Managed hosting offers multiple benefits to small and midsized businesses (SMBs) like yours. These include reduction (or elimination) of capital expenditures and of recruiting and hiring sometimes difficult-to-find IT talent. Other benefits include the lowering of costs, the increased ease of scalability, and access to networking and security expertise.
But, as with any significant business investment, it’s important to do your homework before selecting a managed hosting partner. Price alone should never be the determining factor; the wrong decision can be costly in the long run. When evaluating managed services providers, consider how the provider’s offerings, and the team who will support those offerings fit with your company’s needs, reliability, and responsiveness.
There are five key risks to consider when choosing a managed hosting provider, and asking potential vendors tough questions can help you avoid future problems in any of these areas. Let’s review the risks:
1. Logical/Technical Security
While there are many sources of risk to information security, they generally fall into three categories: people, faculties, and technology.
The biggest threat to information in any scenario are the people who have access to it. As such, whether through criminal attack, malice, carelessness, or just plain ignorance, human beings pose the greatest data security threat.
With this in mind, ask your managed hosting provider the following questions:
- How are your employees vetted and trained?
- When they leave your company, how are they offboarded?
- Who has access to our data?
- How is that access monitored?
- How are users authenticated?
2. Physical Security
Physical security is also critical to securing your data. The managed hosting facility should be protected from unauthorized entry, utilizing locks, badges, alarms, and environmental monitoring. In addition, there should be systems in place to control access inside the facility, including badges and 2FA (at a minimum), surveillance cameras, and secure server racks.
Lastly, as it relates to security, there are technological risks and defenses to consider. For example, it’s important to understand how your data is hosted. Without sophisticated protection, data on a shared hosting server may be vulnerable to theft, corruption, or destruction by several methods.
When able, the best option is to work with a provider that can offer managed hosting solutions built on dedicated IT equipment, particularly servers. But, at the very least servers should be protected using firewalls and antivirus/anti-malware software, and have up-to-date security patches.
Organizations that deal with sensitive information like patient healthcare records, personal or corporate financial data, student records, and credit card data should work only with compliant hosting providers. These vendors maintain compliance with standards and regulations such as HIPAA, PCI DSS, Sarbanes-Oxley, GLBA and others. They also offer higher levels of data security including encrypted storage and backup, two-factor authentication, and vulnerability scanning.
As noted above, a managed hosting provider’s staff are one key component of information security. But staffing is about much more than just preventing data breaches. The vendor’s employees are the people you’ll rely upon to keep key systems up and running, provide customer support, and offer expert guidance when needed. Inexperienced, under-trained, disconnected, and/or inaccessible staff are another risk factor in managed hosting.
To navigate this risk, ask potential hosting partners the following questions:
- What certifications does your staff hold?
- Is your facility staffed 24/7/365?
- Whom will I be communicating with on an ongoing basis? (If the provider is local, ask to meet the team as well.)
- Is your first-line phone support team on-site at your data center—or in a call center half a world away?
- What’s the average tenure of your staff? (This gets to the question of turnover)
- What ongoing training opportunities do you provide for your staff?
- What are the backgrounds of the founders, owners, and management team?
Getting these questions answered can help assure your managed hosting provider’s people become an asset to your organization—not a liability.
4. Bandwidth Capabilities
Another risk factor is related to bandwidth, or the “size of the pipe” between your facilities and those of the hosting provider.
The geographic location of the managed hosting data center poses two types of risk. First, the data center should ideally be located in a geologically stable region, with relatively low risk of extreme weather (such as tornadoes and hurricanes), which can disrupt power and/or connectivity.
In addition, the distance from your location to the hosting data center matters. Generally speaking, the further away the data center is located, the higher the latency (delay) in packet delivery. Typically, the differences in latency between well-designed data centers with high-quality fiber connectivity will be measured in milliseconds, not a significant enough delay to be cause for concern. However, latency can be an issue in situations where a high volume of large files are regularly transferred.
Another bandwidth-related consideration is whether the bandwidth you are promised is shared or committed. Shared bandwidth speeds will vary based on how “busy” the connection is. Committed bandwidth is a guaranteed minimum connection speed. It’s vital to work with a hosting provider who will consult with you to determine how much bandwidth you require, so you are neither stuck with unacceptably low connection speeds nor paying for more bandwidth than you need.
A final risk relating to bandwidth is reliability. To assure connectivity that’s not only fast but reliable, look for a managed hosting vendor that offers redundancy in terms of fiber-based delivery from multiple carriers as well as multi-homing with Border Gateway Protocol (BGP), which optimizes the routing path and provides load balancing.
5. Service Level Mismatch
The final risk to keep top of mind when searching for reliable managed services providers is that the adage caveat emptor, or buyer beware, has never been more appropriate. Vet your prospective vendors, ask for credentials and customer references, and keep in mind that price is but one factor in selecting a hosting services provider. Do all you can to make sure that low price doesn’t come along with low standards.
Here are considerations to help you avoid vendors who are unwilling or unable to provide trustworthy, high-quality hosting services:
- Own vs. rent. A provider that owns its facilities (as opposed to “storefront” rentals) has a greater incentive to invest in advanced systems for power and connectivity redundancy, as well as the total flexibility to do so. This kind of provider is also more likely to be committed to the hosting business for the long haul.
- Quality of facilities. If possible, visit your potential managed hosting provider’s facility. It should be clean, cool, physically secure, and inspire confidence in their technology.
- Track record and tenure. As the hosting industry grows, new providers are starting up continually, and there’s nothing necessarily wrong with being new to the business. But as with having quality facilities, a hosting vendor with a proven track record of success over time, and loyal, satisfied customers, should inspire greater confidence.
- Quality of support. Does the vendor offer a breadth of services that enable them to be a true technology partner—or do they offer “just the basics”? How quick/easy is it to reach support? How skilled and knowledgeable is the support team? As noted above, it’s a great idea to meet the team, face-to-face if possible and really understand the support that you and your team can count on from this provider.
- Compliance and certifications. If your organization deals with any healthcare, financial, or other forms of sensitive data, be sure your managed hosting partner is compliant with regulations like HIPAA, PCI, and SOX. In addition, certification with SSAE 16, an auditing standard for service organizations, is common amongst data center operators. It defines the standards an auditor must employ in order to assess the contracted internal controls of a service organization that can affect the operation of the contracting enterprise. Having a certification such as this attests to your hosting providers’ ability to keep your systems, and the data they support, secure and auditable for compliance at the highest of standards.
Managed hosting provides compelling benefits for small to midsize businesses, but the selection process entails risks as well. By understanding and addressing the five risks for hosting clients detailed above, your organization can avoid these threats and choose a vendor that effectively and reliably meets your IT infrastructure needs.
Additional Resources on This Topic: