn’t come along with low standards.
Here are considerations to help you avoid vendors who are unwilling or unable to provide trustworthy, high-quality hosting services:
- Own vs. rent. A provider that owns its facilities (as opposed to “storefront” rentals) has a greater incentive to invest in advanced systems for power and connectivity redundancy, as well as the total flexibility to do so. This kind of provider is also more likely to be committed to the hosting business for the long haul.
- Quality of facilities. If possible, visit your potential managed hosting provider’s facility. It should be clean, cool, physically secure, and inspire confidence in their technology.
- Track record and tenure. As the hosting industry grows, new providers are starting up continually, and there’s nothing necessarily wrong with being new to the business. But as with having quality facilities, a hosting vendor with a proven track record of success over time with loyal, satisfied customers should inspire greater confidence.
- Quality of support. Does the vendor offer a breadth of services that enable them to be a true technology partner—or do they offer “just the basics”? How quick/easy is it to reach support? How skilled and knowledgeable is the support team? As noted above, it’s a great idea to meet the team face-to-face, if possible, and really understand the support that you and your team can count on from this provider.
- Compliance and certifications. If your organization deals with any healthcare, financial, or other forms of sensitive data, be sure your managed hosting partner is compliant with regulations like HIPAA and PCI. In addition, certification with SSAE 18, an auditing standard for service organizations, is common amongst data center operators. It defines the standards an auditor must employ in order to assess the contracted internal controls of a service organization that can affect the operation of the contracting enterprise. Having a certification such as this attests to your hosting provider’s ability to keep your systems, and the data they support, secure and auditable for compliance at the highest of standards.
How LightEdge can Mitigate Hosting Risks
Managed hosting provides compelling benefits for small to midsize businesses, but the selection process entails risks, as well. By understanding and addressing the five risks for hosting clients detailed above, your organization can avoid these threats and choose a vendor that effectively and reliably meets your IT infrastructure needs.
LightEdge is ready to help with your compliant hosting needs. Whether you’re making the move to the cloud, wanting to find a secure hybrid solution center to host your infrastructure, or you’re needing guidance when it comes to security and compliance, LightEdge has you covered.
When it comes to compliance and security, LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected. Trust our expertise to ensure you are covered through our security and compliance services, including risk management, information security, audit preparedness, and support. Learn more about our industry-specific compliance expertise. Our services are compliant with:
- HIPAA/HITRUST and HITECH
- PCI DSS
- SSAE 18 SOC 1, SOC 2, and SOC 3
- ISO 27001 Certification
- ISO 20000-1 Certification
Is 2019 the year you move to the cloud? If you’re already there, have you found the right cloud services that meets your specific business needs? From a dedicated physical infrastructure to a virtual delivery model, LightEdge has the compliant cloud and hosting solution for your organization. Retain the level of control you want, and the amount of data isolation you require.
As a top-tier colocation services provider, we provide a high level of availability and reliability through secure, certified data centers and dedicated staff onsite. Our customized and scalable services give you the control, whether you need a colocation rack, cage or custom suite now or in the future. Get started today with a free quote from one of our colocation specialists.
If you need help with compliant managed hosting, contact one of our experts to get started or to schedule your private tour of any of our seven data centers. We have security, compliance, colocation, cloud experts standing by to answer any of your questions.
- What Every Business Needs to Know about Dedicated Private Cloud
- Why Virtual Private Cloud Will Make You Reconsider Your Cloud Infrastructure
- How to Secure your Network: 5 Fundamentals of Network Security
- Compliant Cloud and Colocation Provider, LightEdge Successfully Completes All 2018 Compliance Audits