Is it safe to sign up for a hosted service? That depends….
Getting services hosted instead of buying and managing your own infrastructure can sound like the simple way out of a complex problem. Lots of service providers offer hosting services from giants like Microsoft and Amazon to little IT companies you have never heard of. Now lets be very clear: being small and unknown does not mean less safe. A small company can deliver a very secure, enterprise class service, but you need to do your due diligence. I have seen many hosted services where the security for each client’s data is less than ideal – some of it with holes any year 10 student with moderate PC skills could break through.
Of particular concern are shared hosting environments where your financial, practice management, document management or ERP systems are on the same server with 50 other clients of that provider. I’ve just been browsing through just such a list while I am migrating a new client away from a shared hosting service with a small IT provider. Yes, I can see a lot of information about the other clients in that same hosted service. I shouldn’t be able to see them at all.
If you are either contemplating a shared hosting service, or you are already in one, here are 8 questions you should ask your provider:
1. If you are thinking of signing, ask for client references. Particularly note whether there are performance or downtime issues – shared environments are notorious for poor performance.
2. Ask for a copy of the DR plan – it should include offsite storage for your data and describe how your systems would be recovered after a disaster.
3. Ask if they have certification for for their security status and standing (iso 27001, ISACA certifications).
4. Ask to see their security policy and procedure.
5. Ask to see the last security audit report.
6. What happens at end of contract? How will you move your whole systems (not data alone) so you don’t lose productivity?
7. What are the Service Level Agreement response, action, resolution times?
8. Check on the company financial status, and background of the owners.
Bottom line: don’t jump in feet first without first checking your landing.