Whitepaper: Security questions for your web hosting provider

Filed Under: Featured, SophosLabs, Vulnerability

Whitepaper: Security questions for your web hosting providerOne of the most striking statistics to emerge from research in SophosLabs is that 80% of dangerous websites are actually legitimate sites that have been compromised by criminal hackers.

Defending a website against these attacks is a necessary part of any security strategy.

A key choice when creating an online presence for your organization is choosing a hosting provider. There are many factors to consider including cost, bandwidth, resilience and additional services.

However, you can’t afford to ignore security. If you host your site with an external web hosting provider then it is critical to understand their security stance.

Do they have defenses in place? How would they respond to an attack, or worse a breach?

“Security should be designed in, not an afterthought.” This is a sentiment echoed by many security experts.

To help you build security into your web hosting decisions SophosLabs have put together a list of 10 questions to consider and the reasons why they are important.

The questions cover security aspects of:

  • Choosing a provider

  • Configuration and installation

  • Ongoing maintenance and updating

I encourage anyone who uses web hosting services to read the paper and use it to help make the web safer for everyone.

Read now: Choosing a hosting provider (no registration required).

Server farm image courtesy of Shutterstock.

, , , , ,

You might like

2 Responses to Whitepaper: Security questions for your web hosting provider

  1. artfrankmiami · 631 days ago

    Back in the 90s, for my first personal site, I signed up with a large Texas Based company because they were recommended to me as the cheapest at that time (1 site, $250 a year) and one day, I went back too far in my FTP directory and found myself in the root(?) with full access to the contents of the server. I reported it and........still could access anyone else's folder weeks later. I finally moved to the hosting company I'm at now. Now I know what I need to ask them about security.

    A few years ago, my old job's company site was somehow compromised at the server level and malware was sent to every visitor. The hosting provider took forever to deal with it.

  2. Kim Kaiser · 630 days ago

    Yes, a client of mine recently had a hacking incident at the server level, but that didn't prevent them from a lot of hand waving that makes the client think they did something wrong. Would it be a lot easier if, when client did what they are expected, their hosting provider didn't let them down. It leads to a lack of discipline because the client does not think that what they are doing is really worth the effort. Keeping track of logins and monitoring your own website takes time and some expense. I am tired of monitoring sites just so I can have the ammunition to take up issues with the hosting company.

    We need more "ombudsmen" who can talk the talk with Hosting Companies on behalf of clients who do not have the vocabulary to address these issues. Trying to get the other guy (hosting company) to admit the problem lies on their end is nearly impossible if you cannot talk the talk.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Richard manages SophosLabs' operations in the United States. His principal security interests are endpoint security and user education. When he's not worrying about digital perils he enjoys singing, much to the distress of his cat, whose name does not feature in any of his passwords.